3Proxy Tutorial
Soft:3proxy:HowTo
How to setup logging format
Since 0. 3 version log format may be set with “logformat” command.
First symbol of log format specifies format of date and time and
should be L (LOCAL) or G (GMT – Grinwitch Meridian Time). Format
string may contains some macro substitutions:%y – Year (2 digits)%Y – Year (4 digits)%m – Month (2 digits)%o – mOnth (3 letter abbriviation)%d – Day (2 digits)%H – Hour (2 digits)%M – Minute (2 digits)%S – Second (2 digits)%t – Timestamp (seconds since January, 1 1970 00:00:00 GMT)%. – Milliseconds%z – Timezone in mail format (from GMT, ‘+’ east, ‘-‘ west HHMM), For example Moscow winter time is +0300. %U – Username (‘-‘ if unknown). %N – Service name (PROXY, SOCKS, POP3P, etc)%p – Service port%E – Error code (see. Log error codes reference)%C – client IP%c – client port%R – target IP%r – target port%e – external IP address used to establish connection%Q – requested IP%q – requested port%I – bytes received from target%O – bytes sent to target%n – host name from request%h – hops before target (if redirection or chaning is used).
see How to use chains and parent proxies)%T – service specific text (for example URL requested). %X-YT
where X and Y are positive numbers, only displays fields
(space delimited) X to Y of the text. An example is%1-2T.
Example:
logformat “L%t. %. %N. %p%E%U%C:%c%R:%r%O%I%h%T”
generates something like
1042454727. 0296 SOCK4. 1080 000 3APA3A 127. 0. 1:4739 195. 122. 226. 28:4739 505 18735 1 GET HTTP/1. 1
(no line breaks)
If ODBC used, logformat should specify SQL command,
to insert record into log, for example
logformat “-‘+_GINSERT INTO proxystat VALUES (%t, ‘%c’, ‘%U’, %I)”
-‘+_ instructs to replace characters and ‘ with _
A: Use one of, connect+, socks4+ or socks5+ as a parent type. 3proxy
itself still performs a name resolution, it’s required e. g. to ACLs matching.
So, if no name resolution must be performed by 3proxy itself add a command
fakeresolve
this command resolves any name to 127. 2 address.
How to setup FTP proxy
There is FTP over HTTP (what is called FTP proxy in browsers) and FTP over FTP �ப�
(what is called FTP proxy in file managers and FTP clients). For browsers, there is no need to start additional
proxy service, ‘proxy’ supports FTP over HTTP, configure ‘proxy’ port as an FTP proxy. For ftp clients and file
managers use ftppr. FTP proxy supports both active and passive mode with client, but always use passive mode with FTP servers.
How to limit service access
First, always specify internal interface to accept incoming connection with
‘internal’ configuration command or ‘-i’ service command. (See
How to start any of proxy services (HTTP, SOCKS etc)). If
no internal interface is specified your proxy will act as open one.
It’s also important to specify external interface to prevent access to
internal network with ‘external’ or -e.
3proxy with configuration files allows to use authentication and
authorization for user’s access. Authentication is possible by
username/password or user’s NetBIOS name. Authentication type is specified by
‘auth’ command.
auth none
Disables both authentication and authorization. You can not use ACLs.
auth iponly
Specifies no authentication, ACLs authorization is used.
auth nbname
Authentication by NetBIOS name + ACLs. NetBIOS name of ‘messenger’ service
is obrained before ACL validation. If no name is obtained it’s assumed to be
empty. Messenger is started by default in Windows NT/2000/XP. For Win9x
WinPopUP need to be launched. This type of authentication may be spoofed
by privileged local user.
auth strong
Authentication by username/password. If user is not registered his
access is denied regardless of ACLs.
Different services can have different authentication levels.
pop3p
proxy
socks
It’s possible to authorize access by client IP address, IP address or requested resource,
target port, time, etc after authentication.
(See How to limit resource access).
Since 0. 6 version double authentication is possible, e. g.
auth iponly strong
allow * * 192. 168. 0/16
allow user1, user2
strong authentication will only be used if ACL requires username to deside if
access must be granted. That is, in example, strong username authentication
is not required to access 192. 0/16
0. 6 version introduces authentication (username) caching to increase
productivity. It’s recommended to use authentication caching with resource
or time consuming authentication types, such as nbname or external plugins
(WindowsAuthentication).
