SOCKS Porxy ServerのDanteをCentOS 8にインストールしてみました。
Dante – A free SOCKS server – Inferno Nettverk A/S
https://www.inet.no/dante/
手順としてはソースからコンパイルする下記と同様の手順です。
・CentOS Linux release 8.1.1911 (Core)
・Kernel 4.18.0-147.8.1.el8_1.x86_64
- ソースのダウンロード
- 展開
- pam-develのインストール
- configure
- make
- make install
- 設定ファイルの作成
- 起動スクリプトの作成
- 実行権限の追加
- 起動スクリプトの登録
- 自動起動の設定
- Danteの起動
- Firewallの設定
- 動作確認
1 2 3 4 |
[root@centos8 ~]# curl -O https://www.inet.no/dante/files/dante-1.4.2.tar.gz % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1286k 100 1286k 0 0 355k 0 0:00:03 0:00:03 --:--:-- 355k |
1 2 3 4 5 6 7 |
[root@centos8 ~]# tar xvfz dante-1.4.2.tar.gz dante-1.4.2/m4/libtool.m4 dante-1.4.2/m4/ltoptions.m4 dante-1.4.2/m4/ltsugar.m4 dante-1.4.2/m4/ltversion.m4 dante-1.4.2/m4/lt~obsolete.m4 (snip) |
1 |
[root@centos8 ~]# dnf -y install pam-devel |
RHEL/CentOS 8からTCP Wrappersが廃止になりましたので利用できません。代わりにfirewalldを使いましょうだと。
Replacing TCP Wrappers in RHEL 8
https://access.redhat.com/solutions/3906701
The TCP Wrappers package has been deprecated in RHEL 7 and therefore it will not be available in RHEL 8 or later RHEL releases.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
[root@centos8 ~]# cd dante-1.4.2/ [root@centos8 dante-1.4.2]# ./configure Configuring Dante 1.4.2: checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes (snip) Configure status: Client: Enabled Server: Enabled Preloading: Enabled Libwrap: Disabled, tcpd.h missing BSD Auth: Disabled, usable bsd_auth.h not found PAM: Enabled GSSAPI: Not found/disabled KRB5: Not found/disabled SASL: Not found/disabled UPNP: Not found/disabled Compatability: issetugid setproctitle strlcpy strvis Modules: redirect: Not found bandwidth: Not found ldap: Not found |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
[root@centos8 dante-1.4.2]# make Making all in include make[1]: Entering directory '/root/dante-1.4.2/include' make all-am make[2]: Entering directory '/root/dante-1.4.2/include' make[2]: Leaving directory '/root/dante-1.4.2/include' make[1]: Leaving directory '/root/dante-1.4.2/include' Making all in lib make[1]: Entering directory '/root/dante-1.4.2/lib' CC config_parse.lo CC config_scan.lo CC Raccept.lo CC Rbind.lo CC Rbindresvport.lo CC Rcompat.lo Rcompat.c: In function 'Rwritev': Rcompat.c:90:19: warning: assignment discards 'const' qualifier from pointer target typ e [-Wdiscarded-qualifiers] msg.msg_iov = iov; ^ Rcompat.c: In function 'Rsend': Rcompat.c:106:25: warning: initialization discards 'const' qualifier from pointer targe t type [-Wdiscarded-qualifiers] struct iovec iov = { msg, len }; (snip) make[1]: Leaving directory '/root/dante-1.4.2/capi' Making all in contrib make[1]: Entering directory '/root/dante-1.4.2/contrib' make[1]: Nothing to be done for 'all'. make[1]: Leaving directory '/root/dante-1.4.2/contrib' make[1]: Entering directory '/root/dante-1.4.2' make[1]: Nothing to be done for 'all-am'. make[1]: Leaving directory '/root/dante-1.4.2' |
warningが11箇所でましたがエラーで止まることなくmakeできました。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[root@centos8 dante-1.4.2]# make install Making install in include make[1]: Entering directory '/root/dante-1.4.2/include' make[2]: Entering directory '/root/dante-1.4.2/include' make[2]: Nothing to be done for 'install-exec-am'. make[2]: Nothing to be done for 'install-data-am'. make[2]: Leaving directory '/root/dante-1.4.2/include' make[1]: Leaving directory '/root/dante-1.4.2/include' Making install in lib make[1]: Entering directory '/root/dante-1.4.2/lib' make[2]: Entering directory '/root/dante-1.4.2/lib' /usr/bin/mkdir -p '/usr/local/lib' /bin/sh ../libtool --mode=install /usr/bin/install -c libsocks.la '/usr/local/lib' libtool: install: /usr/bin/install -c -m 644 .libs/libsocks.so.0.1.1 /usr/local/lib/lib socks.so.0.1.1 (snip) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
[root@centos8 dante-1.4.2]# vi /etc/sockd.conf [root@centos8 dante-1.4.2]# cat /etc/sockd.conf internal: eth0 port = 1080 external: eth0 user.privileged: root user.unprivileged: nobody socksmethod: none errorlog: /var/log/sockd.errlog logoutput: /var/log/sockd.log # LAN client pass { from: 192.168.1.0/24 to: 0.0.0.0/0 log: error connect # disconnect } # allow connect from anywhere as long as client was authed previously socks pass { from: 0.0.0.0/0 to: 0.0.0.0/0 command: connect log: error connect # disconnect } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
