Linux Socks5 Proxy Server
How to setup SOCKS proxy in Linux – Lintel Technologies Blog
A SOCKS server is a general purpose proxy server that establishes a TCP connection to another server on behalf of a client, then routes all the traffic back and forth between the client and the server. It works for any kind of network protocol on any port. SOCKS Version 5 adds additional support for security and UDP.
Use of SOCKS is as a circumvention tool, allowing traffic to bypass Internet filtering to access content otherwise blocked, e. g., by governments, workplaces, schools, and country-specific web services
Using SSH
SOCKS proxies can be created without any special SOCKS proxy software if you have Open SSH installed on your server and an SSH client with dynamic tunnelling support installed on your client computer.
ssh -D 1080 user@
Now, enter your password and make sure to leave the Terminal window open. You have now created a SOCKS proxy at localhost:1080. Only close this window if you wish to disable your local SOCKS proxy.
Using Microsocks program
MicroSocks is a multithreaded, small, efficient SOCKS5 server.
It’s very lightweight, and very light on resources too:
for every client, a thread with a stack size of 8KB is spawned. the main process basically doesn’t consume any resources at all.
the only limits are the amount of file descriptors and the RAM.
It’s also designed to be robust: it handles resource exhaustion gracefully by simply denying new connections, instead of calling abort() as most other programs do these days.
another plus is ease-of-use: no config file necessary, everything can be done from the command line and doesn’t even need any parameters for quick setup.
Installing microsocks
“`git clone `
“`cd microsocks“`
“`make“`
Starting socks service
microsocks -1 -i listenip -p port -u user -P password -b bindaddr
all arguments are optional. by default listenip is 0. 0. 0 and port 1080.
option -1 activates auth_once mode: once a specific ip address authed successfully with user/pass, it is added to a whitelist and may use the proxy without auth. this is handy for programs like firefox that don’t support user/pass auth. for it to work you’d basically make one connection with another program that supports it, and then you can use firefox too.
Turn any Linux computer into a SOCKS5 proxy with one …
Last updated
2 weeks ago
I thought I’d write a shorter article this time. It goes hand in hand with my upcoming article series on 100% technical guide to anonymity and it’s much easier to write larger articles by splitting them into smaller pieces. I can then just edit them together and produce the final article.
This article will be interesting to everyone who didn’t know this awesome fact already – you can turn any Linux computer into a SOCKS5 (and SOCKS4) proxy with just one ssh command command and no extra tools.
ssh -N -D 0. 0. 0:1080 localhost
Even better – it doesn’t require root privileges. The ssh command starts up dynamic -D port forwarding on port 1080 and talks to the clients via SOCSK5 or SOCKS4 protocols, just like a regular SOCKS5 proxy would. The -N option makes sure ssh stays idle and doesn’t execute any commands on localhost.
If you also want the command to go into background as a daemon, then add the -f option:
ssh -f -N -D 0. 0:1080 localhost
To use it, just make your software use SOCKS5 proxy on your Linux computer’s IP, port 1080, and you’re done – all your requests will now get proxied.
Access control can be implemented via iptables. For example, to allow only people from the ip 1. 2. 3. 4 to use SOCKS5 proxy, add the following iptables rules:
iptables -A INPUT –src 1. 4 -p tcp –dport 1080 -j ACCEPT
iptables -A INPUT -p tcp –dport 1080 -j REJECT
The first rule says, allow anyone from 1. 4 to connect to port 1080, and the other rule says, deny everyone else from connecting to port 1080.
However, executing iptables requires root privileges. If you don’t have root privileges, and you don’t want to leave your proxy open (and you really don’t want to do that), you’ll have to use some kind of a simple TCP proxy wrapper to do access control.
Here, I just wrote one in Perl. It’s called and it uses IO::Socket::INET to abstract sockets, and IO::Select to do connection multiplexing.
#! /usr/bin/perl
#
use warnings;
use strict;
use IO::Socket::INET;
use IO::Select;
my @allowed_ips = (‘1. 4’, ‘5. 6. 7. 8’, ‘127. 1’, ‘192. 168. 1. 2’);
my $ioset = IO::Select->new;
my%socket_map;
my $debug = 1;
sub new_conn {
my ($host, $port) = @_;
return IO::Socket::INET->new(
PeerAddr => $host,
PeerPort => $port) || die “Unable to connect to $host:$port: $! “;}
sub new_server {
my $server = IO::Socket::INET->new(
LocalAddr => $host,
LocalPort => $port,
ReuseAddr => 1,
Listen => 100) || die “Unable to listen on $host:$port: $! “;}
sub new_connection {
my $server = shift;
my $client = $server->accept;
my $client_ip = client_ip($client);
unless (client_allowed($client)) {
print “Connection from $client_ip denied. n” if $debug;
$client->close;
return;}
print “Connection from $client_ip accepted. n” if $debug;
my $remote = new_conn(‘localhost’, 55555);
$ioset->add($client);
$ioset->add($remote);
$socket_map{$client} = $remote;
$socket_map{$remote} = $client;}
sub close_connection {
my $client = shift;
my $remote = $socket_map{$client};
$ioset->remove($client);
$ioset->remove($remote);
delete $socket_map{$client};
delete $socket_map{$remote};
$remote->close;
print “Connection from $client_ip closed. n” if $debug;}
sub client_ip {
return inet_ntoa($client->sockaddr);}
sub client_allowed {
return grep { $_ eq $client_ip} @allowed_ips;}
print “Starting a server on 0. 0:1080n”;
my $server = new_server(‘0. 0’, 1080);
$ioset->add($server);
while (1) {
for my $socket ($ioset->can_read) {
if ($socket == $server) {
new_connection($server);}
else {
next unless exists $socket_map{$socket};
my $remote = $socket_map{$socket};
my $buffer;
my $read = $socket->sysread($buffer, 4096);
if ($read) {
$remote->syswrite($buffer);}
close_connection($socket);}}}}
To use it, you’ll have to make a change to the previous configuration. Instead of running ssh SOCKS5 proxy on 0. 0:1080, you’ll need to run it on localhost:55555.
ssh -f -N -D 55555 localhost
After that, run the
perl
TCP proxy will start listening on 0. 0:1080 and will redirect only the allowed IPs in @allowed_ips list to localhost:55555.