Caching can be set with ‘authcache’ command with 2 parameters: caching type
and caching time (in seconds). Caching type defines the type of cached access:
‘ip’ – after successful authentication all connections during caching time
from same IP are assigned to the same user, username is not requested.
“ip, user” – username is requested and all connections from the same IP are
assigned to the same user without actual authentication. “user” – same as above,
but IP is not checked. “user, password” – username and password are checked
against cached ones. For authentication special authentication type ‘cache’
must be used.
authcache ip 60
auth cache strong windows
proxy -n
Please note, that caching affects security. Never use caching for access to
critical resources, such as web administration.
authcache can be used to bind user’s sessions to ip with ‘limit’ option, with
autchcache ip, user, pass, limit 120
auth cache strong
user will not be able to use more than a single IP during cache time (120 sec).
How to create user list
Userslist is created with ‘users’ command.
users USERDESC…
With a single command it’s possible to define few users, or you
can use few ‘users’ commands. USERDESC is user description. Description
consists of three semicolon delimited parts – login, password type and
users admin:CL:bigsecret test:CL:password test1:CL:password1
users “test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49. ”
users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
Please note the usage of quotation sign: it’s required to comment out $ sign
overwise used as a file inclusion macro.
Next password types are available:
No password type: use system authentication.
CL – cleartext password
CR – crypt password, only MD5 crypt passwords are supported
NT – NT-hashed (MD4) passwords in hex, as used in pwdump or SAMBA
NT and crypt passwords can be used to import accounts from Windows/SAMBA or
Unix. For Windows you can use pwdump family of utilities.
It’s convenient to store accounts apart and include account file with $ macro.
Because for included files newlines are treated as a space, it’s possible to
use atandard passwd file format:
users $/etc/. 3proxypasswd
or
users $”c:Program Files3proxypasswords”
It’s possible to create NT and crypt passwords with mycrypt utility included
in distribution.
Userlist is system-wide. To manage user access to specific service use ACLs.
How to limit user access to resources
Commands allow, deny and flush are used to manage ACLs:
allow
deny
flush
‘flush’ command is used to finish with existing ACL and to start new one.
It’s required to have different ACLs for different services.
‘allow’ is used to allow connection and ‘deny’ to deny connection. ‘allow’
command can be extended by ‘parent’ command to manage redirections (see How to manage redirections)). If ACL
is empty it allow everything. If ACL is not empty, first matching ACL entry
is searched for user request and ACL action (allow or deny) performed. If
no matching record found, connection is denied and user will be asked to
re-authenticate (requested for username/password). To prevent this request
add ‘deny *’ to the end of list.
Networks can be defined as single IP address or in CIDR form, where l – is the length of network mask
(a number of non-zero bits). 192. 1. 0/24
means network with 255. 255. 0 mask.
In 3proxy 0. 6 and above it’s allowed to use hostnames with wildmasks
in targetlist. Wildmask may only present in the begginning or at the
end of the hostname, e. g.
192. 0/16,, *wrongcontent*.
It’s possible to define port ranges with -, e. 80, 1024-65535
means port 80 and all unprivileged ports.
CONNECT – establish outgoing TCP connection. e. POP3 or SOCKSv5
BIND – allow incoming TCP connection (SOCKSv5)
UDPASSOC – create UDP association (SOCKSv5)
ICMPASSOC – create ICMP association (not implemented)
HTTP_GET – HTTP GET request (HTTP proxy)
HTTP_PUT – HTTP PUT request (HTTP proxy)
HTTP_POST – HTTP POST request (HTTP proxy)
HTTP_HEAD – HTTP HEAD request (HTTP proxy)
HTTP_CONNECT – HTTP CONNECT, aka HTTPS request (HTTP proxy)
HTTP_OTHER – another HTTP request (HTTP proxy)
HTTP – any HTTP request except HTTP_CONNECT (HTTP proxy)
HTTPS – alias to HTTP_CONNECT (HTTP proxy)
FTP_GET – FTP get request (, ftp proxy)
FTP_PUT – FTP put request (ftp proxy)
FTP_LIST – FTP list request (, ftp proxy)
FTP – any FTP request
ADMIN – administration interface access
00:00:00-08:00:00, 17:00:00-24:00:00 lists non-working hours.
* in ACL means “any”.
