Networks archivos » Aprende IT All the latest news about IT Sun, 12 May 2024 19:17:10 +0000 en-US hourly 1 https://aprendeit.com/wp-content/uploads/2020/02/LOGO-CORTO-100x100.png Networks archivos » Aprende IT 32 32 Create SOCKS Proxy with Dante and OpenSSH https://aprendeit.com/en/create-socks-proxy-with-dante-and-openssh/ https://aprendeit.com/en/create-socks-proxy-with-dante-and-openssh/#respond Mon, 25 Mar 2024 22:31:35 +0000 https://aprendeit.com/?p=6152 How to Create a SOCKS Proxy with Dante on Ubuntu In the digital era, maintaining online privacy and security is more crucial than ever. One way to protect your identity ...

La entrada Create SOCKS Proxy with Dante and OpenSSH se publicó primero en Aprende IT.

]]>
How to Create a SOCKS Proxy with Dante on Ubuntu

In the digital era, maintaining online privacy and security is more crucial than ever. One way to protect your identity and data on the internet is through the use of a SOCKS proxy server. This type of proxy acts as an intermediary between your device and the internet, hiding your real IP address and encrypting your internet traffic. In this article, we will guide you step by step on how to set up your own SOCKS proxy server on Ubuntu using Dante, a versatile and high-performance proxy server.

Starting Dante Installation

Before diving into the Dante setup, it’s essential to prepare your system and ensure it is updated. To do this, open a terminal and run the following commands:

sudo apt update
sudo apt install dante-server

These commands will update your system’s package list and then install Dante, respectively.

Configuring the danted.conf File

Once Dante is installed, the next step is to configure the proxy server. This is done by editing the danted.conf configuration file located in /etc/danted/. To do this, use your preferred text editor. Here, we will use vim:

vim /etc/danted.conf

Inside this file, you must specify crucial details such as the external and internal interfaces, the authentication method, and access rules. Below, we show you an example configuration that you can adjust according to your needs:

logoutput: syslog
user.privileged: root
user.unprivileged: nobody

# The external interface (can be your public IP address or the interface name)
external: eth0

# The internal interface (usually your server's IP address or loopback)
internal: 0.0.0.0 port=1080

# Authentication method
socksmethod: username

# Access rules
client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect disconnect error
}

# Who can use this proxy
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    command: bind connect udpassociate
    log: connect disconnect error
    socksmethod: username
}

This configuration defines a SOCKS server that listens on all available interfaces (0.0.0.0) on port 1080. It uses username authentication and allows connections from and to any address.

Creating a User for the Proxy

For the proxy to be secure and not open to the public, it’s necessary to create a specific user for the connection. This is achieved with the following commands:

sudo useradd -r -s /bin/false username
sudo passwd username

Here, username is the username you wish for the proxy connection. The useradd command creates the user, and passwd allows you to assign a password.

Restarting and Enabling Dante Service

With the user created and the configuration file adjusted, it’s time to restart the Dante service and ensure it runs at system startup:

sudo systemctl restart danted.service
sudo systemctl enable danted.service
sudo systemctl status danted.service

Furthermore, it’s important to ensure that port 1080, where the proxy listens, is allowed in the firewall:

sudo ufw allow 1080/tcp

Verifying the Connection

Finally, to verify everything is working correctly, you can test the connection through the proxy with the following command:

curl -v -x socks5://username:password@your_server_ip:1080 https://whatismyip.com/

Remember to replace username, password, and your_server_ip with your specific information. This command will use your proxy server to access a website that shows your public IP address, thus verifying that traffic is indeed being redirected through the SOCKS proxy.

Setting up a SOCKS proxy server with Dante may seem complex at first, but by following these steps, you can have a powerful system

You can configure a SOCKS5 proxy server using OpenSSH on Ubuntu 22.04, which is a simpler and more direct alternative in certain cases, especially for personal use or in situations where you already have an SSH server set up. Below, I explain how to do it:

Creating a Socks 5 Proxy with OpenSSH

Unlike Dante, with which we can create a proxy service with authentication, with OpenSSH, we can create a tunnel on a port that can be used as a SOCKS proxy without authentication, so it is convenient to use it only for localhost within a single computer (we will explain this better later)

Installing OpenSSH Server

If you don’t already have OpenSSH Server installed on your server that will act as the proxy, you can install it with the following command as long as it’s a Debian / Ubuntu-based distribution:

sudo apt update
sudo apt install openssh-server

Ensure the service is active and running correctly with:

sudo systemctl status ssh

Configuring the SSH Server (Optional)

