SOCKS代理服务器-Dante
2013-12-16 14:12:09 
阿炯
Dante 是一个开源的实现 SOCKS v4/5 的 C 语言包,可以用来作为网络的防火墙、流量控制。采用C语言开发并在BSD协议下授权。
Dante is a product developed by Inferno Nettverk A/S. It consists of a SOCKS server and a SOCKS client, implementing RFC 1928 and related standards. It is a flexible product that can be used to provide convenient and secure network connectivity.
Inferno Nettverk A/S provides commercial services related to Dante, including 24/7 phone support, customized installations/tuning, development, porting and embedding. For more information about support, please see the Dante support page.
Once installed, Dante can in most cases be made transparent to clients, providing functionality somewhat similar to what could be described as a non-transparent Layer 4 router. For customers interested in controlling and monitoring access in or out of their network, the Dante SOCKS server can provide several benefits, including security and TCP/IP termination (no direct contact between hosts inside and outside of the customer network), resource control (bandwidth, sessions), and logging (host information, data transferred).
The Dante SOCKS server interoperates with many popular network applications which already have SOCKS support built in to them, such as most web-browsers, instant messaging programs, Bloomberg terminals, and many others.
Developed by Inferno Nettverk A/S, Dante is released under a BSD/CMU-type license and comes with complete source code.
Dante is used daily by Fortune 100 companies and large international organizations, both as a standard (forward) proxy server and as a reverse proxy server.
Highlights
Some key highlights of the features available in the Dante server include:
24/7 support available from the people who wrote it and know it best.
Source code available under a liberal BSD/CMU-type license.
Advanced access control mechanisms.
Extensive logging possibilities.
Network diagnosis and generation of alarms related to detected problems.
IPv6 support.
Supports GSS-API (Kerberos) based authentication and strong encryption.
Supports server-chaining (currently only for TCP connect).
Integrates with LDAP and Active Directory authorisation (via the LDAP module).
Bandwidth management (via the Bandwidth module).
Port control and redirection support (via the Redirect module).
Session management and control.
Compatible with Bloomberg clients.
Supported protocols
The Dante package consists of two parts: the client and the server. The server supports SOCKS version 4 and version 5, while the client library supports multiple proxy protocols. The current standards/RFCs/drafts are implemented:
Socks protocol version 4:The first semi-official version of the SOCKS protocol, version 4. Supports TCP, but not UDP.
RFC1928:SOCKS protocol version 5. This is the current version of the SOCKS protocol.
RFC1929:Username/password authentication for SOCKS version 5.
RFC1961:GSS-API based authentication for SOCKS version 5.
UPnP:The Dante client supports sending client requests through a router with UPnP support. This type of router supports bind(2)-ing of ports on the router, allowing incoming requests to be received via the UPnP device. This feature requires the miniupnp library by Thomas Bernard.
HTTP proxy:The Dante client supports sending client requests through a web cache/proxy supporting the HTTP CONNECT command. Note that only TCP connect is supported through a HTTP proxy.
Supported platforms
Dante should run on most Unix/Linux platforms. Windows is not supported. At least the following are known to be supported:OpenBSD,FreeBSD,Linux,SunOS,AIX
SOCKS related standards
SOCKS4.protocol, SOCKS Protocol Version 4.
SOCKS4A.protocol, SOCKS Protocol Version 4A.
RFC1928, SOCKS Protocol Version 5.
RFC1929, Username/Password Authentication for SOCKS V5.
RFC1961, GSS-API Authentication Method for SOCKS Version 5.
配置文件
/etc/danted/sockd.conf
# Generate by sockd.info
internal: IP地址或网卡名 port = 端口号
external: IP地址或网卡名
method: pam none
clientmethod: none
user.privileged: root
user.notprivileged: sockd
logoutput: /var/log/sockd.log
client pass {
from: 192.168.1.0/24 to: 0.0.0.0/0
}
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
}
#------------ Network Trust: 192.168.1.0/24 ---------------
pass {
from: 192.168.1.0/24 to: 0.0.0.0/0
method: none
}
block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
上面配置文件是允许内网的192.168.1段的ip访问代理。如果想允许其他的,在对应位置增加client pass和pass。但是只能写网段,写ip会报错,单ip可以用ip/32表示。
配置文件的规则是按从上到下的顺序执行的。绝大部分浏览器(除了Opera)都不支持带密码认证的Socks5,所以使用电脑需要安装proxifier/proxycap 等软件做验证处理。
自动识别系统IP(默认排除192.168.0.,10.0.0.,127.0.0.*),根据安装命令选择部分Ip或者全部IP安装(多IP环境)。
采用PAM 用户认证,认证不需要添加系统用户(默认添加进程用户sock),删除、添加用户方便,安全。
sock5 运行状态查看,系统启动后自动加载。
完美支持多访问进出口(多IP的环境,支持 使用IP-1,访问网站IP查询为IP-1)。
认证方式可选: 无用户名密码,系统用户名密码,Pam用户名密码。
完美支持Centos/Debian,自动识别系统进行安装配置。
自定义对连接客户端认证方式,支持白名单即支持某些IP/IP段无需认证即可连接。
最新版本:1.4
增加对 IPv6 的支持;支持带警告功能的流量监控;实时调度功能以及一个设置任意 Socket 参数的通用语法。
项目主页:http://www.inet.no/dante/
Dante is a product developed by Inferno Nettverk A/S. It consists of a SOCKS server and a SOCKS client, implementing RFC 1928 and related standards. It is a flexible product that can be used to provide convenient and secure network connectivity.
