From 1f7da2e14a04276a26d9c26cd87dd900b9a45875 Mon Sep 17 00:00:00 2001 From: Prefetch Date: Tue, 25 Jul 2023 17:38:56 +0200 Subject: Add Dante server config --- dante/sockd.conf | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 dante/sockd.conf diff --git a/dante/sockd.conf b/dante/sockd.conf new file mode 100644 index 0000000..b2d3d0b --- /dev/null +++ b/dante/sockd.conf @@ -0,0 +1,43 @@ +# Log locations (what to log is defined below) +logoutput: stdout /var/log/sockd.log + +# Traffic comes to "proxy" interface to get sent via "eth0" +internal: proxy port = 1080 +external: eth0 + +# No authentication, let the VPN handle this +socksmethod: none +clientmethod: none + +# Don't run as root, you dummy +user.privileged: sockd +user.unprivileged: sockd + +# Use same port as client, uncomment to do this for <1024 too +#compatibility: sameport + +# Rules when a client is trying to connect +client pass { + from: 172.16.0.0/24 port 1024-65535 to: 0.0.0.0/0 + log: connect disconnect +} +client block { + from: 0.0.0.0/0 to: 0.0.0.0/0 + log: connect error +} + +# Rules once a client has connected +socks block { + from: 0.0.0.0/0 to: 127.0.0.1/8 + log: connect error +} +socks pass { + from: 172.16.0.0/24 to: 0.0.0.0/0 + protocol: tcp udp + log: connect disconnect +} +socks block { + from: 0.0.0.0/0 to: 0.0.0.0/0 + log: connect error +} + -- cgit v1.2.3