0

How do I configure a SOCKS proxy on a Debian box such that I can enter the host address in the firefox proxy configuration page, and use my box as a SOCKS proxy?

I've heard of dante-server, but I don't know how to make it allow connections from and to everywhere.

verhogen
  • 333
  • 2
  • 4
  • 14

2 Answers2

2

First you need to understand configuration basics.
there are 3 main sections: first global settings, you need to set "external", "internal" and "method" (deadly required)

second "client pass rules": means who will able to connect to your socks server.

third is pass/block rules: means which client can connect to where.

2. & 3. works like iptables. both needs to be ended with a block phrase.
config file is /etc/danted.conf mostly, sometimes /etc/socksd.conf

i assume that you have 2 interfaces. 1 is local network. the other 1 is outside. eg: eth0: 192.168.1.1 eth1: 220.12.13.50. your first section should contains these values. 

internal: eth1 port = 1080
external: 220.12.13.50
method: username none

only local interface will accept to be connected to dante.

client pass {
         from: 192.168.1.0/24 port 1-65535    to: 0.0.0.0/0
}

client pass {
  from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}

client block {
         from: 0.0.0.0/0         to: 0.0.0.0/0
         log: connect disconnect error
}

last rule means no1 else is able to connect. 

pass {
         from: 192.168.1.0/24         to: 0.0.0.0/0
         protocol: tcp udp
}

pass {
         from: 127.0.0.0/8       to: 0.0.0.0/0
         protocol: tcp udp
}

block {
         from: 0.0.0.0/0         to: 127.0.0.0/8
         log: connect disconnect error
}

block {
         from: 0.0.0.0/0         to: 0.0.0.0/0
         log: connect disconnect error
}

only clients from local network will able to use danted as a socks server to establish tunnel connection. & last rule means no1 is able to request or tunnel to anywhere.

also you need to edit startup script of danted. uncomment the line "enabled=yes"

in fact you are free to use 1 interface. or force danted to listen all interfaces. but i advice you to set danted tight enough. because any proxy is open public use is a big security risk for it's owner.

& here is a simple guide that you can get help: http://wiki.kartbuilding.net/index.php/Dante_Socks_Server

risyasin
  • 1,574
  • 9
  • 16
2

You could do it with ssh:

Turn any Linux computer into SOCKS5 proxy in one command

halp
  • 2,208
  • 1
  • 20
  • 13
  • +1 for much more easy way i was unaware of -f -N options. but both ways performances should be compared. – risyasin Jun 01 '10 at 08:18