我想配置一个 dante (danted) 服务器,允许在本地主机上不进行身份验证(用于 ssh 隧道),并在其他每个连接上要求输入用户名/密码。这是我的配置文件,但它不接受来自互联网的经过身份验证的连接。有什么想法吗?
# /etc/danted.conf
#logoutput: syslog
debug: 0
logoutput: /log/danted.log
user.privileged: root
user.unprivileged: socks
# The listening network interface or address.
internal: 0.0.0.0 port=1080
# The proxying network interface or address.
external: 192.168.1.11
# socks-rules determine what is proxied through the external interface.
# The default of "none" permits anonymous access.
socksmethod: username none
# client-rules determine who can connect to the internal interface.
# The default of "none" permits anonymous access.
clientmethod: rfc931 none
#method: none
client pass {
from: 127.0.0.1/0 to: 127.0.0.1/0
log: connect disconnect error
clientmethod: none
}
socks pass {
from: 127.0.0.1/0 to: 127.0.0.1/0
log: connect disconnect error
socksmethod: none
}
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
clientmethod:none
}
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
clientmethod: rfc931
}
socks block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
socksmethod: none
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
socksmethod: username
user:banana
}
答案1
问题出在您的 Dante 配置文件 (sockd.conf) 中。
您使用的可能是零位网络掩码,而您可能想要指定完整的网络掩码。例如,来自上述配置的此地址语句:“from: 127.0.0.1/0”。“/”后面的零“/0”使其等同于“0.0.0.0/0”,因此它将匹配所有内容。您可能指的是“/32”。