[root@centos8 dante-1.4.2]# vi /etc/init.d/sockd [root@centos8 dante-1.4.2]# cat /etc/init.d/sockd #!/bin/sh ### BEGIN INIT INFO # Provides: sockd # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start the dante SOCKS server. # Description: SOCKS (v4 and v5) proxy server daemon (sockd). # This server allows clients to connect to it and # request proxying of TCP or UDP network traffic # with extensive configuration possibilities. ### END INIT INFO PID="/var/run/sockd/sockd.pid" CONFIG="/etc/sockd.conf" # Source function library. if [ -f /etc/init.d/functions ] ; then . /etc/init.d/functions elif [ -f /etc/rc.d/init.d/functions ] ; then . /etc/rc.d/init.d/functions else exit 1 fi # Avoid using root’s TMPDIR unset TMPDIR # Source networking configuration. . /etc/sysconfig/network # Check that sockd.conf exists. [ -f ${CONFIG} ] || exit 6 RETVAL=0 OPTIONS="-D -p ${PID} -f ${CONFIG}" start() { KIND="SOCKD" echo -n $"Starting $KIND services: " /usr/local/sbin/sockd ${OPTIONS} RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/sockd || \ RETVAL=1 return $RETVAL } stop() { KIND="SOCKD" echo -n $"Shutting down $KIND services: " killproc sockd RETVAL=$? echo [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/sockd return $RETVAL } restart() { stop start } rhstatus() { status -l sockd sockd return $? } # Allow status as non-root. if [ "$1" = status ]; then rhstatus exit $? fi case "$1" in start) start ;; stop) stop ;; restart) restart ;; status) rhstatus ;; condrestart) [ -f /var/lock/subsys/sockd ] && restart || : ;; *) echo $"Usage: $0 {start|stop|restart|status|condrestart}" exit 2 esac exit 0 |
1 |
[root@centos8 dante-1.4.2]# chmod u+x /etc/init.d/sockd |
1 |
[root@centos8 dante-1.4.2]# chkconfig --add sockd |
1 2 3 4 5 6 7 8 9 10 11 12 |
[root@centos8 dante-1.4.2]# chkconfig sockd on [root@centos8 dante-1.4.2]# chkconfig --list Note: This output shows SysV services only and does not include native systemd services. SysV configuration data might be overridden by native systemd configuration. If you want to list systemd services use 'systemctl list-unit-files'. To see services enabled on particular target use 'systemctl list-dependencies [target]'. sockd 0:off 1:off 2:on 3:on 4:on 5:on 6:off |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@centos8 dante-1.4.2]# /etc/init.d/sockd start Reloading systemd: [ OK ] Starting sockd (via systemctl): [ OK ] [root@centos8 dante-1.4.2]# systemctl status sockd * sockd.service - LSB: Start the dante SOCKS server. Loaded: loaded (/etc/rc.d/init.d/sockd; generated) Active: active (running) since Sat 2020-06-20 09:30:06 JST; 22s ago Docs: man:systemd-sysv-generator(8) Process: 33055 ExecStart=/etc/rc.d/init.d/sockd start (code=exited, status=0/SUCCESS) Tasks: 20 (limit: 49641) Memory: 86.0M CGroup: /system.slice/sockd.service |-33061 /usr/local/sbin/sockd -D -p /var/run/sockd/sockd.pid -f /etc/sockd.> |-33063 sockd: monitor-child |-33064 sockd: negotiate-child: 0/96 |-33065 sockd: request-child: 0/1 (snip) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
[root@centos8 dante-1.4.2]# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="1080" accept " success [root@centos8 dante-1.4.2]# firewall-cmd --reload success [root@centos8 dante-1.4.2]# [root@centos8 dante-1.4.2]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens160 sources: services: cockpit dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="192.168.1.0/24" port port="1080" protocol="tcp" accept |
「コントロールパネル」-「インターネットオプション」からプロキシの設定でDanteサーバのIP、ポートを設定します。
Web閲覧で/var/log/sockd.logに記録されます。
1 2 3 4 5 6 |
[root@centos8 ~]# cat /var/log/sockd.log Jun 15 09:30:06 (1592613006.943723) sockd[33061]: info: Dante/server[1/1] v1.4.2 running Jun 15 09:44:03 (1592613843.157129) sockd[33064]: info: pass(1): tcp/accept [: 192.168.1.9.57712 192.168.1.1.1080 Jun 15 09:44:03 (1592613843.182864) sockd[33084]: info: pass(1): tcp/connect [: 192.168.1.9.57712 192.168.1.1.1080 -> 192.168.1.1.57712 23.2.128.108.443 Jun 15 09:44:10 (1592613850.809309) sockd[33736]: info: pass(1): tcp/accept [: 192.168.1.9.57722 192.168.1.1.1080 Jun 15 09:44:10 (1592613850.834689) sockd[33084]: info: pass(1): tcp/connect [: 192.168.1.9.57722 192.168.1.1.1080 -> 192.168.1.1.57722 182.22.16.251.443 |
取り合えず動作しているようです(^^;