Ubuntu下socks5代理服务器dante-server的安装与配置 – 奶牛博客

安装

  1. apt-get install dante-server

配置文件在/etc/danted.conf

  1. vim /etc/danted.conf
  2. # $Id: sockd.conf,v 1.43 2005/12/26 16:35:26 michaels Exp $
  3. #
  4. # A sample danted.conf
  5. #
  6. #
  7. # The configfile is divided into three parts;
  8. # 1) serversettings
  9. # 2) rules
  10. # 3) routes
  11. #
  12. # The recommended order is:
  13. # Serversettings:
  14. # logoutput
  15. # internal
  16. # external
  17. # method
  18. # clientmethod
  19. # users
  20. # compatibility
  21. # extension
  22. # connecttimeout
  23. # iotimeout
  24. # srchost
  25. #
  26. # Rules:
  27. # client block/pass
  28. # from to
  29. # libwrap
  30. # log
  31. #
  32. # block/pass
  33. # from to
  34. # method
  35. # command
  36. # libwrap
  37. # log
  38. # protocol
  39. # proxyprotocol
  40. #
  41. # Routes:
  42. # the server will log both via syslog, to stdout and to /var/log/lotsoflogs 这行是日志输出,输出到syslog stdout和lotsoflogs里面
  43. logoutput: syslog stdout /var/log/lotsoflogs
  44. # The server will bind to the address 10.1.1.1, port 1080 and will only
  45. # accept connections going to that address.
  46. #internal: 10.1.1.1 port = 1080
  47. # Alternatively, the interface name can be used instead of the address. 这里设置eth0为网卡,端口1080
  48. internal: eth0 port = 1080
  49. # all outgoing connections from the server will use the IP address
  50. # 195.168.1.1
  51. #external: 192.168.1.1,这里是设置流量出口使用的ip,也是用eth0网卡的
  52. external:eth0
  53. # list over acceptable methods, order of preference.
  54. # A method not set here will never be selected.
  55. #
  56. # If the method field is not set in a rule, the global
  57. # method is filled in for that rule.
  58. #
  59. # methods for socks-rules. 设置方式为用户名模式
  60. method: username
  61. #methods for client-rules.
  62. clientmethod: none
  63. #or for PAM authentification
  64. #method: pam
  65. #
  66. # An important section, pay attention.
  67. #
  68. # when doing something that can require privilege, it will use the
  69. # userid:
  70. user.privileged: root
  71. # when running as usual, it will use the unprivileged userid of:
  72. user.notprivileged: nobody
  73. # If you compiled with libwrap support, what userid should it use
  74. # when executing your libwrap commands? “libwrap”.
  75. user.libwrap: nobody
  76. #
  77. # some options to help clients with compatibility:
  78. #
  79. # when a client connection comes in the socksserver will try to use
  80. # the same port as the client is using, when the socksserver
  81. # goes out on the clients behalf (external: IP address).
  82. # If this option is set, Dante will try to do it for reserved ports aswell.
  83. # This will usually require user.privileged to be set to “root”.
  84. compatibility: sameport
  85. # If you are using the bind extension and have trouble running servers
  86. # via the server, you might try setting this. The consequences of it
  87. # are unknown.
  88. compatibility: reuseaddr
  89. #
  90. # The Dante server supports some extensions to the socks protocol.
  91. # These require that the socks client implements the same extension and
  92. # can be enabled using the “extension” keyword.
  93. #
  94. # enable the bind extension.
  95. extension: bind
  96. #
  97. #
  98. # misc options.
  99. #
  100. # how many seconds can pass from when a client connects til it has
  101. # sent us it’s request? Adjust according to your network performance
  102. # and methods supported.
  103. #connecttimeout: 30 # on a lan, this should be enough if method is “none”.
  104. # how many seconds can the client and it’s peer idle without sending
  105. # any data before we dump it? Unless you disable tcp keep-alive for
  106. # some reason, it’s probably best to set this to 0, which is
  107. # “forever”.
  108. #iotimeout: 0 # or perhaps 86400, for a day.
  109. # do you want to accept connections from addresses without
  110. # dns info? what about addresses having a mismatch in dnsinfo?
  111. #srchost: nounknown nomismatch
  112. #
  113. # The actual rules. There are two kinds and they work at different levels.
  114. #
  115. # The rules prefixed with “client” are checked first and say who is allowed
  116. # and who is not allowed to speak/connect to the server. I.e the
  117. # ip range containing possibly valid clients.
  118. # It is especially important that these only use IP addresses, not hostnames,
  119. # for security reasons.
  120. #
