当前位置:Linux教程 - 代理服务 - 代理服务器fwtk 2.1的安装和设置

代理服务器fwtk 2.1的安装和设置



        
    作者:Chen Dong [中国Linux论坛]

      TIS(Trusted Information System)发布的防火墙工具箱fwtk(firewall tool kits)不是一个单独 的集成软件包,而是用来建造防火墙的一套工具。其包括:http代理,ftp代理,telnet代理, 及其它代理服务程序。该套软件配置相对简单,功能强大,而且是个免费软件,因此在实际应用 中得到了广泛的应用,其与NEC的免费代理服务器socks5是世界上应用最为广泛的防火墙/代理服 务器软件包。fwtk目前的最新版本为2.1版。

    1.获取软件

    该软件的获取方法是:

    浏览TIS主页:http://www.tis.com,并填写申请,在一定时间后你会收到一封电子邮件,告知你 如何获取该软件。

    2 编译及安装

    编辑Makefile.config(详见附录1),否则,有一些功能无法实现。然后执行如下命令序列:

    make;make clean;make install

    3.设置 /usr/local/etc/netperm.table及/etc/inetd.conf 和 /etc/services

      netperm.table是fwtk启动时读取的配置文件,inetd.conf是守护进程inetd的配置文件。 我们使用inetd守护进程来启动,故需要配置inetd.conf来提供fwtk的各种服务。另外, 还需配置/etc/services文件给出相应服务的端口号。

    在本例中,http的代理由http-gw提供;ftp的代理由ftp-gw提供;telnet的代理由tn-gw提供; 而pop3的代理由plug-gw提供。

      netperm.table的实例如下,其各项设置的意义十分明显,请自行了解:

    netacl-telnetd: permit-hosts 127.0.0.1 -exec /usr/sbin/in.telnetd
    netacl-telnetd: permit-hosts 10.0.* -exec /usr/sbin/in.telnetd
    netacl-rlogind: permit-hosts 10.0.* -exec /usr/local/etc/rlogin-gw

    http-gw: timeout 3600
    http-gw: default-httpd 10.0.0.1
    http-gw: permit-hosts 10.0.* -log all
    http-gw: ftp-proxy /usr/local/etc/ftp-gw
    http-gw: deny-hosts unknown

    ftp-gw: timeout 7200
    ftp-gw: permit-hosts 10.0.* -log retr stor
    ftp-gw: deny-hosts unknown

    tn-gw: timeout 7200
    tn-gw: permit-hosts 10.0.* -passok -xok
    tn-gw: deny-hosts unknown

    plug-gw: port 2012 10.0.* -plug-to pop.netease.com -port 110
    plug-gw: port 2013 10.0.* -plug-to pop.163.net -port 110
    plug-gw: port 2014 10.0.* -plug-to www.ynmail.com -port 110
    plug-gw: port 2015 10.0.* -plug-to pop.263.net -port 110
    plug-gw: port 2016 10.0.* -plug-to pop1.nettaxi.com -port 110
    plug-gw: port 2017 10.0.* -plug-to pop.sohu.com -port 110
    plug-gw: port 2018 10.0.* -plug-to pop.21cn.com -port 110

    inetd.conf的相应内容如下:
    ftp-a stream tcp nowait root /usr/local/etc/ftp-gw ftp-gw
    telnet-a stream tcp nowait root /usr/local/etc/tn-gw tn-gw
    www-a stream tcp nowait root /usr/local/etc/http-gw http-gw
    ftp stream tcp nowait root /usr/sbin/tcpd wu.ftpd -l -a
    telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
    pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
    #imap stream tcp nowait root /usr/sbin/tcpd imapd

    pop-gw2 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2012
    pop-gw3 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2013
    pop-gw4 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2014
    pop-gw5 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2015
    pop-gw6 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2016
    pop-gw7 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2017
    pop-gw8 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2018

