From ad8676cac3c0001efcb582b1a0701d3d68c5f0c8 Mon Sep 17 00:00:00 2001 From: aken1023 Date: Fri, 1 Aug 2025 14:05:29 +0800 Subject: [PATCH] Add IP allowlist and diagnostic PowerShell scripts Added allowed_ips_updated.txt containing updated allowed IPs and configuration examples. Introduced check_ip.ps1 and check_ip_fixed.ps1 for checking current IPs against the allowlist and performing connectivity tests, with the fixed version improving external IP detection. Added diagnose_127.ps1 to help diagnose and resolve issues related to services binding to 127.0.0.1. --- allowed_ips_updated.txt | 154 ++++++++++++++++++++++++++++++++++++++++ check_ip.ps1 | 78 ++++++++++++++++++++ check_ip_fixed.ps1 | 80 +++++++++++++++++++++ diagnose_127.ps1 | 110 ++++++++++++++++++++++++++++ 4 files changed, 422 insertions(+) create mode 100644 allowed_ips_updated.txt create mode 100644 check_ip.ps1 create mode 100644 check_ip_fixed.ps1 create mode 100644 diagnose_127.ps1 diff --git a/allowed_ips_updated.txt b/allowed_ips_updated.txt new file mode 100644 index 0000000..abdea06 --- /dev/null +++ b/allowed_ips_updated.txt @@ -0,0 +1,154 @@ +# 可允許的IP地址清單 - 更新版 +# 最後更新:2024年 + +## 按地點分類 + +### 岡山 +- Hinet: 114.33.18.13 + +### 汐止 +- 125.229.65.83 +- 60.248.164.91 + +### 新竹 +- 220.132.236.89 +- 211.72.69.222 + +### 璟茂 +- 219.87.170.253 +- 125.228.50.228 + +### 當前用戶 +- 114.40.30.219 (當前IP) + +## 完整IP清單(一行一個) +114.33.18.13 +125.229.65.83 +60.248.164.91 +220.132.236.89 +211.72.69.222 +219.87.170.253 +125.228.50.228 +114.40.30.219 + +## 問題解決方案 + +### 如果顯示 127.0.0.1 的問題: + +1. **檢查應用程式綁定設定** + - 確保應用程式綁定到 `0.0.0.0` 而不是 `127.0.0.1` + - 檢查配置文件中的 bind 設定 + +2. **常見的解決方法** + ```bash + # 如果使用 Node.js + app.listen(3000, '0.0.0.0', () => { + console.log('Server running on 0.0.0.0:3000'); + }); + + # 如果使用 Python Flask + app.run(host='0.0.0.0', port=5000) + + # 如果使用 Apache + Listen 0.0.0.0:80 + + # 如果使用 Nginx + listen 80; + server_name _; + ``` + +3. **檢查防火牆設定** + - 確保防火牆允許外部連接 + - 檢查端口是否開放 + +4. **網路配置檢查** + - 確認網路介面卡設定正確 + - 檢查路由表設定 + +## 防火牆規則格式(更新版) + +### Windows 防火牆 (PowerShell) +```powershell +# 允許所有IP(包含當前IP) +$allowedIPs = @( + "114.33.18.13", + "125.229.65.83", + "60.248.164.91", + "220.132.236.89", + "211.72.69.222", + "219.87.170.253", + "125.228.50.228", + "114.40.30.219" # 當前IP +) + +foreach ($ip in $allowedIPs) { + New-NetFirewallRule -DisplayName "允許IP: $ip" -Direction Inbound -RemoteAddress $ip -Action Allow +} +``` + +### Linux iptables +```bash +# 允許所有IP(包含當前IP) +iptables -A INPUT -s 114.33.18.13 -j ACCEPT +iptables -A INPUT -s 125.229.65.83 -j ACCEPT +iptables -A INPUT -s 60.248.164.91 -j ACCEPT +iptables -A INPUT -s 220.132.236.89 -j ACCEPT +iptables -A INPUT -s 211.72.69.222 -j ACCEPT +iptables -A INPUT -s 219.87.170.253 -j ACCEPT +iptables -A INPUT -s 125.228.50.228 -j ACCEPT +iptables -A INPUT -s 114.40.30.219 -j ACCEPT # 當前IP +``` + +## 程式碼格式(更新版) + +### Python 列表 +```python +ALLOWED_IPS = [ + "114.33.18.13", # 岡山 Hinet + "125.229.65.83", # 汐止 + "60.248.164.91", # 汐止 + "220.132.236.89", # 新竹 + "211.72.69.222", # 新竹 + "219.87.170.253", # 璟茂 + "125.228.50.228", # 璟茂 + "114.40.30.219" # 當前IP +] +``` + +### JavaScript 陣列 +```javascript +const