Inspired by my wife's difficulty connecting to the internet due to new security policies at her organization, I decided to try a proxy to allow her to use Windows Live Messenger.
The Linux SOCKS proxy server implementation these days is made under the name DANTE
The Linux SOCKS proxy server implementation these days is made under the name DANTE
- edit the config file (/etc/socks/sockd.conf).
- It is in this file logging is enabled via the syslog mechanism and internal and external addresses are bound. Whereas the internal bindings include a port specification, the external one does not.
- The comments are well formed I'd also spend a little time looking them over.
The details:
logoutput: syslog internal: eth1 port = 1080 internal: 127.0.0.1 port = 1080 external: 1.2.3.4 # or external: eth0
To achieve full access (no username/password).
method: username none # Not using authentication, so unnecessary #user.privileged: proxy user.notprivileged: nobody
- The from: is were the details of the IPs are added. In my cause it is the IP space the clients live in.
- The to: option is one of the IPs the proxy server is bound to that the given IP range can speak to. It is set to the addresses Dante/sockd is listening on.
The last of the three drops any requests that don't match either of the first two directives.
client pass { from: 192.168.0.0/16 port 1-65535 to: 0.0.0.0/0 } client pass { from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0 } client block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error }
- Requests from anywhere to the loopback addresses are dropped.
- From the loopback addresses and 192.168.0.0/16 are allowed to communicated over tcp or udp protocols.
- Finally, drop everything else.
block { from: 0.0.0.0/0 to: 127.0.0.0/8 log: connect error } pass { from: 192.168.0.0/16 to: 0.0.0.0/0 protocol: tcp udp } pass { from: 127.0.0.0/8 to: 0.0.0.0/0 protocol: tcp udp } block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error }
- Start Dante/sockd.
sockd -V sockd -d
Comments
Post a Comment