Teach you to configure Linux as Agent firewall _unix Linux

Linux itself can act as a proxy firewall by adding socket packages, and it's all free.

What is a proxy firewall

The proxy firewall does not allow any direct network to flow through it as between the Internet and internal network computers
Intermediate Medium. Firewalls handle a variety of network services themselves rather than just letting them pass directly. For example, a computer that logs on to a network requests an Internet Web page. Instead of directly linking to the Web page provided by the Internet Network Service, the computer is connected to a proxy server on its own network, which recognizes the proxy request and then passes it to the appropriate Internet network server in a suitable manner. A remote network server is considered a normal network request from a firewall server, sending the appropriate Web page, and the firewall server returning the page to the computer.

In this way, the firewall hides the fact that your computer exists on the Internet, reducing the visibility of the outside world to the internal network.

Installation

1, in the http://www.socks.nec.com/cgi-bin/download.pl site to find socks software package, before downloading to fill in the relevant user information, and then click the [Submit] button, and then login to have the download link page, Click the link to download the socket package.

2. In the directory where the downloaded socks package is stored, use the tar command to unlock the package.

TAR-XZVF SOCK5-VL. 0r11.tar.gz

This command creates a SOCK5-VL. 0r11 directory, unzip the package into the directory, and use the CD command to become the directory. There is a configuration script for editing and installing packages in this directory. Use the SU command to become the root user, and then run the script at the command prompt.

3, input make command to compile socks package, after completion, install the package by entering the make install command.

Note: Before using, you must create a socks5.conf file in the/etc directory, SOCKS5 check/etc/socks5.conf files to see what protocols and services will be represented, and which computer will be able to use this proxy service.

Creating socks5.conf Files

The socks5.conf file is divided into 6 parts. Each section controls the SOCKS5 daemon to handle a particular link, when a client computer is connected to a proxy server, SOCKS5 continuously searches for each row of each section, and decides what action to take, based on the rules encountered, to stop when a rule row matching the processed link is found. So the order of the rules is important.

1, the host address mark

The host address can be a complete hostname or IP address, such as GZDD. Sjsgz. NET or 10.88.56.4, or it may be a partial host name or address, for example:. Sjsgz. NET or 10 88.56.4.

Note: Some host names are in dots (.) Character begins to allow socks to identify a partial host name that matches any host of the sjsgz. NET domain.

2, prohibit the host part

Prevents the host part from being used to prohibit proxy services for the specified host and protocol. A block host line always starts with the keyword ban, followed by the source host parameter and a source port parameter.

Command format: Ban source-host sour-ce-port

For example: Ban Gzdd.sjsgz.net HTTP, indicating that the host GZDD is forbidden to access the network services on the system, Ban 199.170.176.-, indicating that 199.170.176.x online host can not access any agent services on the system; ban-- Indicates that any host does not have access to any of the agent services for this system.

3. Access Control Section

This is the most useful part of the socks5.conf file, where the Access control section is used to allow or disallow proxy connections based on the host address or port number of the source and destination machines, and the access control line always begins with the keyword permit or the keyword deny.

Command format: Permit auth cmd src-host dest-host src-port dest-port or deny auth cmd src-host dest-host src-port dest-port

For example: Permit--10.88.56. -1880 HTTP, indicating permission in 10.88.56. The X-segment host accesses the network via port 1880, and the deny------Indicates that all connections are denied.

When a client connects to a proxy server, the SOCKS scan controls the list of rows, and if no matching socks is found, the connection is rejected.

Start the SOCKS5 service

You can start the daemon manually by simply logging on as the root user, and entering the SOCKS5,SOCKS5 daemon at the command prompt to execute the background and return the prompt. You can also put the SOCKS5 command into the rc.local startup script under/etc/rc.d to automatically start the next time the machine starts SOCKS5. Although you are still logged on as a root user, you will need to transfer the/etc/rc.d/rc.local file to a text editor and add the following lines to the end of the file:

# Start SOCKS5 Proxy Services

/usr/local/bin/socks5

When finished, store the file and exit the editor.

In this way, by installing software packages in Linux, creating SOCKS5 files, Linux can play the role of agent firewall to ensure the security of campus network. (Source: Sadie Net-China computer education newspaper)