CentOS + Dante Socks5 服务器和tsocks的配置
下载dante
http://www.inet.no/dante/
下载源码, 解压之
./configure
make
make install
make
make install
默认的安装到 /usr/local/
可执行文件在 /usr/local/sbin/sockd
或者从源里直接安装
yum install dante-server
添加一个新的用户sockd。为保证安全,将登录 shell 设置为 /bin/false
具体适用的配置文件如下:
sockd.conf :
## general configuration (taken from FAQ; <URL:http://www.inet.no/dante/FAQ>)
#连接到服务器上用的网卡,端口
internal: eth0 port = 1080
#从服务器连向外部的网卡
external: eth0
#验证方式,这里适用系统账户
method: username
user.privileged: root
user.notprivileged: sockd
#日志存放地点
logoutput: /var/log/sockd/sockd.log
## client access rules
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0 #internal network
log: connect disconnect
}
## server operation access rules
#allow bind to ports greater than 1023
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0 port gt 1023
command: bind
log: connect disconnect
}
#allow outgoing connections (tcp and udp)
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: connect udpassociate
log: connect disconnect
}
#allow replies to bind, and incoming udp packets
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bindreply udpreply
log: connect error
}
#log the rest
block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
#连接到服务器上用的网卡,端口
internal: eth0 port = 1080
#从服务器连向外部的网卡
external: eth0
#验证方式,这里适用系统账户
method: username
user.privileged: root
user.notprivileged: sockd
#日志存放地点
logoutput: /var/log/sockd/sockd.log
## client access rules
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0 #internal network
log: connect disconnect
}
## server operation access rules
#allow bind to ports greater than 1023
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0 port gt 1023
command: bind
log: connect disconnect
}
#allow outgoing connections (tcp and udp)
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: connect udpassociate
log: connect disconnect
}
#allow replies to bind, and incoming udp packets
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bindreply udpreply
log: connect error
}
#log the rest
block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
dante不会主动的释放已经占用的资源,用的太频繁就会导致系统资源被占光,只能重启。为此,有一个笨拙(但有效)的解决方案。
在计划任务的 /etc/cron.daily 里添加一个文件,名字随便。比如,sockdkill,内容如下:
#!/bin/sh
#restart sockd everyday
sleep 60
DAY=`date +%Y%m%d`
cp /var/log/sockd/sockd.log /var/log/sockd/sockd.log.${DAY}
cd /var/log/sockd
gzip sockd.log.${DAY}
killall sockd 1>/dev/null 2>/dev/null
killall sockd 1>/dev/null 2>/dev/null
echo > /var/log/sockd/sockd.log
/etc/init.d/sockd start
#restart sockd everyday
sleep 60
DAY=`date +%Y%m%d`
cp /var/log/sockd/sockd.log /var/log/sockd/sockd.log.${DAY}
cd /var/log/sockd
gzip sockd.log.${DAY}
killall sockd 1>/dev/null 2>/dev/null
killall sockd 1>/dev/null 2>/dev/null
echo > /var/log/sockd/sockd.log
/etc/init.d/sockd start
然后每天会重启一次dante,更新系统日志。
使用tsocks让应用程序不需要在内部进行设置就可以使用socks5代理服务器。对于没有提供代理服务器设置选项的网络程序,或者没有提供使用用户名、密码验证方式的程序(比如firefox),很有用。
tsocks.conf:
local = 166.111.56.0/255.255.255.0
local = 127.0.0.1/255.0.0.0
# Default server
# For connections that aren't to the local subnets or to 150.0.0.0/255.255.0.0
# the server at 192.168.0.1 should be used (again, hostnames could be used
# too, see note above)
server = 166.111.56.79
# Server type defaults to 4 so we need to specify it as 5 for this one
server_type = 5
# The port defaults to 1080 but I've stated it here for clarity
server_port = 1080
default_user = name
default_pass = password
local = 127.0.0.1/255.0.0.0
# Default server
# For connections that aren't to the local subnets or to 150.0.0.0/255.255.0.0
# the server at 192.168.0.1 should be used (again, hostnames could be used
# too, see note above)
server = 166.111.56.79
# Server type defaults to 4 so we need to specify it as 5 for this one
server_type = 5
# The port defaults to 1080 but I've stated it here for clarity
server_port = 1080
default_user = name
default_pass = password
设置结束后用validateconf 测试配置是否正常。
测试运行
tsocks firefox
直接就可以上国外网了。
Incoming search terms:
- centos socks5
- centos dante
- dante
- dante socks
- centos tsocks
- dante-server
- Dante socks5
- dante 配置
- Dante centos
- dante配置
- dante socks5 username password
- tsocks centos 6
- dante password
- dante socks5用户名密码认证
- dante-server 设置用户
- dante服务器配置
- dante sock install guide
- Dante sock
- centos6.5 dante-server
- tsocks guide
- tsocks配置
- dante socks 1.4.2 configuration
- centos dante server
- dante 用户名 密码
- tsocks
- arrangejs2
- dante-server 配置
yum源里没有dante-server 怎么办 . 求源