LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-13-2005, 05:36 PM   #1
Jubalint
Member
 
Registered: Mar 2004
Distribution: Debian
Posts: 35

Rep: Reputation: 15
Problem with Dante SOCKS


Hey, just been using CentOS4.1 for a couple months now. I've looked around at a couple SOCKS5 proxies and found Dante which I liked. I downloaded it, did make, make install, went and configured it, ran "sockd -V", had a couple problems, ran it agian and it check fine. Then went to just start up the proxy with "sockd" and it returned just fine, no errors popped up. Went to ps -AF to check if process was there. It wasn't. Did a grep check, not there. Tried to connect to it with my firefox (diff comp) to make sure... nope. So I go to check my log output and see what's up. I have it logging to stderr in root directory. I goto open it in vi and i get a new doc. I exit and type dir and it shows me that it's called stderr\r. So I type in "vi stderr\r" and I get a empty doc agian. Now I know there's something in there because if I check the size it's about 2.2k.

So my question is what can I do to check what's going wrong and to get dante to work? Thanks.

Also here's my config file, just incase I messed something up there .

Code:
# $Id: sockd.conf,v 1.41 2001/12/12 13:56:41 karls Exp $
#
# A sample sockd.conf
#
#
# The configfile is divided into two parts; first serversettings,
# then the rules.
#
# The recommended order is:
#   Serversettings:
#               logoutput
#               internal
#               external
#               method
#               clientmethod
#               users
#               compatibility
#               extension
#               connecttimeout
#               iotimeout
#		srchost
#
#  Rules:
#	client block/pass
#		from to
#		libwrap
#		log
#
#     block/pass
#		from to
#		method
#		command
#		libwrap
#		log
#		protocol
#		proxyprotocol
# the server will log both via syslog, to stdout and to /var/log/lotsoflogs
logoutput: syslog /var/log/dante.log
logoutput: stderr
# The server will bind to the address 10.1.1.1, port 1080 and will only
# accept connections going to that address.
internal: 171.37.2.198 port = 80
# Alternatively, the interface name can be used instead of the address.
#internal: eth0 port = 1080

# all outgoing connections from the server will use the IP address
# 195.168.1.1
external: 198.37.1.332

# list over acceptable methods, order of preference.
# A method not set here will never be selected.
#
# If the method field is not set in a rule, the global
# method is filled in for that rule.
#

# methods for socks-rules.
method: username none

# methods for client-rules.
#clientmethod: none

#or if you want to allow rfc931 (ident) too
#method: username rfc931 none

#or for PAM authentification
#method: pam

#
# An important section, pay attention.
#

# when doing something that can require privilege, it will use the
# userid "sockd".
user.privileged: nobody

# when running as usual, it will use the unprivileged userid of "sockd".
user.notprivileged: nobody

# If you compiled with libwrap support, what userid should it use
# when executing your libwrap commands?  "libwrap".
#user.libwrap: libwrap


#
# some options to help clients with compatibility:
#

# when a client connection comes in the socksserver will try to use
# the same port as the client is using, when the socksserver
# goes out on the clients behalf (external: IP address).
# If this option is set, Dante will try to do it for reserved ports aswell.
# This will usually require user.privileged to be set to "root".
compatibility: sameport

# If you are using the bind extension and have trouble running servers
# via the server, you might try setting this.  The consequences of it
# are unknown.
#compatibility: reuseaddr

#
# The Dante server supports some extensions to the socks protocol.
# These require that the socks client implements the same extension and
# can be enabled using the "extension" keyword.
#
# enable the bind extension.
extension: bind


#
#
# misc options.
#

# how many seconds can pass from when a client connects til it has
# sent us it's request?  Adjust according to your network performance
# and methods supported.
#connecttimeout: 30   # on a lan, this should be enough if method is "none".

# how many seconds can the client and it's peer idle without sending
# any data before we dump it?  Unless you disable tcp keep-alive for
# some reason, it's probably best to set this to 0, which is
# "forever".
#iotimeout: 0 # or perhaps 86400, for a day.

# do you want to accept connections from addresses without
# dns info?  what about addresses having a mismatch in dnsinfo?
#srchost: nounknown nomismatch

#
# The actual rules.  There are two kinds and they work at different levels.
#
# The rules prefixed with "client" are checked first and say who is allowed
# and who is not allowed to speak/connect to the server.  I.e the
# ip range containing possibly valid clients.
# It is especially important that these only use IP addresses, not hostnames,
# for security reasons.
#
# The rules that do not have a "client" prefix are checked later, when the
# client has sent its request and are used to evaluate the actual
# request.
#
# The "to:" in the "client" context gives the address the connection
# is accepted on, i.e the address the socksserver is listening on, or
# just "0.0.0.0/0" for any address the server is listening on.
#
# The "to:" in the non-"client" context gives the destination of the clients
# socksrequest.
#
# "from:" is the source address in both contexts.
#


