Инструкция по установке и настройке dante proxy (он же sockd) с авторизацией через radius. Можно и без радиуса, см комментарии в конфиге.
Если вкратце, то
sudo su
rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install pam pam-devel pam_radius gcc -y
wget https://www.inet.no/dante/files/dante-1.4.2.tar.gz
tar -xvf dante-1.4.2.tar.gz
cd dante-1.4.2
./configure
make
make install
vi /etc/sockd.conf
vi /etc/init.d/sockd
chmod +x /etc/init.d/sockd
vi /etc/sysconfig/iptables
vi /etc/pam_radius.conf
service iptables restart
service sockd start
chkconfig --level 2345 sockd on
Содержимое конфигурационных файлов:
logoutput: syslog /var/log/sockd.log
user.privileged: root
user.unprivileged: nobody
# The listening network interface or address.
internal: 0.0.0.0 port=1080
# The proxying network interface or address.
external: eth0
# socks-rules determine what is proxied through the external interface.
# system user auth
# socksmethod: username
# radius auth
socksmethod: pam
# client-rules determine who can connect to the internal interface.
# The default of "none" permits anonymous access.
clientmethod: none
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}
#!/bin/bash
# zeping lai
# www.linxhub.org
# /etc/init.d/sockd
# chmod +x /etc/init.d/sockd
### BEGIN INIT INFO
# Provides: sockd
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the sockd sockd5 server
# Description: starts sockd using start-stop-daemon
### END INIT INFO
NAME=sockd
SOCKED_BIN=/usr/local/sbin/sockd
CONFIGFILE=/etc/sockd.conf
SCRIPTNAME=/etc/init.d/$NAME
case "$1" in
start)
echo -n "Starting $NAME...."
if netstat -tnpl | grep -q sockd;then
echo "$NAME (pid `pidof $NAME`) already running."
exit 1
fi
$SOCKED_BIN -f $CONFIGFILE -D
if [ "$?" != 0 ] ; then
echo " failed"
exit 1
else
echo " done"
fi
;;
stop)
echo -n "Stoping $NAME..."
if ! netstat -tnpl | grep -q sockd; then
echo "$NAME is not running."
exit 1
fi
/usr/bin/pkill $NAME
if [ "$?" != 0 ] ; then
echo " failed"
exit 1
else
echo " done"
fi
;;
status)
if netstat -tnpl | grep -q sockd; then
PID=`pidof sockd`
echo "$NAME (pid $PID) is running..."
else
echo "$NAME is stopped"
exit 0
fi
;;
restart)
$SCRIPTNAME stop
sleep 1
$SCRIPTNAME start
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|restart|status}"
exit 1
;;
esac
Добавляем правило (подразумевается, что все исходящие соединения разрешены)
#proxy
-A INPUT -p tcp -m tcp --dport 1080 -j ACCEPT
# server[:port] shared_secret timeout (s)
127.0.0.1 secret 1
Далее садимся tail'ом на логи sockd и пробуем подключиться :)