Install a SOCKS5 server (Dante) on CentOS 7 - flaviosanchez/dante-on-systemd GitHub Wiki
Welcome to the dante-on-systemd wiki!
I have to give credit to these two links:
Compile
$ apt-get install make gcc
$ cd /usr/src
$ tar xvfz dante-1.4.1.tar.gz
$ cd dante-1.4.1
$ ./configure \ --prefix=/usr --sysconfdir=/etc --localstatedir=/var --disable-client --without-libwrap --without-bsdauth --without-gssapi --without-krb5 --without-upnp --without-pam
$ make && make install
Create and edit init file for dante
$ vi /etc/init.d/sockd
#!/bin/sh # # sockd init script for Dante SOCKS Server # # chkconfig: 2345 016
# # dante SOCKS server init.d file. Based on /etc/init.d/skeleton: # Version: @(#)skeleton 1.8 03-Mar-1998 [email protected] # Via: https://gitorious.org/dante/pkg-debian # Source function library. # # Modified for systemd on 18-Jun-2017 by [email protected] #
-
/etc/rc.d/init.d/functions
PATH=/sbin:/usr/sbin:/bin:/usr/bin NAME=sockd DAEMON=/usr/sbin/$NAME PIDFILE=/var/run/$NAME.pid SCRIPTNAME=/etc/init.d/$NAME DESC="Dante SOCKS daemon" CONFFILE=/etc/$NAME.conf
[ -x "$DAEMON" ] || exit 0
exec=/usr/sbin/$NAME prog=sockd config=/etc/$NAME.conf
touch_pidfile () { if [ -r $CONFFILE ]; then uid=“sed -n -e 's///g' -e 's/#.//' -e '/user\.privileged/{s/[:]://p;q;}' $CONFFILE” if [ -n "$uid" ]; then touch $PIDFILE chown $uid $PIDFILE fi fi }
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
lockfile=/var/lock/subsys/$prog
start() {
[ -x $exec ] || exit 5
[ -f
stop() {
echo -n $"Stopping $prog: "
# stop it here, often "killproc $prog"
killproc
restart() { stop touch_pidfile start }
reload() { restart }
force_reload() { restart }
rh_status() { # run checks to determine if the service is running or use generic status status $prog }
rh_status_q() { rh_status >/dev/null 2>&1 }
case "$1" in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart)
$1
;;
reload)
rh_status_q || exit 7
Save and quit. Change file into an executable with the following command.
$ chmod +x /etc/init.d/sockd
Edit configuation file.
$ vi /etc/sockd.conf
#user.privileged: root user.notprivileged: socks #user.libwrap: libwrap
#reverse dns lookup #srchost: nodnsmismatch
#block access to socks server from 192.0.2.22 (exception for pass rule below) #client block { # #block connections from 192.0.2.22/32 # from: 192.0.2.22/24 to: 0.0.0.0/0 # log: error # connect disconnect # }
#allow connections from local network (192.0.2.1/32) client pass { from: 192.0.2.1/32 to: 0.0.0.0/0 log: error # connect disconnect }
#block communication with www.example.org #socks block { # from: 0.0.0.0/0 to: www.example.org # command: bind connect udpassociate # log: error # connect disconnect iooperation # }
#generic pass statement - bind/outgoing traffic socks pass { from: 0.0.0.0/0 to: 0.0.0.0/0 command: bind connect udpassociate log: error # connect disconnect iooperation }
#block incoming connections/packets from ftp.example.org #socks block { # from: 0.0.0.0/0 to: ftp.example.org # command: bindreply udpreply # log: error # connect disconnect iooperation # }
#generic pass statement for incoming connections/packets socks pass { from: 0.0.0.0/0 to: 0.0.0.0/0 command: bindreply udpreply log: error # connect disconnect iooperation }
#forwarding route to SOCKS server (which supports both SOCKS version 4 and 5) # route { # from: 0.0.0.0/0 to: 0.0.0.0/0 via: 192.0.2.1 port = 1080 # proxyprotocol: socks_v4 socks_v5 # command: connect # protocol: tcp #udp not supported # method: none # }
#forwarding route to HTTP 1.0 proxy route { from: 0.0.0.0/0 to: 0.0.0.0/0 via: 192.0.2.1 port = 3128 proxyprotocol: http_v1.0 command: connect }
#forwarding route to HTTP 1.1 proxy #route { # from: 0.0.0.0/0 to: 0.0.0.0/0 via: 192.0.2.1 port = 3128 # proxyprotocol: http_v1.1 # command: connect #}
#forwarding route to UPnP device #route { # from: 0.0.0.0/0 to: 0.0.0.0/0 # via: http://192.0.2.2:1900/InternetGatewayDevice.xml # proxyprotocol: upnp # command: connect #}
Save and Quit. Start SOCKS with the following command.
$ systemctl start sockd -l
Sources: