dante   Frontpage - Dante - Download - Status - Support - Modules - Docs - Links - Survey
 

Redirection

This page describes how to do use the redirect module to redirect traffic going through the Dante SOCKS server to different locations.

The official BSD licensed distribution of Dante includes a SOCKS server with all functionality required to interact with SOCKS clients. Some additional functionality is however offered as modules that can be purchased separately. The redirect module can be used to modify traffic by redirecting it to a different location than the client requested. A typical usage scenario would be to direct HTTP traffic going to an undesired location to a page describing why the request was denied.

Redirection is done in the socks pass rules. A redirect to or redirect from keyword is added to modify the behavior of the rule.

Redirection to proxy

socks pass {
   from: 10.0.0.0/24 to: 0.0.0.0/0 port = http
   command: connect
   redirect to: squid.example.com port = 3128
}

The rule above redirects clients from the 10.0.0.0/24 network that want to connect to the HTTP port of any address to the address squid.example.com, port 3128. This type of redirection is useful in cases where it is desired to make clients use an application specific proxy, rather than connecting directly. In this example, a HTTP proxy is used. Note that the redirect keyword does not alter the data from the client in any way, it only redirects it.

Server port range usage limiting

socks pass {
   from: 10.0.0.0/24 to: 0.0.0.0/0
   redirect from: eth1 port 30000 - 40000
}

It some usage scenarios it can be desired to restrict the port ranges used by the Dante server. This would for example make it possible for a firewall to know which port numbers will be used by the SOCKS server. The rule above ensures that the server will limit itself to using ports in the range 30000 to 40000 on the interface eth1, for all traffic originating from clients on the 10.1.1.0/24 network.


Copyright © 1998-2017 Inferno Nettverk A/S