Usage examples could be found in
How to manage redirections
Redirections are usefull to e. forward requests from specific clients
to different servers or proxy server. Additionally, redirections are usefull
to convert proxy interface from ont format to another, e. requests from
SOCKS proxy can be redirected to parent HTTP proxy, or SOCKSv5 client can be
redirected to SOCKSv4 proxy.
Because 3proxy understand “transparent” web request, it can be used as an
intermediate software between HTTP proxy and NAT server for transparent HTTP
forwarding, because it can convert “Web server” request issued by client to
“proxy request” required by proxy server. A simplest redirection is:
allow *
parent 1000 192. 1 3128
All trafiic of HTTP proxy is redirected to parent proxy 192. 1 port 3128.
If port number is ‘0’, IP address from ‘parent’ is used as external address
for this connection (that is like -eIP, but only for connections matching
‘allow’).
Special case of redirection are local redirections. In this case both IP is
0. 0 and port is 0. It’s only usseful with SOCKS service. In this case no
new connection is established, but request is parsed by corresponding local
service. E. :
allow * * * 80
parent 1000 0. 0 0
allow * * * 21
parent 1000 ftp 0. 0 0
allow * * * 110
parent 1000 pop3 0. 0 0
In this case all SOCKS traffic with destination port 80 is forwarded to local
‘proxy’ service, destination port 21 to ‘ftppr’ and 110 to ‘pop3pr’. There is
no need to run these services expicitly. Local redirections are usefull if
you want to see and control via ACLs protocol specific parameters, e. g.
filenames requests thorugh FTP while clients are using SOCKS.
��� �ࠢ���� ������묨 ��७��ࠢ����ﬨ
Q: What is it for?
A: To have control based on request and to have URLs and another protocol specific parameters to be logged.
Q: What are restrictions?
A: It’s hard to redirect services for non-default ports; Internet Explorer supports only SOCKSv4 with no password authentication (Internet Explorer sends username, but not password), for SOCKSv5 only cleartext password authentication is supported.
Q: What are advantages?
A: You need only to setup SOCKS proxy in browser settings. You can use socksifier, i. FreeCAP or SocksCAP with application which is not proxy aware.
Q: How to setup?
A: You should specify parent proxy with IP of 0. 0 and port 0. Examples:
allow * * * 80, 8080-8088
#redirect ports 80 and 8080-8088 to local HTTP proxy
#Second allow is required, because ACLs are checked
#twice: first time by socks and second by proxy.
allow * * * 21, 2121
#redirect ports 21 and 2121 to local
#ftp proxy
#allow rest of connections directly
#now let socks server to start
Q: How it affects different ACL rules
A: After local redirections rules are applied again to protocol-level request. Redirection rule itself is skipped. It makes it possible to redirect request again on the external proxy depending on request itself.
#redirect traffic to internal proxy
allow * * $c:3proxy 80, 8080-8088
#allow direct access to networks
parent 1000 3128
#use parent caching proxy for rest of the networks
#allow direct connections for rest of socks
#requests
How to balance traffic between few external channgels?
Proxy itself doesn’t manage network level routing. The only way to control
outgoing channel is to select external interface. It’s possible to make
external interface (what is usually selected with ‘external’ command or
‘-e’ option) random by using local redirection with external port 0.
parent 500 10. 101 0
parent 500 10. 2. 102 0
Now external interface is randomly selected with 0. 5 probability between
10. 101 and 10. 102. To work as expected, different default routes
must between 2 interfaces.
used
If both interface addresses are in same network, e. 10. 102
and you want to select random gateway between 10. 1 and 10. 2, you must
control it by using routing table, in case there is no default gateway route
for Windows:
route add -p 10. 1 10. 101
route add -p 10. 2 10. 102
route add -p 0. 0 mask 0. 0 192. 1
route add -p 0. 2
If you have no second address yet, just add it. Under Linux/Unix it’s better
to use source routing.
How to manage proxy chains
parent command may also be used to build a proxy chains. In this case
few ‘parent’ commands are used for single ‘allow’ rule with different
weights (first argument of parent command). Chain may contain any number
of proxy servers, but it should be noted that every hope significantly
reduces productivity. It’s possible to mix different types of proxy within
single chain: HTTPS (HTTP connect), SOCKS4, SOCKS5. Weight different from
1000 is used to build random chains. if weight W is below 1000, this proxy
will be used as a next chain hop with probability of W/1000. That is, if
the weight is 250 probability this proxy will be used for the next hope is
25%. ‘parent’ records with common weight of 1000 establish a group, one of
these record will be used for the hop with probability according to weight.
