nylon
— a
lightweight and highly configurable proxy server
nylon |
[-h ] [-v ]
[-V ] [-f ]
[-s ] [-n ]
[-4 ] [-5 ]
[-a list]
[-d list]
[-m addr]
[-p port]
[-i ip/if]
[-I ip/if]
[-P file]
[-c file] |
nylon
is a proxy server. This version
supports SOCKS 4 and SOCKS 5 protocols, as well as a mirror mode.
nylon
is fully configurable, and can be configured
from either the command line or a provided configuration file.
The options are as follows:
-h
- Displays help.
-v
- Increases the verbosity level (can be specified multiple times).
-V
- Prints version.
-f
- Runs
nylon
in the foreground and prints all output
to the terminal.
-s
- Forces all output to syslog.
-n
- Shows all network addresses as numbers.
-4
- Disables SOCKS4 support
-5
- Disables SOCKS5 support
-a
list
- Sets the host allow list to list.
-d
list
- Sets the host deny list to list.
-m
addr
- Runs
nylon
in mirror mode. In this mode, any proxy
protocol negotiations are disregarded, and the address provided is simply
mirrored. addr is in "host:port" format
and specifies the target machine and port to mirror. If no local binding
port is specified (via the p
switch, or in the
configuration file), nylon
will bind to a local
port matching the remote port specified.
-p
port
- Bind server to port port. By default,
nylon
will bind to the "socks" port
(1080).
-i
ip/if
- Bind server to the interface or address ip/if.
-I
ip/if
- Make outgoing connections through the interface or address
ip/if.
-P
file
- Specify PID file file. By default,
/var/run/nylon.pid is used.
-c
file
- Specify configuration file file.
The configuration file can be used as a replacement for the
command line options. Please see the provided file
nylon.conf for more information.
Access to the services provided by nylon
are governed by the the host allow and
deny lists. These are lists composed of hosts and
networks. Hosts can be specified either by their hostname, or their IP
address. Networks are specified by a network address and mask in the form
"address/bits", where "bits" specifies how many bits of
the address are to be used to represent the network mask.
Given an address, whether access is given or not is determined as
such. If the address matches any address in the deny
list, access is explicitly denied. If the address matches any address in the
allow list, access is explititly allowed, unless it is
also matched in the deny list. If the
deny list is empty, only addresses in the
allow list are allowed. If the
allow list is empty, all addresses, except for those
that are in the deny list, are allowed
By default, the allow list is set to
"localhost" and the deny list set to
"" (empty).
nylon -i fxp1 -a "localhost trusted.com
10.0.0.0/24" -m cnn.com:http
Mirrors the http service on
cnn.com onto the local http port. Only hosts coming
from localhost, trusted.com and
the network 10.0.0.0/24 are allowed to use this
mirroring service. Additionally, the server binds to the IP address
belonging to the ethernet interface fxp1.
nylon -f -a "" -d "nasty.com
intruders.com" -vvvvvv
Runs nylon
as a SOCKS server in the
foreground. All hosts except for nasty.com and
intruders.com are allowed to access the service.
nylon
runs with a high verbosity level.
The nylon
server complies with the SOCKS5
(RFC 1928) and SOCKS4 specifications.
This product includes software developed by Ericsson Radio
Systems.
This product includes software developed by the University of
California, Berkeley and its contributors.
The nylon
software has been developed by
Marius Aamodt Eriksen ⟨marius@monkey.org⟩.