  121. # The rules that do not have a “client” prefix are checked later, when the
  122. # client has sent its request and are used to evaluate the actual
  123. # request.
  124. #
  125. # The “to:” in the “client” context gives the address the connection
  126. # is accepted on, i.e the address the socksserver is listening on, or
  127. # just “0.0.0.0/0” for any address the server is listening on.
  128. #
  129. # The “to:” in the non-“client” context gives the destination of the clients
  130. # socksrequest.
  131. #
  132. # “from:” is the source address in both contexts.
  133. #
  134. # the “client” rules. All our clients come from the net 10.0.0.0/8.
  135. #
  136. # Allow our clients, also provides an example of the port range command. 设置客户可以通过任何ip登陆,访问任何ip
  137. client pass {
  138. from: 0.0.0.0/0 to: 0.0.0.0/0
  139. # method: rfc931 # match all idented users that also are in passwordfile
  140. }
  141. # This is identical to above, but allows clients without a rfc931 (ident)
  142. # too. In practise this means the socksserver will try to get a rfc931
  143. # reply first (the above rule), if that fails, it tries this rule.
  144. #client pass {
  145. # from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
  146. #}
  147. # drop everyone else as soon as we can and log the connect, they are not
  148. # on our net and have no business connecting to us. This is the default
  149. # but if you give the rule yourself, you can specify details.
  150. #client block {
  151. # from: 0.0.0.0/0 to: 0.0.0.0/0
  152. # log: connect error
  153. #}
  154. # the rules controlling what clients are allowed what requests
  155. #
  156. # you probably don’t want people connecting to loopback addresses,
  157. # who knows what could happen then.
  158. #block {
  159. # from: 0.0.0.0/0 to: 127.0.0.0/8
  160. # log: connect error
  161. #}
  162. # the people at the 172.16.0.0/12 are bad, no one should talk to them.
  163. # log the connect request and also provide an example on how to
  164. # interact with libwrap.
  165. #block {
  166. # from: 0.0.0.0/0 to: 172.16.0.0/12
  167. # libwrap: spawn finger @%a
  168. # log: connect error
  169. #}
  170. # unless you need it, you could block any bind requests.
  171. #block {
  172. # from: 0.0.0.0/0 to: 0.0.0.0/0
  173. # command: bind
  174. # log: connect error
  175. #}
  176. # or you might want to allow it, for instance “active” ftp uses it.
  177. # Note that a “bindreply” command must also be allowed, it
  178. # should usually by from “0.0.0.0/0”, i.e if a client of yours
  179. # has permission to bind, it will also have permission to accept
  180. # the reply from anywhere.
  181. #pass {
  182. # from: 10.0.0.0/8 to: 0.0.0.0/0
  183. # command: bind
  184. # log: connect error
  185. #}
  186. # some connections expect some sort of “reply”, this might be
  187. # the reply to a bind request or it may be the reply to a
  188. # udppacket, since udp is packetbased.
  189. # Note that nothing is done to verify that it’s a “genuine” reply,
  190. # that is in general not possible anyway. The below will allow
  191. # all “replies” in to your clients at the 10.0.0.0/8 net.
  192. #pass {
  193. # from: 0.0.0.0/0 to: 10.0.0.0/8
  194. # command: bindreply udpreply
  195. # log: connect error
  196. #}
  197. # pass any http connects to the example.com domain if they
  198. # authenticate with username.
  199. # This matches “example.com” itself and everything ending in “.example.com”.
  200. #pass {
  201. # from: 10.0.0.0/8 to: .example.com port = http
  202. # log: connect error
  203. # method: username
  204. #}
  205. # block any other http connects to the example.com domain.
  206. #block {
  207. # from: 0.0.0.0/0 to: .example.com port = http
  208. # log: connect error
  209. #}
  210. # everyone from our internal network, 10.0.0.0/8 is allowed to use
  211. # tcp and udp for everything else. 设置协议支持tcp和udp
  212. pass {
  213. from: 0.0.0.0/0 to: 0.0.0.0/0
  214. protocol: tcp udp
  215. }
  216. # last line, block everyone else. This is the default but if you provide
  217. # one yourself you can specify your own logging/actions
  218. #block {
  219. # from: 0.0.0.0/0 to: 0.0.0.0/0
  220. # log: connect error
  221. #}
  222. # route all http connects via an upstream socks server, aka “server-chaining”.
  223. #route {
  224. # from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks
  225. #}

配置完成,

  1. /etc/init.d/danted start

进行启动。登陆是用本机用户名和密码即可。建议将用户的shell设置为nologin

Review top Dante-server ubuntu cheap 2022

Related Posts