Warning: each group must have a weight even of 1000. As follows, common
weight of all ‘parent’ records must also be even of 1000. If common weight
of ‘parent’ records in te chain is 3000, chain has 3 hops and must be formed
of 3 groups. Example:
parent 500 socks5 192. 1 1080
parent 500 connect 192. 1 3128
In this case we have 1 parent proxy (1 hop) which is randomely choosen between
2 hosts: 192. 1 and 192. 2 records form a single group.
parent 1000 socks5 192. 1 1080
parent 1000 connect 192. 20. 1 3128
parent 300 socks4 192. 30. 1 1080
parent 700 socks5 192. 40. 1 1080
In this case we have 3 groups (3 hops in the chain). First hop is 192. 1,
second hop is 192. 1 and 3rd one is either 192. 1 with probability
of 30% or 192. 1 with probability of 70%.
How to limit bandwidth
3proxy supports bandwidth filters. To manage filters bandlimin/bandlimout and
nobandlimin/nobandlimout. ‘in’ means incoming and ‘out’ – outgoing traffic.
bandlimin
nobandlimin
Commands are applied to all services. Imagine bandwidth filters as a series of
pipes. Bitrate is a pipe’s width and ACLs controls the flow thorugh this pipe.
bandlimin 57600 * 192. 16
bandlimin 57600 * 192. 17
bandlimin 57600 * 192. 18
bandlimin 57600 * 192. 19
Create 4 separete pipes for 4 client with emulation of modem connection.
bandlimin 57600 * 192. 16/30
Create single pipe for all 4 clients. That is 4 clients share modem connection.
In this example:
nobandlimin * * * 110
bandlimin 57600 * 192. 16/32
mail traffic from POP3 servers bypasses the pipe and has no bandwidth
limitation.
How to limit traffic amount
counter
countin
nocountin
countout
nocountout
You can set traffic limit per day (D), week (W), month (M), year (Y) or
absolute (‘N’), as specified by ‘type’ argument of counterin command.
Traffic information is stored in binary file specified by ‘filename’ argument.
countersutil utility can be used to manage this file.
reportpath specifies location of text reports, type parameter of ‘counter’
command controls how often text reports are created. amount is amount of
allowed traffic in Megabytes (MB). nocountin allows you to set exclusions.
How to fix incorrect traffic accounting
3proxy accounts protocol level traffic. Provider counts channel or IP-level traffic with network and transport headers. In additions, 3proxy doesn’t counts DNS resolutions, pings, floods, scans, etc. It makes approx. 10% of difference. That’s why you should have 15% reserve if you use 3proxy to limit your traffic. If difference with your provider is significantly above 10% you should look for traffic avoiding proxy server, for example connections through NAT, traffic originated from the host with proxy installed, traffic from server applications, etc.
How to configure name resolution and DNS caching
For name resolution and caching use commands nserver, nscache / nscache6 and nsrecord.
nserver 192. 2
nserver 192. 3:5353/tcp
sets DNS resolvers. 3 will be used via TCP/5353 (instead of default UDP/53)
only if 192. 2 fails. Up to 5 nservers may be specified.
If no nserver is configured, default system name resolution functions are used.
nscache 65535
nscache6 65535
sets name cache size for IPv4 and IPv6. Name cache must be large enouth, if presents.
name cache is only used if nserver is configured.
nsrecord 192. 1
nsrecord 127. 2…
deny * * 127. 2
adds static nsrecords. Also, static nsrecords are used for dnspr, unless -s option is specified.
Since 0. 8 version, parent proxy may be configured for dnspr.
How to use IPv6
IPv6 is supported since 0. 8. Please note, some proxy protolos, e. SOCKSv4,
do not support IPv6. SOCKSv5 supports IPv6 with special request type (must be
implemented by client).
3proxy supports proxying from IPv4 and IPv6 networks to IPv4,
IPv6 and mixed networks. IPv6 address may be used in
internal, external, parent commands, ACLs, -i and -e options, etc.
external command and -e options may be given twice for each service – once with IPv4
and once with IPv6 address. internal can be given only once, to bind to all IPv4 and
IPv6 addresses use [0:0:0:0:0:0:0:0] or [::].
