我已將 Dante sockd 設定為透過多個 IP 介面轉送流量。配置基本上是這樣的:
logoutput: /var/log/sockd.log
debug: 1
socksmethod: username none
internal: eth0 port = 60000
external: eth0
internal: eth0:0 port = 60000
external: eth0:0
internal: eth0:1 port = 60000
external: eth0:1
internal: eth0:2 port = 60000
external: eth0:2
...
external.rotation: same-same
client pass {
from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
socksmethod: username
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
socksmethod: username
protocol: tcp udp
}
使用「external.rotation = same.same」停用流量會透過伺服器,但僅從一個位址發出。啟用後,我使用curl 收到以下錯誤:
curl: (7) Can't complete SOCKS5 connection to x.x.x.x:80. (3)
以及日誌中的此錯誤:
May 15 07:38:38 (1431689918.007569) sockd[4887]: info: block(1): tcp/accept ]: x.x.x.x.56066 y.y.y.y.60000: request was not performed due to error: could not get address to use on external side: using external.rotation = same-same, local address x.x.x.x was selected for forwarding from our local client x.x.x.x.56066 to target z.z.z.z.80, but that local address is not set on our external interface(s). Configuration error in /etc/sockd.conf?
xxxx是我的ip位址,yyyy是伺服器端位址,zzzz是目標位址。
這對我來說意味著伺服器希望偽裝成我的位址,但它沒有配置,這是正確的,因為我希望流量被視為來自 yyyy 位址,其中有一百多個位址可供選擇。
我在文件中找不到與我看到的錯誤相符的任何內容,我懷疑需要某種循環配置,但我也找不到。有沒有人以這種方式完成這項工作?
答案1
以下內容適用於CentOS 6.x 64 位元上的Dante 1.4.2,儘管我不使用身份驗證,因為我透過SSH 隧道存取Dante(我的伺服器的IP 為1.1.1.1、2.2.2.2 和3.3.3.3) :
logoutput: syslog stdout stderr /var/log/sockd.log
internal: eth0:0 port = 1080
internal: eth0:1 port = 1080
internal: eth0:2 port = 1080
external: eth0:0
external: eth0:1
external: eth0:2
external.rotation: same-same
user.privileged: root
user.unprivileged: sockd
#user.libwrap: sockd
clientmethod: none
socksmethod: none
client pass {
from: 1.1.1.1/32 to: 0.0.0.0/0
log: error # connect disconnect
}
client pass {
from: 2.2.2.2/32 to: 0.0.0.0/0
log: error # connect disconnect
}
client pass {
from: 3.3.3.3/32 to: 0.0.0.0/0
log: error # connect disconnect
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bind connect udpassociate
log: error # connect disconnect iooperation
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bindreply udpreply
log: error # connect disconnect iooperation
}
然後從我的客戶端電腦建立了三個本機隧道:
ssh -L 10801:1.1.1.1:1080 -L 10802:2.2.2.2:1080 -L 10803:3.3.3.3:1080 [email protected]
我認為我在設定方面遇到的大多數問題都歸因於權限問題(客戶端通行證和襪子通行證)。
如果仍有問題,您可以嘗試 Dante 的替代方案:3Proxy。
您可以這樣設定 3proxy:
nserver 8.8.8.8
auth none
daemon
socks -p1080 -i1.1.1.1 -e1.1.1.1
socks -p1080 -i2.2.2.2 -e2.2.2.2
socks -p1080 -i3.3.3.3 -e3.3.3.3
pidfile /var/run/3proxy.pid
log /dev/null
希望這可以幫助。
答案2
您是否嘗試過為您的作業系統啟用 IP 轉發?
sysctl -w net.ipv4.ip_forward=1
或者
echo 1 > /proc/sys/net/ipv4/ip_forward
更多資訊 @http://linuxconfig.org/how-to-turn-on-off-ip-forwarding-in-linux