配置iptables
#安装iptables
yum install iptables-services
编辑 vi /etc/sysconfig/iptables,加入以下规则
#sshd使用
-A INPUT -p tcp -m state --state NEW -m tcp --dport 13031 -j ACCEPT
#shandowsocks 使用端口范围
-A INPUT -p udp -m state --state NEW -m udp --dport 33033:33038 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 33033:33038 -j ACCEPT
由于centos7默认的防火墙为firewalld,所以需要关闭和重启iptables,执行如下脚本
systemctl stop firewalld.service
#禁止firewall开机启动
systemctl disable firewalld.service
#启动iptables
systemctl restart iptables.service
#设置开机启动
systemctl enable iptables.service
更改sshd端口(为了安全,提高攻击难度)
Port 13031
PermitEmptyPasswords no
#禁止密码登录
PasswordAuthentication no
#支持无密码登录
PubkeyAuthentication yes
#重启sshd
systemctl restart sshd.service
1: 安装锐速加速器
wget -N --no-check-certificate https://github.com/91yun/serverspeeder/raw/master/serverspeeder.sh && bash serverspeeder.sh
一键安装参考地址:https://www.91yun.co/archives/683
如果系统内核不支持,可以手动安装支持的内核,参考地址:https://www.91yun.co/archives/795
开启TCP Fast Open
详情参考https://chenjx.cn/linux-tfo/
#开启
echo 3 > /proc/sys/net/ipv4/tcp_fastopen
#在/etc/sysctl.conf中添加
net.ipv4.tcp_fastopen = 3
安装shadowsocks
yum install python-setuptools && easy_install pip
pip install shadowsocks
配置
{
"server":"0.0.0.0",
"local_address":"127.0.0.1",
"local_port":1080,
"port_password":{
"33033":"xxxx",
"33034":"yyyy"
},
"timeout":300,
"method":"rc4-md5",
"fast_open": true
}
配置shadowsocks启动服务
vi /etc/systemd/system/shadowsocks.service
[Unit]
Description=Shadowsocks
[Service]
TimeoutStartSec=0
ExecStart=/usr/bin/ssserver -c /etc/shadowsocks.json
[Install]
WantedBy=multi-user.target
启动并设置开机启动
systemctl enable shadowsocks.service
systemctl start shadowsocks.service