[SOLVED] Local SOCKS5 proxy server + proxy chaining

amoradi · 2011-09-26 07:07:03

Hi all,

I'm looking for a proxy that can accept incoming SOCKS5 connections. To be more specific, I'm looking to make the following configuration possible:

multiple clients <--SOCKS5--> server with proxy <--SOCKS5--> another proxy <----> internet

I have tried privoxy and polipo, but, while they can forward SOCKS5 requests, they can't accept incoming SOCKS5 connections, so I can't chain two proxies. Is there any way to make this configuration possible?

In other words, I'm looking for a proxy that can do this:

SOCKS5 connection from somewhere <----> proxy on local network <----> SOCKS5 connection to another proxy

For added bonus, I would also like to chain an arbitrary numbers of proxies.
Thanks in advance!

Last edited by amoradi (2011-09-28 06:10:12)

dschrute · 2011-09-26 14:29:24

Dante ( package available in Community ) should do what you need. Check the official documentation for chaining server(s) :

amoradi · 2011-09-27 00:14:27

dschrute wrote:

Dante ( package available in Community ) should do what you need. Check the official documentation for chaining server(s) :

Thanks a lot! This seems to do just what I want!

However, I have a small problem. When I add:

internal: 127.0.0.1 port = <listening port>

all is fine and I can connect to dante using my local machine as expected. But when I add

internal: 192.168.1.0/32 port = <listening port>

I can't connect to the proxy from other machines in my local network. How can I fix this?

Thanks a lot again!

dschrute · 2011-09-27 00:43:34

I think that should be

Internal: 192.168.1.0 port = <listening port>

I don't think the "/32" is required. Also have you specified a "client pass" section in sockd.conf ?
Something like

client pass {
        from: 192.169.1.0/24 to: 0.0.0.0/0
	log: error # connect disconnect
}

Or did you restart the daemon after making the change ?

amoradi · 2011-09-27 02:02:20

I have done what you said and still no luck. Here's my /etc/sockd.conf

logoutput: stdout /var/log/sockd.log

internal: 127.0.0.1 port = 1080
internal: 192.168.1.0 port = 1080
external: eth0

method: username none

# TODO: change...seriously!
user.privileged: root
user.unprivileged: root

timeout.negotiate: 30
timeout.io: 0

client pass {
        from: 192.168.1.0/32 port 1-65535 to: 0.0.0.0/0
	log: error
}

client pass {
	from: 127.0.0.1/32 port 1-65535 to: 0.0.0.0/0
	log: error
}

client block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}

block {
        from: 0.0.0.0/0 to: lo0
        log: connect error
}

block {
        from: 0.0.0.0/0 to: 172.16.0.0/12
        log: connect error
}

pass {
        from: 192.168.1.0/32 to: 0.0.0.0/0
        protocol: tcp udp
}

pass {
	from: 127.0.0.0/8 to: 0.0.0.0/0
	protocol: tcp udp
}

dschrute · 2011-09-27 15:57:06

I would start by using a simplified config file. There is a good one to start from in the official docs here in the "Full minimal template" section.
Basically get rid of the "block" and "client block" sections, get things working, then go back and tighten up access.
Also I don't know if two "internal:..." lines are allowed.

Are any errors reported in the logs ? Does netstat show a process on port 1080 bound to your IP or just to loopback ?

amoradi · 2011-09-28 06:09:24

Alright, it's working fine now! Now for the sake of completeness of the thread, I'm going to [SOLVED] it and add the details on how the problem was solved!
Doing a minimal config definitely helped narrow down the problem. The real problem, however, was caused by the internal directive:

internal: 192.168.1.0 port = 1080

When I looked over netstat, I was concerned that it showed the listening ip as 192.168.1.0:1080 instead of my local network ip, 192.168.1.2. Moreover, I did not get *any* log output when I tried to connect from other machines, probably an indication that the machines were not able to even find the proxy:

$ netstat -na | grep 1080
tcp 0 0 192.168.1.0:1080 0.0.0.0:* LISTEN

So, I changed the internal directive to my real (local network) ip:

internal: 192.168.1.2 port = 1080

and BAM! Everything worked fine afterward. Also, I added a second internal directive for my local machine just in case I'll be using dante for myself too. Then I just added the route directive to complete the basic server chaining I was looking for in the beginning. It's working flawless. Here's my working config:

logoutput: stdout /var/log/sockd.log

internal: 192.168.1.2 port = 1080
internal: 127.0.0.1 port = 1080
external: eth0

user.notprivileged: root

clientmethod: none
method: none

client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}

pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
        protocol: udp tcp
}

route {
        from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 10000
}

There is another SOCKS5 proxy listening on port 10000 which is running on my local machine. In my case, this is simply an SSH SOCKS5 proxy (with the -D switch).
Of course, now I'll have to tighten security by adding a new use and adding block directives, but the basic thing is working.

Thanks a lot dschrute, couldn't have done it without you mate!

Arch Linux

#1 2011-09-26 07:07:03

[SOLVED] Local SOCKS5 proxy server + proxy chaining

#2 2011-09-26 14:29:24

Re: [SOLVED] Local SOCKS5 proxy server + proxy chaining

#3 2011-09-27 00:14:27

Re: [SOLVED] Local SOCKS5 proxy server + proxy chaining

#4 2011-09-27 00:43:34

Re: [SOLVED] Local SOCKS5 proxy server + proxy chaining

#5 2011-09-27 02:02:20

Re: [SOLVED] Local SOCKS5 proxy server + proxy chaining

#6 2011-09-27 15:57:06

Re: [SOLVED] Local SOCKS5 proxy server + proxy chaining

#7 2011-09-28 06:09:24

Re: [SOLVED] Local SOCKS5 proxy server + proxy chaining

Board footer