sock5方便公司管理业务,如外网的访问。
环境:CentOS 7 64位, dante 1.4.1
过程:
1.rpm -ivh http://mirror.ghettoforge.org/distributions/gf/el/7/plus/x86_64/dante-1.4.1-176.9.x86_64.rpm # 安装 dante
2.rpm -ivh http://mirror.ghettoforge.org/distributions/gf/el/7/plus/x86_64/dante-server-1.4.1-176.9.x86_64.rpm # 安装 dante-server
3.adduser --no-create-home --shell /usr/sbin/nologin sktest # 添加 sktest 新用户,且设置密码
4.mkdir /var/run/sockd # 创建 sockd 的目录
5.vi /etc/sockd.conf # 创建或修改配置文件,内容如下:
logoutput: stderr
# logoutput: /var/log/sockd.log
# 使用本地所有可用网络接口的 3721 端口
internal: 0.0.0.0 port = 3721
# 输出接口设置为 eth0
external: eth0
# socks的验证方法,设置为 pam.username,本例中,是使用系统用户验证,即使用adduser添加用户
socksmethod: pam.username
user.privileged: root
user.unprivileged: nobody
# user.libwrap: nobody
# 访问规则
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
protocol: tcp udp
socksmethod: pam.username
log: connect disconnect
}
socks block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
6.vi /etc/pam.d/sockd # 创建配置文件,内容如下:
#%PAM-1.0
#auth required pam_sepermit.so
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be
executed in the
user context
session required pam_selinux.so open env_params
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_limits.so
7.systemctl start sockd # 启动服务
参考: