[转载]代理服务器fwtk 2.1的安装和设置
信息来源:中国Linux论坛文章作者:Chen Dong
TIS(Trusted Information System)发布的防火墙工具箱fwtk(firewall tool kits)不是一个单独
的集成软件包,而是用来建造防火墙的一套工具。其包括:http代理,ftp代理,telnet代理,
及其它代理服务程序。该套软件配置相对简单,功能强大,而且是个免费软件,因此在实际应用
中得到了广泛的应用,其与NEC的免费代理服务器socks5是世界上应用最为广泛的防火墙/代理服
务器软件包。fwtk目前的最新版本为2.1版。
1.获取软件
该软件的获取方法是:
浏览TIS主页:[url]http://www.tis.com[/url],并填写申请,在一定时间后你会收到一封电子邮件,告知你
如何获取该软件。
2 编译及安装
编辑Makefile.config(详见附录1),否则,有一些功能无法实现。然后执行如下命令序列:
make;make clean;make install
3.设置 /usr/local/etc/netperm.table及/etc/inetd.conf 和 /etc/services
netperm.table是fwtk启动时读取的配置文件,inetd.conf是守护进程inetd的配置文件。
我们使用inetd守护进程来启动,故需要配置inetd.conf来提供fwtk的各种服务。另外,
还需配置/etc/services文件给出相应服务的端口号。
在本例中,http的代理由http-gw提供;ftp的代理由ftp-gw提供;telnet的代理由tn-gw提供;
而pop3的代理由plug-gw提供。
netperm.table的实例如下,其各项设置的意义十分明显,请自行了解:
netacl-telnetd: permit-hosts 127.0.0.1 -exec /usr/sbin/in.telnetd
netacl-telnetd: permit-hosts 10.0.* -exec /usr/sbin/in.telnetd
netacl-rlogind: permit-hosts 10.0.* -exec /usr/local/etc/rlogin-gw
http-gw: timeout 3600
http-gw: default-httpd 10.0.0.1
http-gw: permit-hosts 10.0.* -log all
http-gw: ftp-proxy /usr/local/etc/ftp-gw
http-gw: deny-hosts unknown
ftp-gw: timeout 7200
ftp-gw: permit-hosts 10.0.* -log retr stor
ftp-gw: deny-hosts unknown
tn-gw: timeout 7200
tn-gw: permit-hosts 10.0.* -passok -xok
tn-gw: deny-hosts unknown
plug-gw: port 2012 10.0.* -plug-to pop.netease.com -port 110
plug-gw: port 2013 10.0.* -plug-to pop.163.net -port 110
plug-gw: port 2014 10.0.* -plug-to [url]www.ynmail.com[/url] -port 110
plug-gw: port 2015 10.0.* -plug-to pop.263.net -port 110
plug-gw: port 2016 10.0.* -plug-to pop1.nettaxi.com -port 110
plug-gw: port 2017 10.0.* -plug-to pop.sohu.com -port 110
plug-gw: port 2018 10.0.* -plug-to pop.21cn.com -port 110
inetd.conf的相应内容如下:
ftp-a stream tcp nowait root /usr/local/etc/ftp-gw ftp-gw
telnet-a stream tcp nowait root /usr/local/etc/tn-gw tn-gw
www-a stream tcp nowait root /usr/local/etc/http-gw http-gw
ftp stream tcp nowait root /usr/sbin/tcpd wu.ftpd -l -a
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
pop-3 stream tcp nowait root /usr/sbin/tcpd ipop3d
#imap stream tcp nowait root /usr/sbin/tcpd imapd
pop-gw2 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2012
pop-gw3 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2013
pop-gw4 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2014
pop-gw5 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2015
pop-gw6 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2016
pop-gw7 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2017
pop-gw8 stream tcp nowait root /usr/local/etc/plug-gw plug-gw 2018
相应的应在/etc/services/中加入如下内容:
ftp 21/tcp
ftp-a 2021/tcp
telnet 23/tcp
telnet-a 2023/tcp
www 80/tcp http # WorldWideWeb HTTP
www 80/udp # HyperText Transfer Protocol
www-a 8000/tcp
pop-gw 2010/tcp
pop-gw1 2011/tcp
pop-gw2 2012/tcp
pop-gw3 2013/tcp
pop-gw4 2014/tcp
pop-gw5 2015/tcp
pop-gw6 2016/tcp
pop-gw7 2017/tcp
pop-gw8 2018/tcp
pop-gw9 2019/tcp
pop-gw10 2020/tcp
附录1 fwtk 2.1的Makefile.config文件
#
# Copyright (c) 1993, Trusted Information Systems, Incorporated
# All rights reserved.
#
# Redistribution and use are governed by the terms detailed in the
# license document ("LICENSE") included with the toolkit.
#
#
# Author: Marcus J. Ranum, Trusted Information Systems, Inc.
#
# RcsId: "$Header: /home/rmurphy/fwtk/fwtk/RCS/Makefile.config.linux,v 1.2
# 1998/01/13 23:50:46 rmurphy Exp $"
# Your C compiler (eg, "cc" or "gcc")
CC= gcc
# program to use for installation -- this may or may not preserve
# old versions (or whatever). assumes that it takes parameters:
# copy source dest
CP= cp
# Defines for your operating system
#
DEFINES=-DLINUX
#DEFINES=-DSYSV -DSOLARIS
# Options for your compiler (eg, "-g" for debugging, "-O" for
# optimizing, or "-g -O" for both under GCC)
#COPT= -g -traditional $(DEFINES)
COPT= -O $(DEFINES)
#COPT= -O $(DEFINES)
# Version of "make" you want to use
#MAKE= gnumake
MAKE= make
# Your ranlib utility (use "touch" if you don't have ranlib)
RANLIB= ranlib
#RANLIB= touch
# Destination directory for installation of binaries
DEST= /usr/local/etc
# Destination directory for installation of man pages
#DESTMAN= $(DEST)/../man
# Names of any auxiliary libraries your system may require (e.g., -lsocket)
# If you want to link against a resolver library, specify it here.
#AUXLIB=
#AUXLIB= -lsocket
# Some versions of Linux have broken the crypt() function out into a
# separate library - uncomment the following line if authsrv fails to build.
AUXLIB= -lcrypt
# For Solaris:
#AUXLIB= -lresolv -lsocket -lnsl
# DBM library should be specified if it is an external library or
# you with to use a different one than what is included in libc
#DBMLIB= -lndbm
# for Linux:
DBMLIB=-lgdbm
# "Linux" is such a ephemeral concept. Unfortunately, one of the
# significant incompatibilities between distributions and versions
# is where the DBM libraries end up. "-ldbm", "-ldb", or "-lgdbm" could
# work for you. "-lgdbm" works for me (Slackware Linux 2.3).
# for BSD:
#DBMLIB=
# Flags to pass to the linker (eg, -static for static binaries under GCC,
# or -Bstatic for static binaries under SunOS 4.1.x)
#LDFL= -Bstatic
#LDFL=
LDFL= -g -static
# Flags for X gateway link - usually the same as LDFL
XLDFL=-g
# Location of the fwtk sources [For #include by any external tools needing it]
#FWTKSRCDIR=/u/b/mjr/firewall/fwtk
FWTKSRCDIR=/usr/local/src/fwtk
# Location of X libraries for X-gw
XLIBDIR=/usr/X11R6/lib
#XLIBDIR=/usr/local/X11R5/lib
# X Libraries
# For BSD:
#XLIBS= -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lSM -lICE -lipc
#XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
# for Linux:
XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lc
# for BSD/OS 2.0:
#XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11 -lSM -lICE -lXext
# For SunOS:
#XLIBS = -L$(XLIBDIR) -lXaw -lXmu -lXt -lXext -lX11
# Location of X include files
XINCLUDE=/usr/X11R6/include
#XINCLUDE=/usr/local/X11R5/include
# Objects to include in libfwall for SYSV
SYSVOBJ= signal.o
页:
[1]