User:Int 80h/files/danted.conf

danted.conf

edit

This is the config file os my HTTP proxy.

# the server will log both via syslog, to stdout and to /var/log/lotsoflogs
#logoutput: syslog stdout /var/log/lotsoflogs
logoutput: syslog

# The server will bind to the address 10.1.1.1, port 1080 and will only
# accept connections going to that address.
#internal: 10.1.1.1 port = 1080
# Alternatively, the interface name can be used instead of the address.
#internal: eth0 port = 1080
internal: lo port = 1080

# all outgoing connections from the server will use the IP address
# 195.168.1.1
external: eth0:0

# list over acceptable methods, order of preference.
# A method not set here will never be selected.
#
# If the method field is not set in a rule, the global
# method is filled in for that rule.
#

# methods for socks-rules.
method: username none #rfc931

# methods for client-rules.
clientmethod: none

#or if you want to allow rfc931 (ident) too
#method: username rfc931 none

#or for PAM authentification
#method: pam

#
# An important section, pay attention.
#

# when doing something that can require privilege, it will use the
# userid:
#user.privileged: proxy

# when running as usual, it will use the unprivileged userid of:
user.notprivileged: nobody

# If you compiled with libwrap support, what userid should it use
# when executing your libwrap commands?  "libwrap".
user.libwrap: nobody


#
# some options to help clients with compatibility:
#

# when a client connection comes in the socksserver will try to use
# the same port as the client is using, when the socksserver
# goes out on the clients behalf (external: IP address).
# If this option is set, Dante will try to do it for reserved ports aswell.
# This will usually require user.privileged to be set to "root".
#compatibility: sameport

# If you are using the bind extension and have trouble running servers
# via the server, you might try setting this.  The consequences of it
# are unknown.
#compatibility: reuseaddr

#
# The Dante server supports some extensions to the socks protocol.
# These require that the socks client implements the same extension and
# can be enabled using the "extension" keyword.
#
# enable the bind extension.
#extension: bind

# the "client" rules.  All our clients come from the net 10.0.0.0/8.
#

# This is identical to above, but allows clients without a rfc931 (ident)
# too.  In practise this means the socksserver will try to get a rfc931
# reply first (the above rule), if that fails, it tries this rule.
client pass {
	from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}


# drop everyone else as soon as we can and log the connect, they are not
# on our net and have no business connecting to us.  This is the default
# but if you give the rule yourself, you can specify details.
client block {
	from: 0.0.0.0/0 to: 0.0.0.0/0
	log: connect error
}


# the rules controlling what clients are allowed what requests
#

# you probably don't want people connecting to loopback addresses,
# who knows what could happen then.
block {
	from: 0.0.0.0/0 to: 127.0.0.0/8
	log: connect error
}

# or you might want to allow it, for instance "active" ftp uses it.
# Note that a "bindreply" command must also be allowed, it
# should usually by from "0.0.0.0/0", i.e if a client of yours
# has permission to bind, it will also have permission to accept
# the reply from anywhere.
pass {
	from: 127.0.0.0/8 to: 0.0.0.0/0
	protocol: tcp udp
	log: connect error
}

# some connections expect some sort of "reply", this might be
# the reply to a bind request or it may be the reply to a
# udppacket, since udp is packetbased.
# Note that nothing is done to verify that it's a "genuine" reply,
# that is in general not possible anyway.  The below will allow
# all "replies" in to your clients at the 10.0.0.0/8 net.
pass {
	from: 0.0.0.0/0 to: 127.0.0.0/8
	command: bindreply udpreply
	log: connect error
}

block {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error
}

Filename

edit

This config file is named socksd.conf on some operating systems.