You are not logged in.
Hi all,
I'm looking for a proxy that can accept incoming SOCKS5 connections. To be more specific, I'm looking to make the following configuration possible:
multiple clients <--SOCKS5--> server with proxy <--SOCKS5--> another proxy <----> internet
I have tried privoxy and polipo, but, while they can forward SOCKS5 requests, they can't accept incoming SOCKS5 connections, so I can't chain two proxies. Is there any way to make this configuration possible?
In other words, I'm looking for a proxy that can do this:
SOCKS5 connection from somewhere <----> proxy on local network <----> SOCKS5 connection to another proxy
For added bonus, I would also like to chain an arbitrary numbers of proxies.
Thanks in advance!
Last edited by amoradi (2011-09-28 06:10:12)
Offline
Dante ( package available in Community ) should do what you need. Check the official documentation for chaining server(s) :
Offline
Dante ( package available in Community ) should do what you need. Check the official documentation for chaining server(s) :
Thanks a lot! This seems to do just what I want!
However, I have a small problem. When I add:
internal: 127.0.0.1 port = <listening port>
all is fine and I can connect to dante using my local machine as expected. But when I add
internal: 192.168.1.0/32 port = <listening port>
I can't connect to the proxy from other machines in my local network. How can I fix this?
Thanks a lot again!
Offline
I think that should be
Internal: 192.168.1.0 port = <listening port>
I don't think the "/32" is required. Also have you specified a "client pass" section in sockd.conf ?
Something like
client pass {
from: 192.169.1.0/24 to: 0.0.0.0/0
log: error # connect disconnect
}
Or did you restart the daemon after making the change ?
Offline
I have done what you said and still no luck. Here's my /etc/sockd.conf
logoutput: stdout /var/log/sockd.log
internal: 127.0.0.1 port = 1080
internal: 192.168.1.0 port = 1080
external: eth0
method: username none
# TODO: change...seriously!
user.privileged: root
user.unprivileged: root
timeout.negotiate: 30
timeout.io: 0
client pass {
from: 192.168.1.0/32 port 1-65535 to: 0.0.0.0/0
log: error
}
client pass {
from: 127.0.0.1/32 port 1-65535 to: 0.0.0.0/0
log: error
}
client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}
block {
from: 0.0.0.0/0 to: lo0
log: connect error
}
block {
from: 0.0.0.0/0 to: 172.16.0.0/12
log: connect error
}
pass {
from: 192.168.1.0/32 to: 0.0.0.0/0
protocol: tcp udp
}
pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
protocol: tcp udp
}
Offline
I would start by using a simplified config file. There is a good one to start from in the official docs here in the "Full minimal template" section.
Basically get rid of the "block" and "client block" sections, get things working, then go back and tighten up access.
Also I don't know if two "internal:..." lines are allowed.
Are any errors reported in the logs ? Does netstat show a process on port 1080 bound to your IP or just to loopback ?
Offline
Alright, it's working fine now! Now for the sake of completeness of the thread, I'm going to [SOLVED] it and add the details on how the problem was solved!
Doing a minimal config definitely helped narrow down the problem. The real problem, however, was caused by the internal directive:
internal: 192.168.1.0 port = 1080
When I looked over netstat, I was concerned that it showed the listening ip as 192.168.1.0:1080 instead of my local network ip, 192.168.1.2. Moreover, I did not get *any* log output when I tried to connect from other machines, probably an indication that the machines were not able to even find the proxy:
$ netstat -na | grep 1080
tcp 0 0 192.168.1.0:1080 0.0.0.0:* LISTEN
So, I changed the internal directive to my real (local network) ip:
internal: 192.168.1.2 port = 1080
and BAM! Everything worked fine afterward. Also, I added a second internal directive for my local machine just in case I'll be using dante for myself too. Then I just added the route directive to complete the basic server chaining I was looking for in the beginning. It's working flawless. Here's my working config:
logoutput: stdout /var/log/sockd.log
internal: 192.168.1.2 port = 1080
internal: 127.0.0.1 port = 1080
external: eth0
user.notprivileged: root
clientmethod: none
method: none
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
}
pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error connect disconnect
protocol: udp tcp
}
route {
from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 10000
}
There is another SOCKS5 proxy listening on port 10000 which is running on my local machine. In my case, this is simply an SSH SOCKS5 proxy (with the -D switch).
Of course, now I'll have to tighten security by adding a new use and adding block directives, but the basic thing is working.
Thanks a lot dschrute, couldn't have done it without you mate!
Offline