ทำ socks 5 ให้กับ debian server

How to install dante socks server on debian (ubuntu is similar):

apt-get install dante-server

This installs dante onto your debian server. By default it will not start (it will try to start – but will fail saying “no internal interfaces are configured etc…”).

To configure Dante socks server:

vi /etc/danted.conf

By default – most required lines will be uncommented. The following lines need to be inserted/ uncommented in danted.conf

#logoutput: stderr
logoutput: syslog
#the above line will send any logs to /var/log/syslog instead to a terminal

internal: eth0 port = 1080
internal: 127.0.0.1 port = 1080

external: eth0

method: username none
#the above puts no username or password. Access will instead be controlled via client ip address/range.
#if there is no username or password - then danted socks server needs to run as nobody, i.e.

#method: pam
# if you choose to use pam instead - a valid username&password as required for sshing to the socks server is required.
#Note: not sure if proxy login details are sent in clear text.

#user.privileged: proxy
user.notprivileged: nobody

client pass {
        from: 136.201.251.21/0 port 1-65535 to: 0.0.0.0/0
        # 136.201.251.21/0 = specific ip address.
} 

client pass {
        from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}

client block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}

#Finally block other traffic
block {
  from: 0.0.0.0/0 to: 127.0.0.0/8
  log: connect error
}

pass {
  from: 136.201.251.21/0 to: 0.0.0.0/0
  protocol: tcp udp
}

pass {
  from: 127.0.0.0/8 to: 0.0.0.0/0
  protocol: tcp udp
}

block {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  log: connect error
}

Once the config is complete. Start/Restart dante socks server:

/etc/init.d/danted start

If there is a problem with the config – it will tell you immediately on trying to start the danted daemon.

Test Dante Socks Server

netstat -n -a
#check to see if server is listening on 1080

Make sure the firewall is open. Add appropriate rule as on Iptables_Firewall. Test also with winscp or putty.

Other SOCKS Servers

Note that putty itself can provide a SOCKS 5 server!! (But putty needs to be able to connect to an external server/computer firstly!)

To configure socks to act as a socks v5 server:

Open Putty, Go to CONNECTION -> SSH -> TUNNELS
In the Source Port - put 1080
In the Destination Port - put 1080
Click on the Dynamic radio button for "Dynamic Port Forwarding"

Connect to an server with external access. Telnet localhost 1080 and it should connect.

Also note – SOCKS v5 can be setup using ssh on the command line.

ssh [email protected] -D 1080
# -D is for Dynamic Port Forwarding.

Copy มาจาก http://wiki.kartbuilding.net/index.php/Dante_Socks_Server#Test_Dante_Socks_Server

ส่วนวิธีการทำให้ authen ได้

Overview

The username authentication method uses the system password file to verify a username and password combination supplied by a user as part of the SOCKS version 5 authentication process. Note that the password is transmitted in cleartext with this authentication method.

Environment setup

The standard system password authentication functions are used to verify the password, and the machine running the SOCKS server needs to have all users and passwords in a password file or similar database. It might, depending on the platform, be possible to run the server in a chroot() environment with a password file independent of the rest of the system.

Server privileges

#server identities (not needed on solaris)
user.privileged    : root
user.notprivileged : socks

For the server to be able to access the system password file, it will typically have to be started with root privileges. In this case, the user.privileged anduser.notprivileged keywords should be set to ensure that the server will run as an unprivileged user when it does not need root privileges.

Example clientmethod usage

This authentication method cannot be used as a clientmethod.

Example method usage

#authentication methods
method: username
#generic pass statement - bind/outgoing traffic
pass {  
        from: 0.0.0.0/0 to: 0.0.0.0/0
        command: bind connect udpassociate
        log: error # connect disconnect iooperation
        method: username
}

The authentication configuration template can be used directly for outgoing traffic, it is only necessary to specify the method name.

The username method cannot be used for incoming traffic (bindreply, udpreply).

Copy มาจาก http://www.inet.no/dante/doc/1.3.x/config/auth_username.html

ใส่ความเห็น