Inferno Nettverk A/S provides commercial services related to Dante, including 24/7 phone support, customized installations/tuning, development, porting and embedding. For more information about support, please see the Dante support page.
Once installed, Dante can in most cases be made transparent to clients, providing functionality somewhat similar to what could be described as a non-transparent Layer 4 router. For customers interested in controlling and monitoring access in or out of their network, the Dante SOCKS server can provide several benefits, including security and TCP/IP termination (no direct contact between hosts inside and outside of the customer network), resource control (bandwidth, sessions), and logging (host information, data transferred).
The Dante SOCKS server interoperates with many popular network applications which already have SOCKS support built in to them, such as most web-browsers, instant messaging programs, Bloomberg terminals, and many others.
Developed by Inferno Nettverk A/S, Dante is released under a BSD/CMU-type license and comes with complete source code.
Dante is used daily by Fortune 100 companies and large international organizations, both as a standard (forward) proxy server and as a reverse proxy server.
Highlights
Some key highlights of the features available in the Dante server include:
24/7 support available from the people who wrote it and know it best.
Source code available under a liberal BSD/CMU-type license.
Advanced access control mechanisms.
Extensive logging possibilities.
Network diagnosis and generation of alarms related to detected problems.
IPv6 support.
Supports GSS-API (Kerberos) based authentication and strong encryption.
Supports server-chaining (currently only for TCP connect).
Integrates with LDAP and Active Directory authorisation (via the LDAP module).
Bandwidth management (via the Bandwidth module).
Port control and redirection support (via the Redirect module).
Session management and control.
Compatible with Bloomberg clients.
Supported protocols
The Dante package consists of two parts: the client and the server. The server supports SOCKS version 4 and version 5, while the client library supports multiple proxy protocols. The current standards/RFCs/drafts are implemented:
Socks protocol version 4:The first semi-official version of the SOCKS protocol, version 4. Supports TCP, but not UDP.
RFC1928:SOCKS protocol version 5. This is the current version of the SOCKS protocol.
RFC1929:Username/password authentication for SOCKS version 5.
RFC1961:GSS-API based authentication for SOCKS version 5.
UPnP:The Dante client supports sending client requests through a router with UPnP support. This type of router supports bind(2)-ing of ports on the router, allowing incoming requests to be received via the UPnP device. This feature requires the miniupnp library by Thomas Bernard.
HTTP proxy:The Dante client supports sending client requests through a web cache/proxy supporting the HTTP CONNECT command. Note that only TCP connect is supported through a HTTP proxy.
Supported platforms
Dante should run on most Unix/Linux platforms. Windows is not supported. At least the following are known to be supported:OpenBSD,FreeBSD,Linux,SunOS,AIX
SOCKS related standards
SOCKS4.protocol, SOCKS Protocol Version 4.
SOCKS4A.protocol, SOCKS Protocol Version 4A.
RFC1928, SOCKS Protocol Version 5.
RFC1929, Username/Password Authentication for SOCKS V5.
RFC1961, GSS-API Authentication Method for SOCKS Version 5.
配置文件
/etc/danted/sockd.conf
# Generate by sockd.info
internal: IP地址或网卡名 port = 端口号
external: IP地址或网卡名
method: pam none
clientmethod: none
user.privileged: root
user.notprivileged: sockd
logoutput: /var/log/sockd.log
client pass {
from: 192.168.1.0/24 to: 0.0.0.0/0
}
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
}
#------------ Network Trust: 192.168.1.0/24 ---------------
pass {
from: 192.168.1.0/24 to: 0.0.0.0/0
method: none
}
block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
上面配置文件是允许内网的192.168.1段的ip访问代理。如果想允许其他的,在对应位置增加client pass和pass。但是只能写网段,写ip会报错,单ip可以用ip/32表示。
配置文件的规则是按从上到下的顺序执行的。绝大部分浏览器(除了Opera)都不支持带密码认证的Socks5,所以使用电脑需要安装proxifier/proxycap 等软件做验证处理。
自动识别系统IP(默认排除192.168.0.,10.0.0.,127.0.0.*),根据安装命令选择部分Ip或者全部IP安装(多IP环境)。
采用PAM 用户认证,认证不需要添加系统用户(默认添加进程用户sock),删除、添加用户方便,安全。
sock5 运行状态查看,系统启动后自动加载。
完美支持多访问进出口(多IP的环境,支持 使用IP-1,访问网站IP查询为IP-1)。
认证方式可选: 无用户名密码,系统用户名密码,Pam用户名密码。
完美支持Centos/Debian,自动识别系统进行安装配置。
自定义对连接客户端认证方式,支持白名单即支持某些IP/IP段无需认证即可连接。
最新版本:1.4
增加对 IPv6 的支持;支持带警告功能的流量监控;实时调度功能以及一个设置任意 Socket 参数的通用语法。
项目主页:http://www.inet.no/dante/