Any service may be configured with -4, -46, -64, -6 options to specify decied
priority for name to IPv4/IPv6 address resolution (IPv4 only, IPv4 priority,
IPv6 priority, IPv6 only).
How to use connect back
In example, users needs access from external network to proxy server located
on the host 192. This host can not be accessed from external network,
but it has access to external network with with external address 1. 1.
Also, user has access to the host 2. 2 (IP address may be dynamic) with
hostname via external network. User needs 2 instances
of 3proxy, first one on the host 192. 2 with config
users user:CL:password
allow user
second one on the (2. 2) with config
allow * * 1. 1
tcppm -R0. 0:1234 3128 1. 1 3128
For browser settings proxy is
3proxy – tiny free proxy server – GitHub
# 3APA3A 3proxy tiny proxy server
(c) 2002-2021 by Vladimir ‘3APA3A’ Dubrovin <>
Branches:
Master (stable) branch – 3proxy 0. 9
Devel branch – 3proxy 10
Download:
Binaries for released (master) versions (Windows, Linux):
Binaries for devel version (Windows, Linux):
Docker images:
Archive of old versions:
Windows installation:
3proxy –install
installs and starts proxy as Windows service
(config file should be located in the same directory)
3proxy –remove
removes the service (should be stopped before via
‘net stop 3proxy’).
To build in Linux install git and build-essential packages, use
git clone cd 3proxy
ln -s Makefile
make
sudo make install
Default configuration (for Linux/Unix):
3proxy uses 2 configuration files:
/etc/3proxy/ (before-chroot). This configuration file is executed before chroot and should not be modified.
/usr/local/3proxy/conf/ symlinked from /etc/3proxy/conf/ (after-chroot) is a main configuration file. Modify this file, if required.
All paths in /usr/local/3proxy/conf/ are relative to chroot directory (/usr/local/3proxy). For future versions it’s planned to move
3proxy chroot direcory to /var.
Log files are created in /usr/local/3proxy/logs symlinked from /var/log/3proxy.
By default, socks is started on 0. 0. 0:1080 and proxy on 0. 0:3128 with basic auth, no users are added by default.
use /etc/3proxy/conf/ script to add users.
usage: /etc/3proxy/conf/ username password [day_limit] [bandwidth]
day_limit – traffic limit in MB per day
bandwidth – bandwith in bits per second 1048576 = 1Mbps
or modify /etc/3proxy/conf/ files directly.
Please read doc/html/ and man pages.
Features:
1. General
+ IPv6 support for incoming and outgoing connection,
can be used as a proxy between IPv4 and IPv6 networks
in either direction.
+ HTTP/1. 1 Proxy with keep-alive client and server support,
transparent proxy support.
+ HTTPS (CONNECT) proxy (compatible with HTTP/2 / SPDY)
+ Anonymous and random client IP emulation for HTTP proxy mode
+ FTP over HTTP support.
+ DNS caching with built-in resolver
+ DNS proxy
+ DNS over TCP support, redirecting DNS traffic via parent
proxy
+ SOCKSv4/4. 5 Proxy
+ SOCKSv5 Proxy
+ SOCKSv5 UDP and BIND support (fully compatible with
SocksCAP/FreeCAP for UDP)
+ Transparent SOCKS redirection for HTTP, POP3, FTP, SMTP
+ POP3 Proxy
+ FTP proxy
+ TCP port mapper (port forwarding)
+ UDP port mapper (port forwarding)
+ SMTP proxy
+ Threaded application (no child process).
+ Web administration and statistics
+ Plugins for functionality extension
+ Native 32/64 bit application
2. Proxy chaining and network connections
+ Can be used as a bridge between client and different proxy type
(e. g. convert incoming HTTP proxy request from client to SOCKSv5
request to parent server).
+ Connect back proxy support to bypass firewalls
+ Parent proxy support for any type of incoming connection
+ Username/password authentication for parent proxy(s).
