I thought I'd do a shorter article on catonmat this time. It goes hand in hand with my upcoming article series on ' 100% technical guide to anonymity' and it's much easier to write larger articles in smaller pieces. Then I can edit them together and produce the final article. This article will be interesting for those who didn't know it already - you can turn any Linux computer into a SOCKS5 (and SOCKS4) proxy in just one command: ssh -N -D 0.0.0.0:1080 localhost And it doesn't require root privileges. The ssh command starts up dynamic -D port forwarding on port 1080 and talks to the clients via SOCSK5 or SOCKS4 protocols, just like a regular SOCKS5 proxy would! The -N option makes sure ssh stays idle and doesn't execute any commands on localhost. If you also wish the command to go into background as a daemon, then add -f option: ssh -f -N -D 0.0.0.0:1080 localhost To use it, just make your software use SOCKS5 proxy on your Linux computer's IP, port 1080, and you're done, all your requests now get proxied.
![Dante Dante](/uploads/1/2/5/5/125514288/303465183.png)
Access control can be implemented via iptables. For example, to allow only people from the ip 1.2.3.4 to use the SOCKS5 proxy, add the following iptables rules: iptables -A INPUT -src 1.2.3.4 -p tcp -dport 1080 -j ACCEPT iptables -A INPUT -p tcp -dport 1080 -j REJECT The first rule says, allow anyone from 1.2.3.4 to connect to port 1080, and the other rule says, deny everyone else from connecting to port 1080. Surely, executing iptables requires root privileges. If you don't have root privileges, and you don't want to leave your proxy open (and you really don't want to do that), you'll have to use some kind of a simple TCP proxy wrapper to do access control. Here, I wrote one in Perl. It's called tcp-proxy.pl and it uses IO::Socket::INET to abstract sockets, and IO::Select to do connection multiplexing. Yes - thats a great feature of the ssh client.
I used it quite often when i was too lazy to do vpn configs for some nets behind router - just running sshd with correct restriction on the gateway will save you alot of time (at least saved me, cause i am not admin:). But for some time I am just linking some remote ports on the localhost: ssh -L 8080:localhost:80 someuser@somehost Its quite usefull too if you have remote server behind router with access only to ssh port. About the article - very usefull - thought about '-f' option and how nice its usage is. A lot of work which could be simplified. U use windows too much;) $ sudo -i # iptables -N proxyallowed # iptables -A proxyallowed -s ALLOWEDIP -j RETURN.
![Socks Socks](http://anonymous-proxy-servers.net/wiki/screenshots/screen6.png)
Apr 08, 2012 Excluding Packages from Red Hat Enterprise Linux 5 - x86_64 - ATrpms testing. The sockd is the server part of the Dante socks proxy package and: allows socks clients to connect through it to the network. ↳ CentOS 4 - Oracle Installation and Support ↳ CentOS 4 - Miscellaneous Questions ↳ CentOS 5. Feb 1, 2018 - Installing socks proxy is usually not very good documented. There are only a few materials on internet and most of it won't simply work, so here.
# iptables -A proxyallowed -j DROP # iptables -A INPUT -syn -dport 1080 -j proxyallowed # exit $ $ ssh -g -D 1080 REMOTEIP no wrapper is required. If u wish to harden the solution use some knocking (or ping with specified packet length and iptables 'recent' module) and/or ip-mac association.
Socks does not offer much, to redirect dns or udp traffic it is better to use ppp over ssh or vpn (which I consider preferred). Openvpn is free and there is extremally simple windows gui client. Python perl;P.
Hello @pkrumins. I have bookmarked your page and as soon as I am a bit more organized i will peruse your web site and incorporate any information you provide into my spanish language proxy guide. By the way, would you mind editing your post to include the commands to connect exclusively to localhost as i have my socks proxy set up to only accept connections from localhost.
You should be able to see my email. For the rest there are effective antispam features that do not require captcha like akismewhatosever. Love, andres. Not sure why you would need to run any kind of tcp-proxy script or iptables to protect the connection. Have proxy ssh listen on localhost:1080 and use something like MyEnTunnel to create an ssh tunnel to the server. Once the tunnel is established, configure your software to your localhost / port you configured and done.
Not only does this provide direct credential protection and eliminates the need for fw but also encrypts the connection to the proxy server so your ISP doesn't know what you are doing. I have a VPS with one ipv4 ip and plenty of ipv6 ips. I would like to setup Dante to work as a socks proxy server in my server. I need to assign different port to each ipv6 port. Now i can use ipv4 without a problem and when i connect with my server and check my ip it successfully show my ipv4 ip. I didn't wanna show my ipv4 to the rest of the world, but only my ipv6 ip.
And also assign different ports to different ipv6 ips, which mean: 192.168.1.10:1111 work with ipv6 ip number 1 192.168.1.10:2222 work with ipv6 ip number 2 192.168.1.10:3333 work with ipv6 ip number 2. Etc How can i do this with Dante?