By default, OpenSSH listens on port 22. You can adjust additional configurations by editing the /etc/ssh/sshd_config file, such as changing the port, restricting access to certain users, etc. If you make changes, remember to restart the SSH service:

sudo systemctl restart ssh

Using SSH as a SOCKS5 Proxy

To configure an SSH tunnel that works as a SOCKS5 proxy, use the following command from your client (not on the server). This command establishes an SSH tunnel that listens locally on your machine on the specified port (for example, 1080) and redirects traffic through the SSH server:

ssh -D 1080 -C -q -N user@server_address
  • -D 1080 specifies that SSH should create a SOCKS5 proxy on local port 1080.
  • -C compresses data before sending.
  • -q enables silent mode that minimizes log messages.
  • -N indicates no remote commands should be executed, useful when you only want to establish the tunnel.
  • user is your username on the SSH server.
  • server_address is the IP address or domain of your SSH server.

At this point, we mention that with the -D option, you should only specify the port as exposing the port to the entire network may allow other devices on the network to use this proxy without authenticating:

[ger@ger-pc ~]$ ssh -D 0.0.0.0:1081 root@192.168.54.100

If we check with the command ss or netstat, we can see that it is listening on all networks:

[ger@ger-pc ~]$ ss -putan|grep 1081
tcp LISTEN 0 128 0.0.0.0:1081 0.0.0.0:* users:(("ssh",pid=292405,fd=4)) 
[ger@ger-pc ~]$

However, if we connect by specifying only the port without 0.0.0.0 or without any IP, it will only do so on localhost:

[ger@ger-pc ~]$ ssh -D 1081 root@192.168.54.100

.......

[ger@ger-pc ~]$ ss -putan|grep 1081
tcp LISTEN 0 128 127.0.0.1:1081 0.0.0.0:* users:(("ssh",pid=292485,fd=5)) 
tcp LISTEN 0 128 [::1]:1081 [::]:* users:(("ssh",pid=292485,fd=4)) 
[ger@ger-pc ~]$

Connecting Through the SOCKS5 Proxy:

Now you can configure your browser or application to use the SOCKS5 proxy on localhost and port 1080. Each application has a different way of configuring this, so you will need to review the preferences or documentation of the application.

Automating the Connection (Optional):
If you need the tunnel to be established automatically at startup or without manual interaction, you may consider using a tool like autossh to keep the tunnel connection open and reconnect in case it drops.

This is an effective way to establish a quick SOCKS5 proxy for a user or a few users, especially useful for bypassing network restrictions or securing your traffic on untrusted networks. The main advantage of this method is its simplicity and that it leverages existing SSH infrastructure without the need to configure additional software on the server.

La entrada Create SOCKS Proxy with Dante and OpenSSH se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/create-socks-proxy-with-dante-and-openssh/feed/ 0
Improving Network Efficiency: Exploring the Synergies of Subnetting and VLANs https://aprendeit.com/en/improving-network-efficiency-exploring-the-synergies-of-subnetting-and-vlans/ https://aprendeit.com/en/improving-network-efficiency-exploring-the-synergies-of-subnetting-and-vlans/#respond Mon, 10 Jul 2023 12:55:31 +0000 https://aprendeit.com/?p=5271 Welcome back to the blog. Today, I bring you a hot topic in the world of networks: improving efficiency through the combination of subnetting and VLANs. In today’s post, we’re ...

La entrada Improving Network Efficiency: Exploring the Synergies of Subnetting and VLANs se publicó primero en Aprende IT.

]]>
Welcome back to the blog. Today, I bring you a hot topic in the world of networks: improving efficiency through the combination of subnetting and VLANs. In today’s post, we’re going to unpack what subnetting is, how it’s done, and what VLANs are. But not only that, we’re also going to talk about the security advantages of VLANs and why it’s not a good idea to do subnetting on the same VLAN. So, prepare your coffee cup and let’s get started!

Diving into the world of Subnetting

Before getting into detail, you should know what subnetting is. It’s a process that divides an IP network into smaller networks, or subnets. This process allows us to better manage our IP address space, providing us with more flexibility and control over our network.

In this process, we use something known as a “network mask”. A network mask is a string of numbers that defines how many hosts can be on a network. For example, a common network mask is 255.255.255.0, which allows up to 254 hosts on a network.

But, how do we do subnetting? Let’s quickly see it. We need to consider the Classless Inter-Domain Routing (CIDR), which allows us to define the length of the network mask. If we start with a /24 network (equivalent to 255.255.255.0), and we want to divide it into smaller subnets, we could go for a /25 mask. This would give us two subnets, each capable of hosting 126 hosts.

To carry out subnetting, we first decide how many subnets we need and how many hosts we want in each one. Then, we adjust our network mask accordingly. And that’s it! We’ve segmented our network.

