近来公司业务有需要做socks5代理的需求,研究了一下,主要的开源实现有2个:
dante http://www.inet.no/dante/
ss5 http://ss5.sourceforge.net/
比较了一下,还是比较倾向于dante,因为看到有人这样评价ss5:
Project has an incredibly poor source code quality. There are lot of buffer overflows caused by inconsistencies of hard coded and real buffer sizes or broken error detection due to signed/unsigned mismatch. Developer uses either an very compiler or is unaware of flags like '-W' or '-D_FORTIFY_SOURCE' which would detect most of these issues.
当然,这个是人家的评价,不代表我的观点。
闲话少说,下边进入正题。
1.安装Dante
Redhat/CentOS:
#yum install gcc make bison flex rpm-build.x86_64
#yum install openldap-devel.x86_64 pam-devel.x86_64 openssl-devel.x86_64 libgssapi-devel.x86_64 libgssapi-devel.x86_64
#wget -c wget http://www.inet.no/dante/files/dante-1.4.0-pre1.tar.gz
#rpmbuild -ta dante-1.4.0-pre1.tar.gz
#cd rpmbuild/RPMS
#rpm -ivh dante-1.4.0-0.pre1.el6.x86_64.rpm dante-server-1.4.0-0.pre1.el6.x86_64.rpm
#useradd sockd
#usermod -s /sbin/nologin sockd
或者源码安装:
#tar -zxvf dante-1.4.0-pre1.tar.gz
#cd dante-1.4.0-pre1
#./configure --with-sockd-conf=/etc/danted.conf
#make
#make install
2.Dnate配置文件解析
默认的配置文件是/etc/sockd.conf,在debian下则是/etc/danted.conf
整个配置文件由3个大部分组成。
1)server settings 控制dante的一般行为;
2)rules 用户的访问控制;
3)routes 通常用于"server-chaining";
配置由关键字组成,关键字后边跟":"指定值。
配置文件的推荐书写顺序如下:
# Server settings:
# logoutput
# internal
# external
# method
# clientmethod
# users
# compatibility
# extension
# timeout
# srchost
#
# Rules:
# client block/pass
# from to
# libwrap
# log
#
# block/pass
# from to
# method
# command