+ HTTPS/SOCKS4/SOCKS5 and ip/port redirection parent support
+ Random parent selection
+ Chain building (multihop proxing)
+ Load balancing between few network connections by choosing network
interface
3. Logging
+ tuneable log format compatible with any log parser
+ stdout logging
+ file logging
+ syslog logging (Unix)
+ ODBC logging
+ RADIUS accounting
+ log file rotation
+ automatic log file processing with external archiver (for files)
+ Character filtering for log files
+ different log files for different servces are supported
4. Access control
+ ACL-driven Access control by username, source IP,
destination IP/hostname, destination port and destination action
(POST, PUT, GET, etc), weekday and daytime.
+ ACL-driven (user/source/destination/protocol/weekday/daytime or
combined) bandwith limitation for incoming and (! )outgoing trafic.
+ ACL-driven traffic limitation per day, week or month for incoming and
outgoing traffic
+ Connection limitation and ratelimting
+ User authentication by username / password
+ RADIUS Authentication and Authorization
+ User authentication by DNS hostname
+ Authentication cache with possibility to limit user to single IP address
+ Access control by username/password for SOCKSv5 and HTTP/HTTPS/FTP
+ Cleartext or encrypted (crypt/MD5 or NT) passwords.
+ Connection redirection
+ Access control by requested action (CONNECT/BIND,
HTTP GET/POST/PUT/HEAD/OTHER).
+ All access control entries now support weekday and time limitations
+ Hostnames and * templates are supported instead of IP address
5. Extensions
+ Regular expression filtering (with PCRE) via PCREPlugin
+ Authentication with Windows username/password (cleartext only)
+ SSL/TLS decryptions with certificate spoofing
+ Transparent redirection support for Linux and *BSD
6. Configuration
+ support for configuration files
+ support for includes in configuration files
+ interface binding
+ socket options
+ running as daemon process
+ utility for automated networks list building
+ configuration reload on any file change
Unix
+ support for chroot
+ support for setgid
+ support for setuid
+ support for signals (SIGUSR1 to reload configuration)
Windows
+ support –install as service
+ support –remove as service
+ support for service START, STOP, PAUSE and CONTINUE commands (on
PAUSE no new connection accepted, but active connections still in
progress, on CONTINUE configuration is reloaded)
Windows 95/98/ME
6. Compilation
+ MSVC (static)
+ OpenWatcom (static)
+ Intel Windows Compiler ()
+ Windows/gcc ()
+ Cygwin/gcc ()
+ Unix/gcc
+ Unix/ccc
+ Solaris
+ Mac OS X, iPhone OS
+ Linux and derivered systems
+ Lite version for Windows 95/98/NT/2000/XP/2003
+ 32 bit and 64 bit versions for Windows Vista and above, Windows 2008 server and above
3proxy Combined proxy server may be used as
executable or service (supports installation and removal).
It uses config file to read it’s configuration (see
for details).
is all-in-one, it doesn’t require all others
to work.
See for examples, see man
proxy HTTP proxy server, binds to port 3128
ftppr FTP proxy server, binds to port 21
socks SOCKS 4/5 proxy server, binds to port 1080
ftppr FTP proxy server, please do not mess it with FTP over HTTP
proxy used in browsers
pop3p POP3 proxy server, binds to port 110. You must specify
POP3 username as [:port]
port is 110 by default.
Exmple: in Username configuration for you e-mail reader
set, to obtains mail for someuser
from via proxy.
smtpp SMTP proxy server, binds to port 25. You must specify
SMTP username as [:port]
port is 25 by default.
set, to send mail as someuser
via via proxy.
tcppm TCP port mapping. Maps some TCP port on local machine to
TCP port on remote host.
udppm UDP port mapping. Maps some UDP port on local machine to
UDP port on remote machine. Only one user simulationeously
can use UDP mapping, so it cann’t be used for public service
in large networks. It’s OK to use it to map to DNS server
in small network or to map Counter-Strike server for single
client (you can use few mappings on different ports for
different clients in last case).
mycrypt Program to obtain crypted password fro cleartext. Supports
both MD5/crypt and NT password.
mycrypt password
produces NT password
mycrypt salt password
produces MD5/crypt password with salt “salt”.
Run utility with –help option for command line reference.
Latest version is available from
Want to donate the project?
3proxy use(Others-Community) – TitanWolf
Here is the DRL @ fireinice written tutorial, you can refer to. Thanks for this is expert.