VLANs: Your new ally in the network

After clarifying subnetting, it’s time to talk about VLANs or Virtual Local Area Networks. VLANs are basically “virtual subnets” that group different hosts, regardless of their physical location on the network.

There are two types of VLANs that you should know about: tagged and untagged. In a tagged VLAN, data packets carry a tag that identifies which VLAN they belong to. This allows packets from different VLANs to coexist in the same network frame. On the other hand, in an untagged VLAN, packets do not carry tags. Therefore, they can only belong to one VLAN at a time.

Also, there are two modes of VLAN links: access and trunk. An access link is one that connects a final device (like your computer) to the network. This link can only belong to one VLAN at a time and is generally set up as an untagged VLAN. On the other hand, trunk links are those that connect switches to each other, and they allow the passage of packets from various VLANs, meaning, they are tagged.

VLANs and security: A dynamic duo

VLANs bring a series of security advantages that make them a very valuable resource. By segmenting your network into different VLANs, you’re isolating communication between the different segments of your network. This means that if an intruder manages to access your network, their ability to move around and access different resources will be limited.

Moreover, VLANs allow you to implement network-level security policies more precisely. You can configure firewalls, access control lists, and other security measures at the level of each VLAN. This gives you great control over who can do what and where in your network.

Subnetting and VLANs: A winning combination

At this point, you might be asking yourself: why isn’t it a good idea to do subnetting on the same VLAN? Well, although it may seem like a good idea at first, doing subnetting within the same VLAN can lead to network performance issues.

The reason is that VLANs and subnets operate on different levels of the OSI model. While subnets work on layer 3 (the network layer), VLANs operate on layer 2 (the data link layer). This means that even though you’re segmenting your network at the IP level with subnetting, all packets still have to pass through the same VLAN. This can create bottlenecks and decrease your network performance.

Therefore, the most efficient approach is to combine VLANs and subnetting. This way, each VLAN has its own subnet, which avoids performance issues and provides greater isolation and security between the different parts of your network. Moreover, it gives you more flexibility to manage and scale your network according to your needs.

In summary, both subnetting and VLANs are valuable tools for any network professional. By combining them properly, you can achieve a more efficient, secure, and easy-to-manage network. I hope this post has helped clear up your doubts. Want to learn more about another network topic? Leave your suggestions in the comments. See you in the next post!

La entrada Improving Network Efficiency: Exploring the Synergies of Subnetting and VLANs se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/improving-network-efficiency-exploring-the-synergies-of-subnetting-and-vlans/feed/ 0
Top 25 fortinet utility commands https://aprendeit.com/en/top-25-fortinet-utility-commands/ https://aprendeit.com/en/top-25-fortinet-utility-commands/#respond Tue, 18 Jan 2022 23:58:28 +0000 https://aprendeit.com/?p=2486 Lately in my day to day I am having to “fight” with the fortinet firewalls coninuously, so I share with you the commands that I am using the most: Command ...

La entrada Top 25 fortinet utility commands se publicó primero en Aprende IT.

]]>
Lately in my day to day I am having to “fight” with the fortinet firewalls coninuously, so I share with you the commands that I am using the most:

Command Description
# show Displays the global configuration
# sh system interface see interface configuration
# diagnose hardware deviceinfo nic view card information
# get system status see forti’s version
# sh firewall policy 6 see rule number 6
# sh router policy see routing policy
# diagnose system session list see list of sessions
# diagnose system session clear clears all xlate/translations
# diagnose ip arp list see arp table
# get router info routing-table all see all routes
# diagnose system top see the top processes
# diagnose system kill 9 kill process
# diag test auth ldap check if you can log in with an ldap user
# config system interface
edit port1
set ip 192.168.0.100 255.255.255.0
append allowaccess http
end
configure network interface
# config router static
edit 1
set device port1
set gateway
end
configure route
# config system dns
set primary set secondary
end
configure dns
# execute ping 8.8.8.8 ping 8.8.8.8.8
# config system ha
set ha-eth-type 0003
set group-id 140
set up a group in the ha
# get system ha status see the state of the ha
# execute ha synchronize config synchronize ha
# execute ha synchronize stop
execute ha synchronize start
synchronize ha
# execute traceroute IP traceroute to an ip
# get system performance firewall statistics Display traffic statistics so far:
# get system performance status Display CPU status and power-on time:
# get system performance top Display CPU utilization sorted by the most important processes

La entrada Top 25 fortinet utility commands se publicó primero en Aprende IT.

]]>
https://aprendeit.com/en/top-25-fortinet-utility-commands/feed/ 0