每一个不曾起舞的日子都是对生命的辜负。
>
介绍:dante是一个免费的socks代理服务器,用于linux系统。
>
SOCKS是一种网络传输协议,主要用于客户端与外网服务器之间通讯的中间传递。SOCKS是”SOCKetS”的缩写。
当防火墙后的客户端要访问外部的服务器时,就跟SOCKS代理服务器连接。这个代理服务器控制客户端访问外网的资格,允许的话,就将客户端的请求发往外部的服务器。
网络传输协议或简称为传送协议(Communications Protocol),是指计算机通信或网络设备的共同语言。现在最普及的计算机通信为网络通信,所以“传送协议”一般都指计算机通信的传送协议,如:TCP/IP、NetBEUI、DHCP、FTP等。然而,传送协议也存在于计算机的其他形式通信,例如:面向对象编程里面对象之间的通信;操作系统内不同程序之间的消息,都需要有一个传送协议,以确保传信双方能够沟通无间。
下载danted服务:sudo apt-get install dante-server;如需删除danted,请参考以下命令删除程序文件service danted stop、rm -rf /etc/danted/、rm -f /etc/init.d/danted。
特点:
默认的配置文件是/etc/dante.conf,如下所示。
# A sample danted.conf
#
# The configfile is divided into three parts;
# 1) serversettings
# 2) rules
# 3) routes
#
# The recommended order is:
# Serversettings:
# logoutput
# internal
# external
# method
# clientmethod
# users
# compatibility
# extension
# connecttimeout
# iotimeout
# srchost
#
# Rules:
# client block/pass
# from to
# libwrap
# log
#
# block/pass
# from to
# method
# command
# libwrap
# log
# protocol
# proxyprotocol
#
# Routes:
# the server will log both via syslog, to stdout and to /var/log/lotsoflogs
#logoutput: syslog stdout /var/log/lotsoflogs
logoutput: stderr
# The server will bind to the address 10.1.1.1, port 1080 and will only
# accept connections going to that address.
# internal 表示进口ip设置。这里可以是网卡名,也可以是vps外网ip。port是设置端口,端口是1080
#internal: 10.1.1.1 port = 1080
# Alternatively, the interface name can be used instead of the address.
#internal: eth0 port = 1080
# all outgoing connections from the server will use the IP address
# 出口ip设置,同理,可以是网卡名,也可以是ip
# 195.168.1.1
#external: 192.168.1.1
# list over acceptable methods, order of preference.
# A method not set here will never be selected.
#
# If the method field is not set in a rule, the global
# method is filled in for that rule.
#
# methods for socks-rules.
# 认证方式,这里username none表示无需认证
#method: username none #rfc931
# methods for client-rules.
#clientmethod: none
#or if you want to allow rfc931 (ident) too
#method: username rfc931 none
#or for PAM authentification
#method: pam
#
# An important section, pay attention.
#
# when doing something that can require privilege, it will use the
# userid:
user.privileged: proxy
# when running as usual, it will use the unprivileged userid of:
user.notprivileged: nobody
# If you compiled with libwrap support, what userid should it use
# when executing your libwrap commands? "libwrap".
user.libwrap: nobody
#
# some options to help clients with compatibility:
#
# when a client connection comes in the socksserver will try to use
# the same port as the client is using, when the socksserver
# goes out on the clients behalf (external: IP address).
# If this option is set, Dante will try to do it for reserved ports aswell.
# This will usually require user.privileged to be set to "root".
#compatibility: sameport
# If you are using the bind extension and have trouble running servers
# via the server, you might try setting this. The consequences of it
# are unknown.
#compatibility: reuseaddr
#
# The Dante server supports some extensions to the socks protocol.
# These require that the socks client implements the same extension and
# can be enabled using the "extension" keyword.
#
# enable the bind extension.
#extension: bind
#
#
# misc options.
#
# how many seconds can pass from when a client connects til it has
# sent us it's request? Adjust according to your network performance
# and methods supported.
#connecttimeout: 30 # on a lan, this should be enough if method is "none".
#
# how many seconds can the client and it's peer idle without sending
# any data before we dump it? Unless you disable tcp keep-alive for
# some reason, it's probably best to set this to 0, which is
# "forever".
#iotimeout: 0 # or perhaps 86400, for a day.
