The Linux SOCKS proxy server implementation these days is made under the name DANTE
- edit the config file (/etc/socks/sockd.conf).
- It is in this file logging is enabled via the syslog mechanism and internal and external addresses are bound. Whereas the internal bindings include a port specification, the external one does not.
- The comments are well formed I'd also spend a little time looking them over.
The details:
logoutput: syslog internal: eth1 port = 1080 internal: 127.0.0.1 port = 1080 external: 1.2.3.4 # or external: eth0To achieve full access (no username/password).
method: username none # Not using authentication, so unnecessary #user.privileged: proxy user.notprivileged: nobody
- The from: is were the details of the IPs are added. In my cause it is the IP space the clients live in.
- The to: option is one of the IPs the proxy server is bound to that the given IP range can speak to. It is set to the addresses Dante/sockd is listening on.
The last of the three drops any requests that don't match either of the first two directives.
client pass { from: 192.168.0.0/16 port 1-65535 to: 0.0.0.0/0 } client pass { from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0 } client block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error }
- Requests from anywhere to the loopback addresses are dropped.
- From the loopback addresses and 192.168.0.0/16 are allowed to communicated over tcp or udp protocols.
- Finally, drop everything else.
block { from: 0.0.0.0/0 to: 127.0.0.0/8 log: connect error } pass { from: 192.168.0.0/16 to: 0.0.0.0/0 protocol: tcp udp } pass { from: 127.0.0.0/8 to: 0.0.0.0/0 protocol: tcp udp } block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error } - Start Dante/sockd.
sockd -V sockd -d
No comments:
Post a Comment