Another possibility is to use another computer instead of your own as an exit node. What I mean is you can do the following.
ssh -f -N -D 1080
This will set up a SOCKS5 proxy on localhost:1080 but when you use it, ssh will automatically tunnel your requests (encrypted) via This way you can hide what you’re doing on the Internet from anyone who might be sniffing your link. They will see that you’re communicating with but the traffic will be encrypted so they won’t be able to tell what you’re doing.
That’s it. You’re now the proxy king!
Download
Download link:
I also pushed to GitHub. You can fork it and contribute. For example, you could make it redirect between any number of hosts:ports, not just two, implement onion routing, and better access control.
I’ll also soon write the definitive guide to ssh port forwarding because it’s an interesting but little understood topic.
See you next time!
Thanks for reading my post. If you enjoyed it and would like to receive my posts automatically, you can subscribe to new posts via rss feed or email.
How to setup a Socks5 Proxy server on Ubuntu with Dante
Dante Socks5 Server
Dante is a socks5 server that you can use to setup a socks5 proxy on your ubuntu or debian machine. In this quick tutorial we shall learn how to setup dante and use authentication.
With authentication enabled, the dante proxy server would require all clients to provide login details in order to use the proxy server. This is a good idea.
1. Install Dante on Ubuntu
The default Ubuntu repositories have the dante-server package but it is outdated. The version present is 1. 1. 19 which is quite old and also has some bugs. The authentication feature does not work properly.
If you don’t need authentication then you can install it.
sudo apt-get install dante-server
The version in repository was
# danted -v
danted: dante v1. 19
Known authentication issues
Like mentioned earlier, the authentication feature does not properly work with it. The log file shows the following error messages –
Mar 11 14:05:05 (1489241105) danted[5020]: pass(1): tcp/accept]: username%[email protected] -> 104. 131. 115. 128. 1080: system username/password failed
Trying to test with curl shows the following error message –
$ curl -v -x socks5username:[email protected]:1080 * Trying 104. 128…
* User was rejected by the SOCKS5 server (1 1).
* Closing connection 0
curl: (7) User was rejected by the SOCKS5 server (1 1).
Some users have reported similar issues at this reddit post -Install newer version directly from file
So we need to install a newer version. There is a ppa for dante-server at –
but it is no longer being maintained. But we can use the deb file from the ppa to install dante on Ubuntu 16. 10
The download url is this:
using the wget command:
# wget Install using gdebi command:
$ sudo apt-get install gdebi-core
$ sudo gdebi
2. Configure
The next task is to configure the dante server before starting it. The configuration file can be found here –
nano /etc/
The contents should look similar to this –
# /etc/
logoutput: syslog
ivileged: root
user. unprivileged: nobody
# The listening network interface or address.
internal: 0. 0. 0 port=1080
# The proxying network interface or address.
external: eth0
# socks-rules determine what is proxied through the external interface.
# The default of “none” permits anonymous access.
socksmethod: username
# client-rules determine who can connect to the internal interface.
clientmethod: none
client pass {
from: 0. 0/0 to: 0. 0/0
log: connect disconnect error}
socks pass {
Now start the danted proxy server
# service danted start
Use the netstat command to check the port number
# netstat -nlpt | grep dant
tcp 0 0 0. 0:1080 0. 0:* LISTEN 6342/danted
3. Create a User
Dante can use the system unix user accounts to authenticate the connecting clients. For this you should create a separate user. Any client that will be connecting to this proxy server will be sending the password in plain text over the network, so beware of that.
$ adduser mike
4. Test with curl
Once you have setup everything, its time to test that the proxy server is working as expected. Use the curl command to do this. Specify the username, password, server ip and port number and try fetching some url.
curl -v -x socks5mike:[email protected]
Conclusion
Dante is a socks5 server that can be used as a proxy server. For instance you can setup an online linux server and use it as a proxy server to access other websites. Such proxy servers are useful when you need to change your ip address on the internet or access a website from a different geo location.
If you need an proxy server or caching solution try Squid Proxy which supports, etc.
Resources
Config documentation can be found here –
If you want to compile the latest version of dante from source then check out these links –
Frequently Asked Questions about linux socks5 proxy server
How use SOCKS5 proxy in Linux?
To use it, just make your software use SOCKS5 proxy on your Linux computer’s IP, port 1080, and you’re done – all your requests will now get proxied. The first rule says, allow anyone from 1.2. 3.4 to connect to port 1080 , and the other rule says, deny everyone else from connecting to port 1080 .
How do I setup a SOCKS5 proxy?
Click the Apple icon at the top left of the menu bar on your screen and select System Preferences. Select Network and then Proxies. Click the Advanced button to access the Network settings and navigate to the Proxies tab. Click the SOCKS Proxy checkbox and enter the host and port information.Jan 12, 2017
What is the best proxy for SOCKS5?
The best VPNs for SOCKS5 – In-depth AnalysisNordVPN. www.nordvpn.com. NordVPN is a reliable VPN that provides security, privacy. … Private Internet Access. www.privateinternetaccess.com. … IPVanish. www.ipvanish.com. … Hide.me. www.hide.me. … Windscribe. Windscribe provide a SOCKS5 proxy on their premium plan.Sep 29, 2021