    相应的应在/etc/services/中加入如下内容:

    ftp 21/tcp
    ftp-a 2021/tcp
    telnet 23/tcp
    telnet-a 2023/tcp
    www 80/tcp http # WorldWideWeb HTTP
    www 80/udp # HyperText Transfer Protocol
    www-a 8000/tcp
    pop-gw 2010/tcp
    pop-gw1 2011/tcp
    pop-gw2 2012/tcp
    pop-gw3 2013/tcp
    pop-gw4 2014/tcp
    pop-gw5 2015/tcp
    pop-gw6 2016/tcp
    pop-gw7 2017/tcp
    pop-gw8 2018/tcp
    pop-gw9 2019/tcp
    pop-gw10 2020/tcp

    附录1 fwtk 2.1的Makefile.config文件

    #
    # Copyright (c) 1993, Trusted Information Systems, Incorporated
    # All rights reserved.
    #
    # Redistribution and use are governed by the terms detailed in the
    # license document (\"LICENSE\") included with the toolkit.
    #

    #
    # Author: Marcus J. Ranum, Trusted Information Systems, Inc.
    #
    # RcsId: \"$Header: /home/rmurphy/fwtk/fwtk/RCS/Makefile.config.linux,v 1.2
    # 1998/01/13 23:50:46 rmurphy Exp $\"

    # Your C compiler (eg, \"cc\" or \"gcc\")
    CC= gcc

    # program to use for installation -- this may or may not preserve
    # old versions (or whatever). assumes that it takes parameters:
    # copy source dest
    CP= cp

    # Defines for your operating system
    #
    DEFINES=-DLINUX
    #DEFINES=-DSYSV -DSOLARIS

    # Options for your compiler (eg, \"-g\" for debugging, \"-O\" for
    # optimizing, or \"-g -O\" for both under GCC)
    #COPT= -g -traditional $(DEFINES)
    COPT= -O $(DEFINES)
    #COPT= -O $(DEFINES)

    # Version of \"make\" you want to use
    #MAKE= gnumake
    MAKE= make

    # Your ranlib utility (use \"touch\" if you don\t have ranlib)
    RANLIB= ranlib
    #RANLIB= touch

    # Destination directory for installation of binaries
    DEST= /usr/local/etc

    # Destination directory for installation of man pages
    #DESTMAN= $(DEST)/../man

    # Names of any auxiliary libraries your system may require (e.g., -lsocket)
    # If you want to link against a resolver library, specify it here.
    #AUXLIB=
    #AUXLIB= -lsocket
    # Some versions of Linux have broken the crypt() function out into a
    # separate library - uncomment the following line if authsrv fails to build.
    AUXLIB= -lcrypt

    # For Solaris:
    #AUXLIB= -lresolv -lsocket -lnsl

    # DBM library should be specified if it is an external library or
    # you with to use a different one than what is included in libc
    #DBMLIB= -lndbm

    # for Linux:
    DBMLIB=-lgdbm
    # \"Linux\" is such a ephemeral concept. Unfortunately, one of the
    # significant incompatibilities between distributions and versions
    # is where the DBM libraries end up. \"-ldbm\", \"-ldb\", or \"-lgdbm\" could
    # work for you. \"-lgdbm\" works for me (Slackware Linux 2.3).
    # for BSD:
    #DBMLIB=

    # Flags to pass to the linker (eg, -static for static binaries under GCC,
    # or -Bstatic for static binaries under SunOS 4.1.x)
    #LDFL= -Bstatic
    #LDFL=
    LDFL= -g -static
    # Flags for X gateway link - usually the same as LDFL
    XLDFL=-g

    # Location of the fwtk sources [For #include by any external tools needing it]
    #FWTKSRCDIR=/u/b/mjr/firewall/fwtk
    FWTKSRCDIR=/usr/local/src/fwtk

    # Location of X libraries for X-gw
    XLIBDIR=/usr/X11R6/lib
    #XLIBDIR=/usr/local/X11R5/lib

    # X Libraries
    # For BSD:
    #XLIBS= -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lSM -lICE -lipc
    #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
    # for Linux:

    XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lc

    # for BSD/OS 2.0:
    #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lSM -lICE -lXext
    # For SunOS:
    #XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11

    # Location of X include files
    XINCLUDE=/usr/X11R6/include
    #XINCLUDE=/usr/local/X11R5/include

    # Objects to include in libfwall for SYSV
    SYSVOBJ= signal.o
    发布人:netbull 来自:Linux中文信息资料 

站点导航
赞助商链接