Tabla de contenido
How to Create a SOCKS Proxy with Dante on Ubuntu
In the digital era, maintaining online privacy and security is more crucial than ever. One way to protect your identity and data on the internet is through the use of a SOCKS proxy server. This type of proxy acts as an intermediary between your device and the internet, hiding your real IP address and encrypting your internet traffic. In this article, we will guide you step by step on how to set up your own SOCKS proxy server on Ubuntu using Dante, a versatile and high-performance proxy server.
Starting Dante Installation
Before diving into the Dante setup, it’s essential to prepare your system and ensure it is updated. To do this, open a terminal and run the following commands:
sudo apt update sudo apt install dante-server
These commands will update your system’s package list and then install Dante, respectively.
Configuring the danted.conf File
Once Dante is installed, the next step is to configure the proxy server. This is done by editing the danted.conf configuration file located in /etc/danted/. To do this, use your preferred text editor. Here, we will use vim:
vim /etc/danted.conf
Inside this file, you must specify crucial details such as the external and internal interfaces, the authentication method, and access rules. Below, we show you an example configuration that you can adjust according to your needs:
logoutput: syslog
user.privileged: root
user.unprivileged: nobody
# The external interface (can be your public IP address or the interface name)
external: eth0
# The internal interface (usually your server's IP address or loopback)
internal: 0.0.0.0 port=1080
# Authentication method
socksmethod: username
# Access rules
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}
# Who can use this proxy
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bind connect udpassociate
log: connect disconnect error
socksmethod: username
}
This configuration defines a SOCKS server that listens on all available interfaces (0.0.0.0) on port 1080. It uses username authentication and allows connections from and to any address.
Creating a User for the Proxy
For the proxy to be secure and not open to the public, it’s necessary to create a specific user for the connection. This is achieved with the following commands:
sudo useradd -r -s /bin/false username sudo passwd username
Here, username is the username you wish for the proxy connection. The useradd command creates the user, and passwd allows you to assign a password.
Restarting and Enabling Dante Service
With the user created and the configuration file adjusted, it’s time to restart the Dante service and ensure it runs at system startup:
sudo systemctl restart danted.service sudo systemctl enable danted.service sudo systemctl status danted.service
Furthermore, it’s important to ensure that port 1080, where the proxy listens, is allowed in the firewall:
sudo ufw allow 1080/tcp
Verifying the Connection
Finally, to verify everything is working correctly, you can test the connection through the proxy with the following command:
curl -v -x socks5://username:password@your_server_ip:1080 https://whatismyip.com/
Remember to replace username, password, and your_server_ip with your specific information. This command will use your proxy server to access a website that shows your public IP address, thus verifying that traffic is indeed being redirected through the SOCKS proxy.
Setting up a SOCKS proxy server with Dante may seem complex at first, but by following these steps, you can have a powerful system
You can configure a SOCKS5 proxy server using OpenSSH on Ubuntu 22.04, which is a simpler and more direct alternative in certain cases, especially for personal use or in situations where you already have an SSH server set up. Below, I explain how to do it:
Creating a Socks 5 Proxy with OpenSSH
Unlike Dante, with which we can create a proxy service with authentication, with OpenSSH, we can create a tunnel on a port that can be used as a SOCKS proxy without authentication, so it is convenient to use it only for localhost within a single computer (we will explain this better