allowedIPs = [ + "114.33.18.13", // 岡山 Hinet + "125.229.65.83", // 汐止 + "60.248.164.91", // 汐止 + "220.132.236.89", // 新竹 + "211.72.69.222", // 新竹 + "219.87.170.253", // 璟茂 + "125.228.50.228", // 璟茂 + "114.40.30.219" // 當前IP +]; +``` + +## 驗證腳本 + +### 檢查當前IP是否在允許清單中 +```powershell +# PowerShell 驗證腳本 +$currentIP = (Invoke-WebRequest -Uri "https://ifconfig.me/ip" -UseBasicParsing).Content.Trim() +$allowedIPs = @("114.33.18.13", "125.229.65.83", "60.248.164.91", "220.132.236.89", "211.72.69.222", "219.87.170.253", "125.228.50.228", "114.40.30.219") + +if ($allowedIPs -contains $currentIP) { + Write-Host "✅ 當前IP ($currentIP) 在允許清單中" -ForegroundColor Green +} else { + Write-Host "❌ 當前IP ($currentIP) 不在允許清單中" -ForegroundColor Red +} +``` + +## 安全建議 + +1. **定期更新**:建議定期檢查和更新IP地址清單 +2. **記錄存取**:記錄所有IP的存取日誌 +3. **備用方案**:考慮設定備用的存取方式 +4. **監控異常**:監控未授權IP的存取嘗試 +5. **網路分段**:考慮使用VPN或專用網路 +6. **IP變更通知**:設定IP變更時的即時通知機制 \ No newline at end of file diff --git a/check_ip.ps1 b/check_ip.ps1 new file mode 100644 index 0000000..f5d5dbc --- /dev/null +++ b/check_ip.ps1 @@ -0,0 +1,78 @@ +# IP地址檢查和設定腳本 +# 檢查當前IP地址並與允許清單比較 + +Write-Host "=== IP地址檢查工具 ===" -ForegroundColor Green +Write-Host "" + +# 獲取本地IP地址 +Write-Host "本地網路IP地址:" -ForegroundColor Yellow +$localIPs = Get-NetIPAddress | Where-Object {$_.AddressFamily -eq "IPv4" -and $_.IPAddress -notlike "127.*" -and $_.IPAddress -notlike "169.*"} | Select-Object IPAddress, InterfaceAlias +foreach ($ip in $localIPs) { + Write-Host " $($ip.IPAddress) - $($ip.InterfaceAlias)" -ForegroundColor Cyan +} + +Write-Host "" + +# 獲取外部IP地址 +Write-Host "外部IP地址:" -ForegroundColor Yellow +try { + $externalIP = (Invoke-WebRequest -Uri "https://ifconfig.me" -UseBasicParsing).Content + Write-Host " $externalIP" -ForegroundColor Cyan +} catch { + Write-Host " 無法獲取外部IP地址" -ForegroundColor Red +} + +Write-Host "" + +# 允許的IP清單 +$allowedIPs = @( + "114.33.18.13", # 岡山 Hinet + "125.229.65.83", # 汐止 + "60.248.164.91", # 汐止 + "220.132.236.89", # 新竹 + "211.72.69.222", # 新竹 + "219.87.170.253", # 璟茂 + "114.40.30.219", # zhaoi + "125.228.50.228" # 璟茂 +) + +Write-Host "允許的IP清單:" -ForegroundColor Yellow +foreach ($ip in $allowedIPs) { + Write-Host " $ip" -ForegroundColor White +} + +Write-Host "" + +# 檢查當前IP是否在允許清單中 +$currentIP = $externalIP +if ($allowedIPs -contains $currentIP) { + Write-Host "✅ 當前IP ($currentIP) 在允許清單中" -ForegroundColor Green +} else { + Write-Host "❌ 當前IP ($currentIP) 不在允許清單中" -ForegroundColor Red + Write-Host "請聯繫管理員將 $currentIP 加入允許清單" -ForegroundColor Yellow +} + +Write-Host "" + +# 檢查網路連接 +Write-Host "網路連接測試:" -ForegroundColor Yellow +$testIPs = @("8.8.8.8", "1.1.1.1", "114.33.18.13") +foreach ($testIP in $testIPs) { + try { + $ping = Test-Connection -ComputerName $testIP -Count 1 -Quiet + if ($ping) { + Write-Host " ✅ $testIP - 連接正常" -ForegroundColor Green + } else { + Write-Host " ❌ $testIP - 連接失敗" -ForegroundColor Red + } + } catch { + Write-Host " ❌ $testIP - 連接失敗" -ForegroundColor Red + } +} + +Write-Host "" +Write-Host "=== 故障排除建議 ===" -ForegroundColor Green +Write-Host "1. 如果顯示127.0.0.1,請檢查應用程式綁定設定" -ForegroundColor White +Write-Host "2. 確保網路連接正常" -ForegroundColor White +Write-Host "3. 