2. vi /etc/antinat.xml
3. Allow only socks5 client from any ip to any destination
<?xml version='1.0'?>
<antinatconfig>
<!-- Any interface -->
<interface value='0.0.0.0'/>
<!-- Port to listen on -->
<port value='1080'/>
<!-- Allow users to be authenticated against UNIX usernames -->
<allowlocalusers/>
<!-- Time in seconds to listen for outside incoming connections when
applications request a BIND operation before timeout -->
<maxbindwait value='60'/>
<!-- demonstration user account -->
<!-- <user user='testuser' password='testpass'/> -->
<!-- What logs should we keep? -->
<log>
<addrdaylog value='/var/log/antinat/day_addr.log'/>
<userdaylog value='/var/log/antinat/day_user.log'/>
<connlog value='/var/log/antinat/connection.log'/>
</log>
<!-- What security methods do we offer clients? -->
<authchoice source_addrtype='ipv4'>
<select mechanism='chap'/>
<select mechanism='cleartext'/>
</authchoice>
<!-- Which connections should we accept or reject? -->
<filter>
<filter source_addrtype='ipv4' dest_addrtype='ipv4'>
<filter user='root'>
<reject/>
</filter>
<filter version='4'>
<reject/>
</filter>
</filter>
<accept/>
</filter>
</antinatconfig>
4. mkdir /var/log/antinat # for logging directory
沒有留言:
張貼留言