01 Июня 2018 19:13

dante (sockd) proxy с radius авторизацией на CentOS 6.8

Linux proxy

dante

Инструкция по установке и настройке dante proxy (он же sockd) с авторизацией через radius. Можно и без радиуса, см комментарии в конфиге.

Если вкратце, то

sudo su

rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

yum install pam pam-devel pam_radius gcc -y

wget https://www.inet.no/dante/files/dante-1.4.2.tar.gz

tar -xvf dante-1.4.2.tar.gz

cd dante-1.4.2

./configure

make

make install

vi /etc/sockd.conf

vi /etc/init.d/sockd

chmod +x /etc/init.d/sockd

vi /etc/sysconfig/iptables

vi /etc/pam_radius.conf

service iptables restart

service sockd start

chkconfig --level 2345 sockd on

Содержимое конфигурационных файлов:


/etc/sockd.conf

logoutput: syslog /var/log/sockd.log
user.privileged: root
user.unprivileged: nobody

# The listening network interface or address.
internal: 0.0.0.0 port=1080

# The proxying network interface or address.
external: eth0

# socks-rules determine what is proxied through the external interface.
# system user auth
# socksmethod: username
# radius auth
socksmethod: pam

# client-rules determine who can connect to the internal interface.
# The default of "none" permits anonymous access.
clientmethod: none

client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}

socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}

/etc/init.d/sockd

#!/bin/bash
# zeping lai
# www.linxhub.org
# /etc/init.d/sockd
# chmod +x /etc/init.d/sockd

### BEGIN INIT INFO
# Provides: sockd
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the sockd sockd5 server
# Description: starts sockd using start-stop-daemon
### END INIT INFO

NAME=sockd
SOCKED_BIN=/usr/local/sbin/sockd
CONFIGFILE=/etc/sockd.conf
SCRIPTNAME=/etc/init.d/$NAME

case "$1" in
start)
echo -n "Starting $NAME...."
if netstat -tnpl | grep -q sockd;then
echo "$NAME (pid `pidof $NAME`) already running."
exit 1
fi
$SOCKED_BIN -f $CONFIGFILE -D

if [ "$?" != 0 ] ; then
echo " failed"
exit 1
else
echo " done"
fi
;;

stop)
echo -n "Stoping $NAME..."
if ! netstat -tnpl | grep -q sockd; then
echo "$NAME is not running."
exit 1
fi

/usr/bin/pkill $NAME

if [ "$?" != 0 ] ; then
echo " failed"
exit 1
else
echo " done"
fi
;;

status)
if netstat -tnpl | grep -q sockd; then
PID=`pidof sockd`
echo "$NAME (pid $PID) is running..."
else
echo "$NAME is stopped"
exit 0
fi
;;

restart)
$SCRIPTNAME stop
sleep 1
$SCRIPTNAME start
;;

*)
echo "Usage: $SCRIPTNAME {start|stop|restart|status}"
exit 1
;;
esac

/etc/sysconfig/iptables

Добавляем правило (подразумевается, что все исходящие соединения разрешены)

#proxy
-A INPUT -p tcp -m tcp --dport 1080 -j ACCEPT

/etc/pam_radius.conf

# server[:port]	shared_secret      timeout (s)
127.0.0.1 secret 1

Далее садимся tail'ом на логи sockd и пробуем подключиться :)

Фильтр