檢查防火牆設定" -ForegroundColor White +Write-Host "4. 確認VPN連接狀態" -ForegroundColor White \ No newline at end of file diff --git a/check_ip_fixed.ps1 b/check_ip_fixed.ps1 new file mode 100644 index 0000000..6879589 --- /dev/null +++ b/check_ip_fixed.ps1 @@ -0,0 +1,80 @@ +# IP地址檢查和設定腳本 - 修正版 +# 檢查當前IP地址並與允許清單比較 + +Write-Host "=== IP地址檢查工具 ===" -ForegroundColor Green +Write-Host "" + +# 獲取本地IP地址 +Write-Host "本地網路IP地址:" -ForegroundColor Yellow +$localIPs = Get-NetIPAddress | Where-Object {$_.AddressFamily -eq "IPv4" -and $_.IPAddress -notlike "127.*" -and $_.IPAddress -notlike "169.*"} | Select-Object IPAddress, InterfaceAlias +foreach ($ip in $localIPs) { + Write-Host " $($ip.IPAddress) - $($ip.InterfaceAlias)" -ForegroundColor Cyan +} + +Write-Host "" + +# 獲取外部IP地址 - 修正版 +Write-Host "外部IP地址:" -ForegroundColor Yellow +try { + $externalIP = (Invoke-WebRequest -Uri "https://ifconfig.me/ip" -UseBasicParsing).Content.Trim() + Write-Host " $externalIP" -ForegroundColor Cyan +} catch { + Write-Host " 無法獲取外部IP地址" -ForegroundColor Red + $externalIP = "未知" +} + +Write-Host "" + +# 允許的IP清單 +$allowedIPs = @( + "114.33.18.13", # 岡山 Hinet + "125.229.65.83", # 汐止 + "60.248.164.91", # 汐止 + "220.132.236.89", # 新竹 + "211.72.69.222", # 新竹 + "219.87.170.253", # 璟茂 + "125.228.50.228" # 璟茂 +) + +Write-Host "允許的IP清單:" -ForegroundColor Yellow +foreach ($ip in $allowedIPs) { + Write-Host " $ip" -ForegroundColor White +} + +Write-Host "" + +# 檢查當前IP是否在允許清單中 +if ($externalIP -ne "未知" -and $allowedIPs -contains $externalIP) { + Write-Host "✅ 當前IP ($externalIP) 在允許清單中" -ForegroundColor Green +} elseif ($externalIP -ne "未知") { + Write-Host "❌ 當前IP ($externalIP) 不在允許清單中" -ForegroundColor Red + Write-Host "請聯繫管理員將 $externalIP 加入允許清單" -ForegroundColor Yellow +} else { + Write-Host "⚠️ 無法確定當前IP地址" -ForegroundColor Yellow +} + +Write-Host "" + +# 檢查網路連接 +Write-Host "網路連接測試:" -ForegroundColor Yellow +$testIPs = @("8.8.8.8", "1.1.1.1", "114.33.18.13") +foreach ($testIP in $testIPs) { + try { + $ping = Test-Connection -ComputerName $testIP -Count 1 -Quiet + if ($ping) { + Write-Host " ✅ $testIP - 連接正常" -ForegroundColor Green + } else { + Write-Host " ❌ $testIP - 連接失敗" -ForegroundColor Red + } + } catch { + Write-Host " ❌ $testIP - 連接失敗" -ForegroundColor Red + } +} + +Write-Host "" +Write-Host "=== 故障排除建議 ===" -ForegroundColor Green +Write-Host "1. 如果顯示127.0.0.1,請檢查應用程式綁定設定" -ForegroundColor White +Write-Host "2. 確保網路連接正常" -ForegroundColor White +Write-Host "3. 檢查防火牆設定" -ForegroundColor White +Write-Host "4. 確認VPN連接狀態" -ForegroundColor White +Write-Host "5. 檢查DNS設定" -ForegroundColor White \ No newline at end of file diff --git a/diagnose_127.ps1 b/diagnose_127.ps1 new file mode 100644 index 0000000..88891e1 --- /dev/null +++ b/diagnose_127.ps1 @@ -0,0 +1,110 @@ +# 診斷 127.0.0.1 問題的腳本 +# 檢查應用程式綁定和網路配置 + +Write-Host "=== 127.0.0.1 問題診斷工具 ===" -ForegroundColor Green +Write-Host "" + +# 1. 檢查當前運行的服務 +Write-Host "1. 檢查當前運行的服務:" -ForegroundColor Yellow +$services = Get-Service | Where-Object {$_.Status -eq "Running"} | Select-Object Name, DisplayName +Write-Host " 運行中的服務數量: $($services.Count)" -ForegroundColor Cyan + +# 2. 檢查監聽的端口 +Write-Host "" +Write-Host "2. 