# do you want to accept connections from addresses without
# dns info? what about addresses having a mismatch in dnsinfo?
#srchost: nounknown nomismatch
#
# The actual rules. There are two kinds and they work at different levels.
#
# The rules prefixed with "client" are checked first and say who is allowed
# and who is not allowed to speak/connect to the server. I.e the
# ip range containing possibly valid clients.
# It is especially important that these only use IP addresses, not hostnames,
# for security reasons.
#
# The rules that do not have a "client" prefix are checked later, when the
# client has sent its request and are used to evaluate the actual
# request.
#
# The "to:" in the "client" context gives the address the connection
# is accepted on, i.e the address the socksserver is listening on, or
# just "0.0.0.0/0" for any address the server is listening on.
#
# The "to:" in the non-"client" context gives the destination of the clients
# socksrequest.
#
# "from:" is the source address in both contexts.
#
# the "client" rules. All our clients come from the net 10.0.0.0/8.
#
# Allow our clients, also provides an example of the port range command.
#client pass {
# from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
# method: rfc931 # match all idented users that also are in passwordfile
#}
# This is identical to above, but allows clients without a rfc931 (ident)
# too. In practise this means the socksserver will try to get a rfc931
# reply first (the above rule), if that fails, it tries this rule.
#client pass {
# from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#}
# drop everyone else as soon as we can and log the connect, they are not
# on our net and have no business connecting to us. This is the default
# but if you give the rule yourself, you can specify details.
#client block {
# from: 0.0.0.0/0 to: 0.0.0.0/0
# log: connect error
#}
# the rules controlling what clients are allowed what requests
#
# you probably don't want people connecting to loopback addresses,
# who knows what could happen then.
#block {
# from: 0.0.0.0/0 to: 127.0.0.0/8
# log: connect error
#}
# the people at the 172.16.0.0/12 are bad, no one should talk to them.
# log the connect request and also provide an example on how to
# interact with libwrap.
#block {
# from: 0.0.0.0/0 to: 172.16.0.0/12
# libwrap: spawn finger @%a
# log: connect error
#}
# unless you need it, you could block any bind requests.
#block {
# from: 0.0.0.0/0 to: 0.0.0.0/0
# command: bind
# log: connect error
#}
# or you might want to allow it, for instance "active" ftp uses it.
# Note that a "bindreply" command must also be allowed, it
# should usually by from "0.0.0.0/0", i.e if a client of yours
# has permission to bind, it will also have permission to accept
# the reply from anywhere.
#pass {
# from: 10.0.0.0/8 to: 0.0.0.0/0
# command: bind
# log: connect error
#}
# some connections expect some sort of "reply", this might be
# the reply to a bind request or it may be the reply to a
# udppacket, since udp is packetbased.
# Note that nothing is done to verify that it's a "genuine" reply,
# that is in general not possible anyway. The below will allow
# all "replies" in to your clients at the 10.0.0.0/8 net.
#pass {
# from: 0.0.0.0/0 to: 10.0.0.0/8
# command: bindreply udpreply
# log: connect error
#}
# pass any http connects to the example.com domain if they
# authenticate with username.
# This matches "example.com" itself and everything ending in ".example.com".
#pass {
# from: 10.0.0.0/8 to: .example.com port = http
# log: connect error
# method: username
#}
# block any other http connects to the example.com domain.
#block {
# from: 0.0.0.0/0 to: .example.com port = http
# log: connect error
#}
# everyone from our internal network, 10.0.0.0/8 is allowed to use
# tcp and udp for everything else.
#pass {
# from: 10.0.0.0/8 to: 0.0.0.0/0
# protocol: tcp udp
#}
# last line, block everyone else. This is the default but if you provide
# one yourself you can specify your own logging/actions
#block {
# from: 0.0.0.0/0 to: 0.0.0.0/0
# log: connect error
#}
# route all http connects via an upstream socks server, aka "server-chaining".
#route {
# from: 10.0.0.0/8 to: 0.0.0.0/0 port = http via: socks.example.net port = socks
#}
将命令依次添加到/etc/rc.local ,就能实现随机启动