检查ubuntu服务器上的DNS泄漏
检查ubuntu服务器上的DNS泄漏
提问于 2018-11-02 20:50:11
我目前运行Ubuntu服务器18.04.1LTS。我已经建立了分裂隧道VPN,它似乎工作良好,但我想检查DNS泄漏。有什么方法可以用命令行来完成吗?在Ubuntu服务器上不能真正打开浏览器..。
更新了heynnema的信息:
ls -al /etc/openvpn
total 52
drwxrwxrwx 4 root root 4096 Nov 2 21:32 .
drwxr-xr-x 99 root root 4096 Nov 3 12:40 ..
-rwxrwxrwx 1 root root 1403 Nov 2 20:35 ca.crt
drwxrwxrwx 2 root root 4096 Sep 5 14:43 client
-rwxrwxrwx 1 root root 1597 Nov 2 20:39 iptables.sh
-rwxrwxrwx 1 root root 18 Nov 2 20:36 login.txt
-rwxrwxrwx 1 root root 670 Nov 2 21:29 openvpn.conf
-rwxrwxrwx 1 root root 623 Nov 2 20:40 routing.sh
drwxrwxrwx 2 root root 4096 Sep 5 14:43 server
-rwxrwxrwx 1 root root 636 Nov 2 20:35 tls.key
-rwxrwxrwx 1 root root 11773 Nov 12 2017 update-systemd-resolvedgrep -i hosts /etc/nsswitch.conf
hosts: files resolve [!UNAVAIL=return] dns我从网上指南中获得的“防止DNS泄漏”一节,但是如果我启用该命令,则VPN根本不适合我。up/down/down-pre #up and down scripts to be executed when VPN starts or stops up /etc/openvpn/iptables.sh down /etc/openvpn/update-systemd-resolved down-pre # prevent DNS leakage #dhcp-option DOMAIN-ROUTE . 更多信息: #! /bin/bash # Niftiest Software – www.niftiestsoftware.com # Modified version by HTPC Guides – www.htpcguides.com export INTERFACE="tun0" export VPNUSER="vpn" export LOCALIP="192.168.1.10" export NETIF="enp1s0" # flushes all the iptables rules, if you have other rules to use then add them into the script iptables -F -t nat iptables -F -t mangle iptables -F -t filter # mark packets from $VPNUSER iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark iptables -t mangle -A OUTPUT ! --dest $LOCALIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT --dest $LOCALIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT --dest $LOCALIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT ! --src $LOCALIP -j MARK --set-mark 0x1 iptables -t mangle -A OUTPUT -j CONNMARK --save-mark # allow responses iptables -A INPUT -i $INTERFACE -m conntrack --ctstate ESTABLISHED -j ACCEPT # block everything incoming on $INTERFACE to prevent accidental exposing of ports iptables -A INPUT -i $INTERFACE -j REJECT # let $VPNUSER access lo and $INTERFACE iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT # all packets on $INTERFACE needs to be masqueraded iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE # reject connections from predator IP going over $NETIF iptables -A OUTPUT ! --src $LOCALIP -o $NETIF -j REJECT # Start routing script /etc/openvpn/routing.sh exit 0
回答 1
Ask Ubuntu用户
回答已采纳
发布于 2020-11-06 07:51:46
我所做的:
ssh -X VPNuser@server
firefox然后浏览一个网站进行dns泄漏测试。
页面原文内容由Ask Ubuntu提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://askubuntu.com/questions/1089583
复制相关文章
相似问题
腾讯云开发者