************************************************** ************************************************** ********************
You can get from this article:
1. how to install 3proxy agent software in linux / windows, and use it to open proxy
2. adjust 3proxy proxy chain, joint use of more than one parent proxy internet
3. 3proxy set up multiple proxy
3proxy is developed by a Russian multi-platform agent software, supports / / ftp / socks4 / socks5 / socks4a / socks5a other proxy mode.
Before the introduction of dRag0nMa to drl, by ccpp0 brother wrote a simple tutorial Original Address:
I am looking for a while due to the support and socks proxy software under linux, introduced by ccpp0 brother to me, from the essay article rewarding. With, according to their own needs, to read English manual and software on the Software Forum Ask a question with some new understanding, the article idiopathic
one, the installation
installed under windows:
installation is actually very simple in the windows:
you can download the already compiled binary package, and then decompressed into a file. the bin folder that is executable file.
Second, the configuration:
For windows systems to be in the bin folder under the file name to create a new file All configuration information is written here.
If it is linux system, you can create a new file of a Let me explain my rough network environment and would like to achieve with 3proxy which features
a socks proxy on my hand, I hope that most of the network connection through the proxy, at the same time do not want to proxy authentication required. At the same time, I am a tor user, but never used privoxy other functions, only tor to browse the Web, so you want to convert into ordinary tor proxy.
At the same time, I also need to set up a proxy for students to use in the bedroom.
To do under the assumption that:
my father proxy
socks proxy is: 192. 168. 0. 1: 8080, proxy type socks5, user name, password is: usr / pwd
Tor proxy is: 127. 1: 9050, proxy type is socks4a
I hope opened agent:
users have 192. 1. 1 and 192. 2 and myself
opened a total of four proxy interface:
1234 port: this port incoming requests all go to 192. 1
1235 port: this port accepts requests socks, and all go to 192. 1
1236 port: the port hopes to build a chain of proxies, use tor as an agent, 192. 1 as the two agents
1237 port: the port has no parent agency, provided to the user in addition to my use. Well, let’s look at how my cfg file is to achieve the above requirements (after # as a comment):30 30 60 60 180 [Timeouts 1800 60 120
log D: /temp/ Note D # linux system should be changed to other forms of path.
LogFormat “% L% D H:% M% P% C% N-: R & lt% C%: R & lt% H% O%%% T ERR the I: E%”
Rotate. 3
# All three of the above recording address file, format and save a few days of record
# this section must be placed before the auth iponly, or can not record
service
# this line of windows is necessary, 3proxy will be installed as a system service.
# On linux and nt system should be replaced with non-daemon, to ensure that run in the background.
iponly auth
# Use only ip user confirms
the allow * * 127. 1
parent Socks5 192. 1 1000 8080 usr # pwd parent proxy
proxy -a -p1234 # proxy
socks -a -p1235 #socks proxy
flush
# flush clear the list using the service, then we can set up a new service
parent 1000 SOCKS4 proxy 127. 1 9050 #tor parent
parent 1000 socks5 192. 1 8080 usr pwd
# Here implements a proxy chain, which is part of the original simple tutorial a little error.
# All requests will pass through the tor 192. 1, detailed explanation may be described with reference to the
Proxy -a -p1236
the flush
the allow 222. 205. 4. 245, 127. 1, 10. 214. 32. 121 * *
Proxy -a -p1237
# This is the first four proxy port, no parent agencyThe following two issues in-depth to explain:
itself is socks4a agent, in the settings file should be expressed as socks4 +, but because of 192. 1 DNS is not supported, so marked as socks4, otherwise it will proxy chain error
2. Agent chain is such that the weight value to the packet (i. e., 1000), each weight value adding weights 1000 must be a group that is one
example of using manual:
parent 192. 10. 1 1080 1000 Socks5
parent Connect 1000 192. 20. 1 3128
parent 192. 30. 1 1080 300 SOCKS4
parent Socks5 192. 40. 1 1080 700
or more proxy chain is divided into three groups, namely a first layer: 192. 1, second layer: 192. 1, the third layer: 30. 1 and 40. 1
when a request arrives after the first and second layers is necessary to pass, in the third layer, there is a 30% chance by chance by 30. 1, 70 40. 1%
by weight of the right to use the time and attention to ensure that each set of weights 1000
Third, the operation
in the case with administrator privileges windows, run –install on it, and then will run as a background service.
In linux joined at the top of the file
#! / Usr / local / bin / 3proxy / 3proxy
after
chmod + x, run directly can set up a proxy service.