Skip to content

How to Setup a SOCKS5 Proxy on Debian

#debian

17/01/2023

:   Alexander

Server Requirements

Tested on Ubuntu 20.04 & Debian 11. Nice & simple for this one, all you'll need is about 64MB of RAM & a single vCPU, you can probably do this on a 32MB LXC Container but goodluck running apt-get on that sucker.

Step 1 - Update the system

Firstly update your system, on Debian you can use the below command. 

sudo apt-get update && sudo apt upgrade

Step 2 - Installing Dante

We'll use Dante for this guide, Dante is an open-source SOCKS proxy server. 

sudo apt install dante-server
Check Dante is running. 
systemctl status danted.service
The output will be a failure to start the service. 
× danted.service - SOCKS (v4 and v5) proxy daemon (danted)
     Loaded: loaded (/lib/systemd/system/danted.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Tue 2023-01-17 06:02:01 UTC; 4s ago
       Docs: man:danted(8)
             man:danted.conf(5)
    Process: 3049367 ExecStartPre=/bin/sh -c    uid=`sed -n -e "s/[[:space:]]//g" -e "s/#.*//" -e "/^user\.privileged/{s/[^:]*://p;q;}" /etc/danted.conf`;      if [ -n "$uid" ]; then                  touch /var/run>    Process: 3049389 ExecStart=/usr/sbin/danted (code=exited, status=1/FAILURE)
   Main PID: 3049389 (code=exited, status=1/FAILURE)
To start the service we'll need to edit the config file, start by deleting the default config file then creating a new one. 
sudo rm /etc/danted.conf
sudo nano /etc/danted.conf
Add the following into the new file, make sure you edit the port if needed. If you're running this on an LXC container you'll probably need to change the external network interface from eth0 to venet0 
logoutput: syslog
user.privileged: root
user.unprivileged: nobody

# The listening network interface or address.
internal: 0.0.0.0 port=1080

# The proxying network interface or address.
external: eth0

# socks-rules determine what is proxied through the external interface.
socksmethod: username

# client-rules determine who can connect to the internal interface.
clientmethod: none

client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
}

socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
}
If you're using UFW be sure to open port 1080. 
sudo ufw allow 1080

Step 3 - Securing Dante

Dante will authenticate users using standard Linux user accounts. This is useful, but since the password for that connection will be transmitted in plain text, it's crucial to create a specific SOCKS user who will not have access to any other parts of the server. 

sudo useradd -r -s /bin/false your_dante_user
sudo passwd your_dante_user

Step 4 - Starting Dante

Now restart Dante with your configuration changes. 

sudo systemctl restart danted.service

Check the service is running correctly. 

systemctl status danted.service


 danted.service - SOCKS (v4 and v5) proxy daemon (danted)
     Loaded: loaded (/lib/systemd/system/danted.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2023-01-17 06:10:50 UTC; 5s ago
       Docs: man:danted(8)
             man:danted.conf(5)
    Process: 3058300 ExecStartPre=/bin/sh -c    uid=`sed -n -e "s/[[:space:]]//g" -e "s/#.*//" -e "/^user\.privileged/{s/[^:]*://p;q;}" /etc/danted.conf`;      if [ -n "$uid" ]; then                  touch /var/run>   Main PID: 3058304 (danted)

You can now successfully connect to your Dante server through your SOCKS proxy client. In a future guide I'll explain how to setup Foxyproxy & setting all external internet traffic from your webbrowser to travel through the proxy, this will be linked here replacing this text whenever that is written.