好久没写博客了,因为最近比较忙,不知道大家有没有想我呢?
最近总是外出,偶尔需要访问校内网站,但是总是受限,因此写一篇博客来分享一下解决方案。
切入正题:学校的一些服务有访问限制,必须通过校园网才能访问。我一直很想吐槽,为什么要强迫学生充值校园网,但这不是今天的话题。我想说的是,偶尔出门在外,想要访问校内的网站,会因为这个访问限制的存在十分不便,因此我们迫切需要一个手段,让我们在校外也能访问到校内的平台。这么刚好,接入校园网的主机会被分配公网 IPv6 的地址,可以直接从外网访问,这对我们来说是非常大的便利。
事实上也不需要作什么修改,使用 -D 参数启动 ssh 就行了。SSH 的手册页对该参数的描述是这样的:
-D [bind_address:]port Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of “localhost” indicates that the listening port be bound for local use only, while an empty address or ‘*’ indicates that the port should be available from all interfaces.
大意就是这个参数可以在 SSH 隧道里打开一个 SOCKS 协议的通道,让远程主机能够帮助我们转发流量,再直白一点说就是让远程主机代理我们的流量。但是 SSH 隧道有几个优点,一是它是加密的,更安全,二是没有额外配置的需求,在开启了 SSH 服务的 UNIX-like 主机上都能使用,非常方便。而且,支持 SSH 协议的客户端也有很多,毕竟 SSH 是广泛使用的协议。有同样需求的小伙伴可以试试~