====== Dante_Socks_Server ====== When working on a private LAN with no direct internet access available, squid is normally used a proxy server for internet and ftp traffic. SSH or scp (or other traffic) however, will require a SOCKS server in order to reach the internet. Dante socks server provides just that. ====== How to install dante socks server on debian (ubuntu is similar): ====== apt-get install dante-server This installs dante onto your debian server. By default it will not start (it will try to start - but will fail saying "no internal interfaces are configured etc..."). ====== To configure Dante socks server: ====== vi /etc/danted.conf By default - most required lines will be uncommented. The following lines need to be inserted/ uncommented in danted.conf #logoutput: stderr logoutput: syslog #the above line will send any logs to /var/log/syslog instead to a terminal internal: eth0 port = 1080 internal: 127.0.0.1 port = 1080 external: eth0 method: username none #the above puts no username or password. Access will instead be controlled via client ip address/range. #if there is no username or password - then danted socks server needs to run as nobody, i.e. #method: pam # if you choose to use pam instead - a valid username&password as required for sshing to the socks server is required. #Note: not sure if proxy login details are sent in clear text. #user.privileged: proxy user.notprivileged: nobody client pass { from: 136.201.251.21/0 port 1-65535 to: 0.0.0.0/0 # 136.201.251.21/0 = specific ip address. } client pass { from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0 } client block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error } #Finally block other traffic block { from: 0.0.0.0/0 to: 127.0.0.0/8 log: connect error } pass { from: 136.201.251.21/0 to: 0.0.0.0/0 protocol: tcp udp } pass { from: 127.0.0.0/8 to: 0.0.0.0/0 protocol: tcp udp } block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error } Once the config is complete. Start/Restart dante socks server: /etc/init.d/danted start If there is a problem with the config - it will tell you immediately on trying to start the danted daemon. ====== Test Dante Socks Server ====== netstat -n -a #check to see if server is listening on 1080 Make sure the firewall is open. Add appropriate rule as on [[Iptables_Firewall]]. Test also with winscp or putty. ====== Other SOCKS Servers ====== Note that putty itself can provide a SOCKS 5 server!! (But putty needs to be able to connect to an external server/computer firstly!) **To configure socks to act as a socks v5 server:** Open Putty, Go to CONNECTION -> SSH -> TUNNELS In the Source Port - put 1080 In the Destination Port - put 1080 Click on the **Dynamic** radio button for "Dynamic Port Forwarding" Connect to an server with external access. Telnet localhost 1080 and it should connect. Also note - SOCKS v5 can be setup using ssh on the command line. ssh user@server.com -D 1080 # -D is for Dynamic Port Forwarding. ---- More info on Dante's Config at: http://trekweb.com/~jasonb/articles/dante_tunnel.shtml