檢查監聽的端口:" -ForegroundColor Yellow +$listening = netstat -an | Select-String "LISTENING" +if ($listening) { + Write-Host " 發現監聽端口:" -ForegroundColor Cyan + $listening | ForEach-Object { + Write-Host " $_" -ForegroundColor White + } +} else { + Write-Host " 沒有發現監聽端口" -ForegroundColor Red +} + +# 3. 檢查常見的Web服務 +Write-Host "" +Write-Host "3. 檢查常見的Web服務:" -ForegroundColor Yellow + +# 檢查 IIS +$iis = Get-Service -Name "W3SVC" -ErrorAction SilentlyContinue +if ($iis) { + Write-Host " IIS 狀態: $($iis.Status)" -ForegroundColor Cyan +} else { + Write-Host " IIS: 未安裝或未運行" -ForegroundColor Gray +} + +# 檢查 Apache +$apache = Get-Process -Name "httpd" -ErrorAction SilentlyContinue +if ($apache) { + Write-Host " Apache: 正在運行" -ForegroundColor Cyan +} else { + Write-Host " Apache: 未運行" -ForegroundColor Gray +} + +# 檢查 Node.js +$node = Get-Process -Name "node" -ErrorAction SilentlyContinue +if ($node) { + Write-Host " Node.js: 正在運行 (PID: $($node.Id))" -ForegroundColor Cyan +} else { + Write-Host " Node.js: 未運行" -ForegroundColor Gray +} + +# 檢查 Python +$python = Get-Process -Name "python*" -ErrorAction SilentlyContinue +if ($python) { + Write-Host " Python: 正在運行 (PID: $($python.Id))" -ForegroundColor Cyan +} else { + Write-Host " Python: 未運行" -ForegroundColor Gray +} + +# 4. 檢查網路配置 +Write-Host "" +Write-Host "4. 網路配置檢查:" -ForegroundColor Yellow +$interfaces = Get-NetIPAddress | Where-Object {$_.AddressFamily -eq "IPv4" -and $_.IPAddress -notlike "127.*"} | Select-Object IPAddress, InterfaceAlias +Write-Host " 可用網路介面:" -ForegroundColor Cyan +foreach ($if in $interfaces) { + Write-Host " $($if.IPAddress) - $($if.InterfaceAlias)" -ForegroundColor White +} + +# 5. 檢查防火牆設定 +Write-Host "" +Write-Host "5. 防火牆檢查:" -ForegroundColor Yellow +$firewall = Get-NetFirewallProfile | Select-Object Name, Enabled +foreach ($profile in $firewall) { + $status = if ($profile.Enabled) { "啟用" } else { "停用" } + Write-Host " $($profile.Name): $status" -ForegroundColor Cyan +} + +# 6. 常見解決方案 +Write-Host "" +Write-Host "=== 常見解決方案 ===" -ForegroundColor Green + +Write-Host "" +Write-Host "如果您的應用程式顯示 127.0.0.1,請嘗試以下解決方案:" -ForegroundColor Yellow + +Write-Host "" +Write-Host "1. 檢查應用程式配置文件:" -ForegroundColor Cyan +Write-Host " - 確保綁定到 0.0.0.0 而不是 127.0.0.1" -ForegroundColor White +Write-Host " - 檢查 host 設定" -ForegroundColor White + +Write-Host "" +Write-Host "2. 常見的配置修改:" -ForegroundColor Cyan +Write-Host " Node.js: app.listen(3000, '0.0.0.0')" -ForegroundColor White +Write-Host " Python Flask: app.run(host='0.0.0.0')" -ForegroundColor White +Write-Host " Apache: Listen 0.0.0.0:80" -ForegroundColor White +Write-Host " Nginx: listen 80;" -ForegroundColor White + +Write-Host "" +Write-Host "3. 檢查應用程式是否正在運行:" -ForegroundColor Cyan +Write-Host " - 確認應用程式進程存在" -ForegroundColor White +Write-Host " - 檢查錯誤日誌" -ForegroundColor White +Write-Host " - 確認端口沒有被其他程式佔用" -ForegroundColor White + +Write-Host "" +Write-Host "4. 網路測試:" -ForegroundColor Cyan +Write-Host " - 測試本地連接: telnet 127.0.0.1 [port]" -ForegroundColor White +Write-Host " - 測試外部連接: telnet [your-ip] [port]" -ForegroundColor White + +Write-Host "" +Write-Host "請告訴我您使用的是哪種應用程式,我可以提供更具體的解決方案。" -ForegroundColor Green \ No newline at end of file