我通过隧道连接到 Dante。它可以工作,但仍然阻止了我需要通过 SOCKS 代理运行的两个应用程序
Aug 28 14:20:24 (1377699624) danted[3519]: block(1): tcp/connect [: 127.0.0.1.51519 -> 127.0.0.1.30000
Aug 28 14:20:33 (1377699633) danted[3519]: block(1): tcp/connect [: 127.0.0.1.51527 -> 127.0.0.1.6112
这就是日志上的内容。我的配置是:
#Where are we going to log all those useful error messages?
logoutput: /var/log/dante.log
#What ip and port should Dante listen on,
# since I am only going to be using this via SSH
#I only want to allow connections over the loopback
internal: 127.0.0.1 port = 1080
#Bind to the eth0 interface
external: eth0
#Since I am only accepting connections over the loopback,
# the only people that COULD connect
# would already be authenticated,
# no need to have dante authenticate also
method: username none
#Which unprivileged user will Dante impersonate if need-be?
user.notprivileged: nobody
# Who can access this proxy?
# Accept only connections from the loopback, all ports
client pass {
from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}
#Block all other connection attempts
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
# Once connected, where can they go?
block {
from: 0.0.0.0/0 to: 127.0.0.0/8
log: connect error
}
#Pass from the internal IP to anywhere
pass {
from: 192.168.0.0/16 to: 0.0.0.0/0
protocol: tcp udp
}
#Pass from the loopback going anywhere
pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
protocol: tcp udp
}
# Block everything else
block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
你知道这里发生了什么吗?我很困惑
答案1
Dante 规则是按照首次匹配的原则进行处理的,所有地址都匹配 0.0.0.0/0。因此,请重写这些规则以执行您实际想要的操作,并将阻止规则保留在最后。
我们不知道它是什么做工作,但我不得不假设它所工作的东西不在本地主机或没有被代理。
还要记住的是,当您通过代理访问 localhost 时,端点将是代理的环回接口,而不是您的。但是,由于您在访问和托管内容的同一台计算机上运行代理(出于某种原因),因此在这种特殊情况下这并不重要。但是,这就是阻止代理上的环回很常见的原因。
答案2
您正在阻止从任何 IP 到环回 IP 的流量。修复您的第一个“阻止”语句。