Configure Linux as a proxy firewall

Source: Internet
Author: User
Tags net domain
Configure Linux as a proxy firewall

Linux itself can act as a proxy firewall by adding a socket package, and it is free of charge.

What is proxy firewall?

The proxy firewall does not allow any direct network flow to pass through, but serves as an intermediate medium between the Internet and internal network computers. The firewall handles various network services by itself, instead of letting them pass through directly. For example, log on to a computer on the network and request an Internet webpage. The computer does not directly link to the webpage provided by Internet services, but connects to the proxy server on its own network. The proxy server identifies the proxy request and then passes it to the corresponding Internet network server in an appropriate way. The remote network server is regarded as a normal network request from the firewall server. It sends a suitable webpage and the firewall server returns the webpage to the computer.

In this way, the firewall hides the fact that your computer exists on the internet, reducing external visibility into the internal network.

Install

1.

2. Use the tar command to unbind the downloaded socks package.

Tar-xzvf sock5-vl. 0r11.tar.gz

This command creates a sock5-vl. 0r11 directory, decompress the package to that directory, and use the CD command to change to that directory. This directory contains a configuration script for editing and installing software packages. Use the su command to change to the root user, and then run the script at the command prompt.

3. Enter the make command to compile the socks package. After completion, run the make install command to install the package.

Note: before use, you must create a socks5.conf file in the/etc directory. SOCKS5 checks the/etc/socks5.conf file to find out what protocols and services will be proxies, and which computer will be able to use this proxy service.

Create a socks5.conf File

The socks5.conf file is divided into six parts. Each part controls the SOCKS5 daemon to process a special item of a specific link. When a client computer is connected to a proxy server, SOCKS5 searches each row of each part continuously, and decide what action to take based on the rules you encounter. When you find the rule that matches the link to be processed, the rule sequence is very important.

1. Host address flag

The host address can be a complete host name or IP address, for example, gzdd. sjsgz. net or 10.88.56.4. It may also be a part of the host name or address, for example :. sjsgz. net or 10. 88.56.4.

Note: Some host names start with the dot (.) character and allow socks to recognize some host names that match any host in the sjsgz. Net domain.

2. Disable hosts

The Disable host part is used to disable proxy services for specified hosts and protocols. A forbidden host line always starts with the keyword ban, followed by the source host parameter and a source port parameter.

Command Format: Ban source-host sour-Ce-Port

For example, ban gzdd.sjsgz.net HTTP indicates that the host gzdd is forbidden to access network services on the system; ban 199.170.176. -indicates that no proxy service is accessible on the 199.170.176.x web host; Ban--indicates that no host can access any proxy service on the system.

3. Access Control

This is the most useful part of the socks5.conf file. The access control part is used to allow or disable proxy connections based on the host address or port number of the source and target machines. The access control line always starts with the keyword permit or deny.

Command Format: permit auth cmd Src-host DEST-host Src-port DEST-port or deny auth cmd Src-host DEST-host Src-port DEST-Port

For example, permit---10.88.56.-1880 HTTP indicates that the host in the 10.88.56. X network segment is allowed to access the network through port 1880; deny---indicates that all connections are rejected.

When a client is connected to the proxy server, Socks scans and controls the row list. If no matching socks is found, the connection is denied.

Start the SOCKS5 Service

You can manually start the daemon. You only need to log on as the root user and enter SOCKS5 at the command prompt. The SOCKS5 daemon is placed in the background for execution and a prompt is returned. You can also add the SOCKS5 command to the RC. Local STARTUP script under/etc/rc. d to enable SOCKS5 automatically when you start the machine the next time. Although you still Log On As the root user, you also need to transfer the/etc/rc. d/rc. Local file to the text editor and add the following lines at the end of the file:

# Start SOCKS5 Proxy services
/Usr/local/bin/SOCKS5

Save the file and exit the editor.

In this way, install the software package in Linux and create the SOCKS5 file so that Linux acts as a proxy firewall to ensure the security of the campus network.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.