Redirection
This page describes how to do use the
redirect module to redirect traffic going through the Dante
SOCKS server to different locations.
The official BSD licensed distribution of Dante includes a SOCKS
server with all functionality required to interact with SOCKS clients.
Some additional functionality is however offered as modules
that can be purchased separately. The redirect module can be
used to modify traffic by redirecting it to a different location than
the client requested. A typical usage scenario would be to direct HTTP
traffic going to an undesired location to a page describing why the
request was denied.
Redirection is done in the socks pass rules. A
redirect to or redirect from keyword is added to
modify the behavior of the rule.
Redirection to proxy
socks pass {
from: 10.0.0.0/24 to: 0.0.0.0/0 port = http
command: connect
redirect to: squid.example.com port = 3128
}
The rule above redirects clients from the 10.0.0.0/24 network that
want to connect to the HTTP port of any address to the address
squid.example.com, port 3128. This type of redirection is
useful in cases where it is desired to make clients use an application
specific proxy, rather than connecting directly. In this example, a
HTTP proxy is used. Note that the redirect keyword does not
alter the data from the client in any way, it only redirects it.
Server port range usage limiting
socks pass {
from: 10.0.0.0/24 to: 0.0.0.0/0
redirect from: eth1 port 30000 - 40000
}
It some usage scenarios it can be desired to restrict the port
ranges used by the Dante server. This would for example make it
possible for a firewall to know which port numbers will be used by the
SOCKS server. The rule above ensures that the server will limit itself
to using ports in the range 30000 to 40000 on the interface eth1, for
all traffic originating from clients on the 10.1.1.0/24 network.
|