# the "client" rules.  All our clients come from the net 10.0.0.0/8.
#

# Allow our clients, also provides an example of the port range command.
#client pass {
#	from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
#	method: rfc931 # match all idented users that also are in passwordfile
#}

# This is identical to above, but allows clients without a rfc931 (ident)
# too.  In practise this means the socksserver will try to get a rfc931
# reply first (the above rule), if that fails, it tries this rule.
client pass {
	from: 65.147.151.392/8 port 1-65535 to: 0.0.0.0/0
}
client pass {
        from: 65.147.151.392/16 port 1-65535 to: 0.0.0.0/0
}

client pass {
        from: 65.147.151.392/24 port 1-65535 to: 0.0.0.0/0
}

# drop everyone else as soon as we can and log the connect, they are not
# on our net and have no business connecting to us.  This is the default
# but if you give the rule yourself, you can specify details.
client block {
	from: 0.0.0.0/0 to: 0.0.0.0/0
	log: connect error
}


# the rules controlling what clients are allowed what requests
#

# you probably don't want people connecting to loopback addresses,
# who knows what could happen then.
block {
	from: 0.0.0.0/0 to: 127.0.0.0/8
	log: connect error
}

# the people at the 172.16.0.0/12 are bad, no one should talk to them.
# log the connect request and also provide an example on how to
# interact with libwrap.
block {
	from: 0.0.0.0/0 to: 172.16.0.0/12
	libwrap: spawn finger @%a
	log: connect error
}

# unless you need it, you could block any bind requests.
#block {
#	from: 0.0.0.0/0 to: 0.0.0.0/0
#	command: bind
#	log: connect error
#}

# or you might want to allow it, for instance "active" ftp uses it.
# Note that a "bindreply" command must also be allowed, it
# should usually by from "0.0.0.0/0", i.e if a client of yours
# has permission to bind, it will also have permission to accept
# the reply from anywhere.
pass {
	from: 10.0.0.0/8 to: 0.0.0.0/0
	command: bind
	log: connect error
}

# some connections expect some sort of "reply", this might be
# the reply to a bind request or it may be the reply to a
# udppacket, since udp is packetbased.
# Note that nothing is done to verify that it's a "genuine" reply,
# that is in general not possible anyway.  The below will allow
# all "replies" in to your clients at the 10.0.0.0/8 net.
pass {
	from: 0.0.0.0/0 to: 10.0.0.0/8
	command: bindreply udpreply
	log: connect error
}


# pass any http connects to the example.com domain if they
# authenticate with username.
# This matches "example.com" itself and everything ending in ".example.com".
#pass {
#	from: 10.0.0.0/8 to: .example.com port = http
#	log: connect error
#	method: username
#}

# block any other http connects to the example.com domain.
#block {
#	from: 0.0.0.0/0 to: .example.com port = http
#	log: connect error
#}

# everyone from our internal network, 10.0.0.0/8 is allowed to use
# tcp and udp for everything else.
pass {
	from: 65.106.151.211/8 to: 0.0.0.0/0
	protocol: tcp udp
}

pass {
        from: 65.106.151.211/12 to: 0.0.0.0/0
        protocol: tcp udp
}

pass {
        from: 65.106.151.211/24 to: 0.0.0.0/0
        protocol: tcp udp
}

 last line, block everyone else.  This is the default but if you provide
 one  yourself you can specify your own logging/actions
block {
	from: 0.0.0.0/0 to: 0.0.0.0/0
	log: connect error
}

pass {
  from: 127.0.0.0/8 to: 0.0.0.0/0
  protocol: tcp udp
}
 
Old 09-13-2005, 05:50 PM   #2
bosewicht
Senior Member
 
Registered: Aug 2003
Location: Honolulu, HI
Distribution: Arch
Posts: 1,380

Rep: Reputation: 47
I've never used Dante but the reason it's blank is you aren't defining the full path to the file. Try as root vi /stderr\r if it is storing it in /. It should be in /var/logs tho, you would think
 
Old 09-13-2005, 06:00 PM   #3
Jubalint
Member
 
Registered: Mar 2004
Distribution: Debian
Posts: 35

Original Poster
Rep: Reputation: 15
What do you mean I'm not defining the full path to the file? I know sockd connect to dante, doing "dante -v" prints out "sockd: dante v1.1.18". As far as logs I still can't get stdirr to open. I've defined /var/log/ a couple times but I get the exact same problem I have dante.log\r which won't open either.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
control traffic on socks server dante legolin Linux - Software 0 05-21-2005 05:57 AM
Dante client problem: control-socket: Transport endpoint is not connected phonic Linux - Networking 1 07-14-2004 04:46 PM
ss5 socks server problem alimharji Linux - Networking 0 03-11-2004 05:09 PM
Dante sockd problem - Invalid argument (errno = 22) Sammy2ooo Linux - Networking 1 11-19-2003 07:22 AM
Dante sockd more than one external device problem Sammy2ooo Linux - Networking 1 11-19-2003 07:19 AM


All times are GMT -5. The time now is 03:01 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration