Andy's Blog » centos socks5, centos dante, dante, dante socks, centos tsocks, dante-server, Dante socks5, dante 配置, Dante centos, dante配置, dante socks5 username password, tsocks centos 6, dante password, dante socks5用户名密码认证, dante-server 设置用户, dante服务器配置, dante sock install guide, Dante sock, centos6.5 dante-server, tsocks guide, tsocks配置, dante socks 1.4.2 configuration, centos dante server, dante 用户名 密码, tsocks, arrangejs2, dante-server 配置 » CentOS + Dante Socks5 服务器和tsocks的配置

CentOS + Dante Socks5 服务器和tsocks的配置

下载dante
http://www.inet.no/dante/

下载源码, 解压之

./configure
make
make install

默认的安装到 /usr/local/
可执行文件在 /usr/local/sbin/sockd
或者从源里直接安装

yum install dante-server

添加一个新的用户sockd。为保证安全,将登录 shell 设置为 /bin/false
具体适用的配置文件如下:

sockd.conf :

## general configuration (taken from FAQ; <URL:http://www.inet.no/dante/FAQ>)
#连接到服务器上用的网卡,端口
internal: eth0 port = 1080
#从服务器连向外部的网卡
external: eth0
#验证方式,这里适用系统账户
method: username
user.privileged: root
user.notprivileged: sockd
#日志存放地点
logoutput: /var/log/sockd/sockd.log

## client access rules

client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0 #internal network
        log: connect disconnect
}

## server operation access rules

#allow bind to ports greater than 1023
pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0 port gt 1023
        command: bind
        log: connect disconnect
}

#allow outgoing connections (tcp and udp)
pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: connect udpassociate
        log: connect disconnect
}

#allow replies to bind, and incoming udp packets
pass {
       from: 0.0.0.0/0 to: 0.0.0.0/0
       command: bindreply udpreply
       log: connect error
}

#log the rest
block {
       from: 0.0.0.0/0 to: 0.0.0.0/0
       log: connect error

dante不会主动的释放已经占用的资源,用的太频繁就会导致系统资源被占光,只能重启。为此,有一个笨拙(但有效)的解决方案。
在计划任务的 /etc/cron.daily 里添加一个文件,名字随便。比如,sockdkill,内容如下:

#!/bin/sh
#restart sockd everyday
sleep 60
DAY=`date +%Y%m%d`
cp /var/log/sockd/sockd.log /var/log/sockd/sockd.log.${DAY}
cd /var/log/sockd
gzip sockd.log.${DAY}
killall sockd 1>/dev/null 2>/dev/null
killall sockd 1>/dev/null 2>/dev/null
echo > /var/log/sockd/sockd.log
/etc/init.d/sockd start

然后每天会重启一次dante,更新系统日志。

使用tsocks让应用程序不需要在内部进行设置就可以使用socks5代理服务器。对于没有提供代理服务器设置选项的网络程序,或者没有提供使用用户名、密码验证方式的程序(比如firefox),很有用。
tsocks.conf:

local = 166.111.56.0/255.255.255.0
local = 127.0.0.1/255.0.0.0
# Default server
# For connections that aren't to the local subnets or to 150.0.0.0/255.255.0.0
# the server at 192.168.0.1 should be used (again, hostnames could be used
# too, see note above)
server = 166.111.56.79
# Server type defaults to 4 so we need to specify it as 5 for this one
server_type = 5
# The port defaults to 1080 but I've stated it here for clarity
server_port = 1080
default_user = name
default_pass = password

设置结束后用validateconf 测试配置是否正常。

测试运行
tsocks firefox
直接就可以上国外网了。

Incoming search terms:

Tags: centos, Dante, Socks5, 代理

本文地址: http://www.21andy.com/new/20100212/1678.html

1 评论 to “PHP开源CMS之MODx”

  1. Power 于 2013-11-01 12:25:50 发表:

    yum源里没有dante-server 怎么办 . 求源