Initial commit: combine nas_tool, nas_webdav, sync-utils
This commit is contained in:
@@ -0,0 +1,118 @@
|
||||
# Fix Oracle Cloud Firewall for Proxy
|
||||
|
||||
## The Problem
|
||||
Connection times out because **Oracle Cloud Security List** is blocking the ports, even though UFW allows them.
|
||||
|
||||
## Solution: Add Security List Rules in Oracle Cloud
|
||||
|
||||
### Method 1: Via Web Console (Easiest)
|
||||
|
||||
1. **Log into Oracle Cloud Console**
|
||||
- Go to: https://cloud.oracle.com
|
||||
- Navigate to your instance
|
||||
|
||||
2. **Find Your VCN/Subnet:**
|
||||
- Go to **Networking** → **Virtual Cloud Networks**
|
||||
- Click on your VCN
|
||||
- Click on your **Subnet**
|
||||
|
||||
3. **Edit Security List:**
|
||||
- Click on **Security Lists** tab
|
||||
- Click on the default security list (or the one attached to your subnet)
|
||||
- Click **Edit All Rules**
|
||||
|
||||
4. **Add Ingress Rules:**
|
||||
Click **Add Ingress Rules** for each port:
|
||||
|
||||
**Rule 1: HTTP Proxy (7890)**
|
||||
- **Source Type:** CIDR
|
||||
- **Source CIDR:** `0.0.0.0/0` (or your IP for security)
|
||||
- **IP Protocol:** TCP
|
||||
- **Destination Port Range:** `7890`
|
||||
- **Description:** Clash HTTP Proxy
|
||||
|
||||
**Rule 2: SOCKS5 Proxy (7891)**
|
||||
- **Source Type:** CIDR
|
||||
- **Source CIDR:** `0.0.0.0/0`
|
||||
- **IP Protocol:** TCP
|
||||
- **Destination Port Range:** `7891`
|
||||
- **Description:** Clash SOCKS5 Proxy
|
||||
|
||||
**Rule 3: Mixed Proxy (7892)**
|
||||
- **Source Type:** CIDR
|
||||
- **Source CIDR:** `0.0.0.0/0`
|
||||
- **IP Protocol:** TCP
|
||||
- **Destination Port Range:** `7892`
|
||||
- **Description:** Clash Mixed Proxy
|
||||
|
||||
**Rule 4: Web UI (9090)**
|
||||
- **Source Type:** CIDR
|
||||
- **Source CIDR:** `0.0.0.0/0`
|
||||
- **IP Protocol:** TCP
|
||||
- **Destination Port Range:** `9090`
|
||||
- **Description:** Clash Web UI
|
||||
|
||||
5. **Save** the rules
|
||||
|
||||
6. **Wait 30 seconds** for rules to propagate
|
||||
|
||||
7. **Test again** from your iPhone
|
||||
|
||||
### Method 2: Via OCI CLI
|
||||
|
||||
If you have OCI CLI installed:
|
||||
|
||||
```bash
|
||||
# Get your security list OCID
|
||||
oci network security-list list --compartment-id <your-compartment-id>
|
||||
|
||||
# Add ingress rule
|
||||
oci network security-list update \
|
||||
--security-list-id <your-security-list-id> \
|
||||
--ingress-security-rules file://ingress-rules.json
|
||||
```
|
||||
|
||||
### Security Note
|
||||
|
||||
Using `0.0.0.0/0` allows access from anywhere. For better security:
|
||||
- Use your home IP: `YOUR_IP/32`
|
||||
- Or use a VPN IP range
|
||||
- The proxy has authentication, so it's somewhat protected
|
||||
|
||||
## Verify Rules Are Applied
|
||||
|
||||
After adding rules, test:
|
||||
|
||||
```bash
|
||||
# From your Mac (not iPhone)
|
||||
nc -zv 158.101.140.85 7890
|
||||
# Should show: Connection succeeded
|
||||
```
|
||||
|
||||
## Alternative: Use Tailscale Instead
|
||||
|
||||
If you don't want to open ports publicly:
|
||||
- Keep proxy on Tailscale IP only (100.70.115.1)
|
||||
- Use Tailscale VPN on iPhone
|
||||
- Access proxy via Tailscale network
|
||||
|
||||
But this requires Tailscale VPN, which conflicts with Shadowrocket VPN.
|
||||
|
||||
## Quick Checklist
|
||||
|
||||
- [ ] Logged into Oracle Cloud Console
|
||||
- [ ] Found VCN and Subnet
|
||||
- [ ] Opened Security List
|
||||
- [ ] Added ingress rules for ports 7890, 7891, 7892, 9090
|
||||
- [ ] Saved rules
|
||||
- [ ] Waited 30 seconds
|
||||
- [ ] Tested from iPhone
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user