How to install dante socks server on debian (ubuntu is similar):
apt-get install dante-server
This installs dante onto your debian server. By default it will not start (it will try to start – but will fail saying “no internal interfaces are configured etc…”).
To configure Dante socks server:
vi /etc/danted.conf
By default – most required lines will be uncommented. The following lines need to be inserted/ uncommented in danted.conf
#logoutput: stderr logoutput: syslog #the above line will send any logs to /var/log/syslog instead to a terminal internal: eth0 port = 1080 internal: 127.0.0.1 port = 1080 external: eth0 method: username none #the above puts no username or password. Access will instead be controlled via client ip address/range. #if there is no username or password - then danted socks server needs to run as nobody, i.e. #method: pam # if you choose to use pam instead - a valid username&password as required for sshing to the socks server is required. #Note: not sure if proxy login details are sent in clear text. #user.privileged: proxy user.notprivileged: nobody client pass { from: 136.201.251.21/0 port 1-65535 to: 0.0.0.0/0 # 136.201.251.21/0 = specific ip address. } client pass { from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0 } client block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error } #Finally block other traffic block { from: 0.0.0.0/0 to: 127.0.0.0/8 log: connect error } pass { from: 136.201.251.21/0 to: 0.0.0.0/0 protocol: tcp udp } pass { from: 127.0.0.0/8 to: 0.0.0.0/0 protocol: tcp udp } block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error }
Once the config is complete. Start/Restart dante socks server:
/etc/init.d/danted start
If there is a problem with the config – it will tell you immediately on trying to start the danted daemon.
Test Dante Socks Server
netstat -n -a #check to see if server is listening on 1080
Make sure the firewall is open. Add appropriate rule as on Iptables_Firewall. Test also with winscp or putty.
Other SOCKS Servers
Note that putty itself can provide a SOCKS 5 server!! (But putty needs to be able to connect to an external server/computer firstly!)
To configure socks to act as a socks v5 server:
Open Putty, Go to CONNECTION -> SSH -> TUNNELS In the Source Port - put 1080 In the Destination Port - put 1080 Click on the Dynamic radio button for "Dynamic Port Forwarding"
Connect to an server with external access. Telnet localhost 1080 and it should connect.
Also note – SOCKS v5 can be setup using ssh on the command line.
ssh [email protected] -D 1080 # -D is for Dynamic Port Forwarding.
Copy มาจาก http://wiki.kartbuilding.net/index.php/Dante_Socks_Server#Test_Dante_Socks_Server
ส่วนวิธีการทำให้ authen ได้
Overview
The username authentication method uses the system password file to verify a username and password combination supplied by a user as part of the SOCKS version 5 authentication process. Note that the password is transmitted in cleartext with this authentication method.
Environment setup
The standard system password authentication functions are used to verify the password, and the machine running the SOCKS server needs to have all users and passwords in a password file or similar database. It might, depending on the platform, be possible to run the server in a chroot() environment with a password file independent of the rest of the system.
Server privileges
#server identities (not needed on solaris) user.privileged : root user.notprivileged : socks
For the server to be able to access the system password file, it will typically have to be started with root privileges. In this case, the user.privileged anduser.notprivileged keywords should be set to ensure that the server will run as an unprivileged user when it does not need root privileges.
Example clientmethod usage
This authentication method cannot be used as a clientmethod.
Example method usage
#authentication methods method: username
#generic pass statement - bind/outgoing traffic pass { from: 0.0.0.0/0 to: 0.0.0.0/0 command: bind connect udpassociate log: error # connect disconnect iooperation method: username }
The authentication configuration template can be used directly for outgoing traffic, it is only necessary to specify the method name.
The username method cannot be used for incoming traffic (bindreply, udpreply).
Copy มาจาก http://www.inet.no/dante/doc/1.3.x/config/auth_username.html