Category Archives: net

SOCKS

http://widecap.ru/socks/
http://av5.com/?action=jns,oread,read_issue&journalid=1&issueid=50&articleid=514&sess_only_my_journals=0&sess_only_my_issues=0&sess_change_lang=ru

3proxy

3proxy.ru
3Proxy is free tiny cross-platform (Win32/Win64&Unix) proxy servers set. It includes HTTP proxy with HTTPS and FTP support, SOCKSv4/SOCKSv4.5/SOCKSv5 proxy, POP3 proxy, SMTP proxy, AIM/ICQ proxy, MSN messenger / Live messenger proxy, FTP proxy, caching DNS proxy, TCP and UDP portmappers.

You can use every proxy as a standalone program (socks, proxy, tcppm, udppm, pop3p) or use combined program (3proxy). Combined proxy additionally supports features like access control, bandwidth limiting, limiting daily/weekly/monthly traffic amount, proxy chaining, log rotation, syslog and ODBC logging, etc.

It’s created to be small, simple and yet very functional.

openvpn

1.

TUN/TAP Driver Configuration:

* Linux 2.4 or higher (with integrated TUN/TAP driver):

(1)  make device node:         mknod /dev/net/tun c 10 200
(2a) add to /etc/modules.conf: alias char-major-10-200 tun
(2b) load driver:              modprobe tun
(3)  enable routing:           echo 1 > /proc/sys/net/ipv4/ip_forward

Note that either of steps (2a) or (2b) is sufficient.  While (2a)
only needs to be done once per install, (2b) needs to be done once
per reboot.  If you install from RPM (see above) and use the
openvpn.init script, these steps are taken care of for you.

2. creating keys
cd /usr/local/share/doc/openvpn/easy-rsa/
change ‘vars’ file
./clean-all
./build-ca
./build-key-server server
./build-key client
./build-dh
openvpn --genkey --secret ta.key

keys for server: ca.crt, dh1024.pem, server.crt, server.key, ta.key;
keys for client: ca.crt, dh1024.pem, client.crt, client.key, ta.key

3. server

port 1194
tls-server
proto udp
dev tun
daemon
tls-auth /etc/openvpn/keys/ta.key 0
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
;push "redirect-gateway"
duplicate-cn
keepalive 10 120
verb 3
cipher DES-EDE3-CBC
comp-lzo
max-clients 10
user nobody
group nobody
persist-key
persist-tun
log-append /var/log/openvpn.log

3. client

client
tls-client
proto udp
remote [ip] 1194
dev tun
nobind
persist-key
persist-tun
tls-auth ta.key 1
dh dh1024.pem
ca ca.crt
cert client.crt
key client.key
cipher DES-EDE3-CBC
comp-lzo
verb 3
mute 20

useful links:
openvpn distributive: http://openvpn.net/index.php/downloads.html
openvpn GUI: http://openvpn.se/download.html
http://www.samag.ru/art/08.2004/08.2004_01.pdf – соединение офисов через VPN
http://forum.ixbt.com/topic.cgi?id=14:40906

network traffic simple monitoring tools

realtime:

iftop
does for network usage what top does for CPU usage.

iptraf [linux only]
gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

darkstat
Captures network traffic, calculates statistics about usage, and serves reports over HTTP.(Small. Portable. Single-threaded. Efficient. Uncomplicated.)

dante socks

/usr/ports/net/dante

пример конфигурации

logoutput: /var/log/socks/socksd.log
internal: re0 port = 1080
internal: 127.0.0.1 port = 1080
external: rl0
#отрубаю авторизацию. хотя возможно имело смысл использовать.
method: username none
#user.privileged: sockd
#user.notprivileged: sockd
#user.libwrap: sockd
#настройки клиентов: разрешенная подсеть клиента
client pass {
from: 192.168.1.0/24 port 1-65535 to: 0.0.0.0/0
}
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
block {
from: 0.0.0.0/0 to: 127.0.0.0/8
log: connect error
}
#пускаем разрешенных клиентов к аське/мэйл.ру агенту и заносим в лог. на всякий случай
pass {
from: 192.168.1.0/24 to: login.icq.com
log: connect error
}
pass {
from: 192.168.1.0/24 to: 83.69.96.123/32
log: connect error
}
pass {
from: 192.168.1.0/24 to: mra.mail.ru
log: connect error
}
pass {
from: 192.168.1.0/24 to: mrim.mail.ru
log: connect error
}
pass {
from: 192.168.1.0/24 to: .aol.com
log: connect error
}
#это необходимо для какого то приложения. не помню уже точно
pass {
from: 192.168.1.0/24 to: 194.186.55.36/32
log: connect error
}#подсети аськи
pass {
from: 192.168.1.0/24 to: 205.188.0.0/16
protocol: tcp udp
}
pass {
from: 192.168.1.0/24 to: 64.12.0.0/16
protocol: tcp udp
log: connect error
}
#остальных блочим.
block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error

mpd5

in rc.conf add:
mpd_flags=”-b -s mpd5″

to log all communications with mpd add a logging entry into /etc/syslog.conf:
!mpd5
*.* /var/log/mpd5.log
then:
touch /var/log/mpd5.log
/etc/rc.d/syslogd restart