How to configure Linux as a proxy firewall

Source: Internet
Author: User
Tags net domain

Linux itself can act as a proxy firewall by adding a socket package, and it is free of charge.
 What is proxy firewall?
The proxy firewall does not allow any direct network flow to pass through, but serves as an intermediate medium between the Internet and internal network computers. The firewall handles various network services by itself, instead of letting them pass through directly. For example, log on to a computer on the network and request a webpage. The computer does not directly link to the web page provided by the network service, but connects to the proxy server on its own network. The proxy server identifies the proxy request and passes it to the corresponding network server in an appropriate way. The remote network server is regarded as a normal network request from the firewall server. It sends a suitable webpage and the firewall server returns the webpage to the computer.
In this way, the firewall hides the fact that your computer exists on the Internet, reducing external visibility into the internal network.
Install
1. InHttp://www.socks.nec.com/cgi-bin/download.plFind the Socks software package on the site, enter the relevant user information before downloading, and click [Submit]. Then, log on to the page with the download link, and click the link to download the socket software package.

2. In the directory where the downloaded Socks package is stored, use the Tar command to unbind the package.

Tar-xzvf sock5-vl. 0r11.tar.gz

This command creates a sock5-vl. 0r11 directory, decompress the package to that directory, and use the CD command to change to that directory. This directory contains a configuration script for editing and installing software packages. Use the Su command to change to the root user, and then run the script at the command prompt.

3. Enter the Make command to compile the Socks package. After completion, run the Make Install command to Install the package.

Note: before use, you must create a Socks5.conf file in the/etc directory. Socks5 checks the/etc/socks5.conf file to find out what protocols and services will be proxies, and which computer will be able to use this proxy service.

Create a Socks5.conf File

The Socks5.conf file is divided into six parts. Each part controls the Socks5 daemon to process a special item of a specific link. When a client computer is connected to a proxy server, Socks5 searches each row of each part continuously, and decide what action to take based on the rules you encounter. When you find the rule that matches the link to be processed, the rule sequence is very important.

1. Host address flag. The host address can be a complete host name or IP address, for example, gzdd. sjsgz. net or 10.88.56.4. It may also be a part of the host name or address, for example :. sjsgz. net or 10. 88.56.4.

Note: Some host names start with the dot (.) character and allow Socks to recognize some host names that match any host in the Sjsgz. net domain.

2. Disable the host part. The Disable host part is used to disable proxy services for specified hosts and protocols. A forbidden host line always starts with the keyword Ban, followed by the source host parameter and a source port parameter.

Command Format: Ban source-host sour-ce-port

For example, Ban gzdd.sjsgz.net http indicates that the host gzdd is forbidden to access network services on the system; Ban 199.170.176. -indicates that no proxy service is accessible on the 199.170.176.x web host; Ban--indicates that no host can access any proxy service on the system.

3. Access Control Section. This is the most useful part of the Socks5.conf file. The access control part is used to allow or disable proxy connections based on the host address or port number of the source and target machines. The access control line always starts with the keyword Permit or Deny.

Command Format: Permit auth cmd src-host dest-host src-port dest-port or Deny auth cmd src-host dest-host src-port dest-port

For example, Permit---10.88.56.-1880 http indicates that the host in the 10.88.56. x network segment is allowed to access the network through port 1880; Deny---indicates that all connections are rejected.

When a client is connected to the proxy server, Socks scans and controls the row list. If no matching Socks is found, the connection is denied.

Start the Socks5 Service

You can manually start the daemon. You only need to log on as the root user and enter Socks5 at the command prompt. The Socks5 daemon is placed in the background for execution and a prompt is returned. You can also add the Socks5 command to the rc. local STARTUP script under/etc/Rc. d to enable Socks5 automatically when you start the machine the next time. Although you still Log On As the root user, you also need to transfer the/etc/rc. d/rc. local file to the text editor and add the following lines at the end of the file:

# Start socks5 proxy services

/Usr/local/bin/socks5

Save the file and exit the editor.

In this way, install the software package in Linux and create the Socks5 file so that Linux acts as a proxy firewall to ensure the security of the campus network.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.