How to Setup a SOCKS5 Proxy on Debian
Server Requirements
Tested on Ubuntu 20.04 & Debian 11. Nice & simple for this one, all you’ll need is about 64MB of RAM & a single vCPU, you can probably do this on a 32MB LXC Container but goodluck running apt-get on that sucker.
Step 1 – Update the system
Firstly update your system, on Debian you can use the below command.
apt-get update && apt upgrade
Step 2 – Installing Dante
We’ll use Dante for this guide, Dante is an open-source SOCKS proxy server.
apt install dante-server
Check Dante is running.
systemctl status danted.service
The output will be a failure to start the service.
ร danted.service - SOCKS (v4 and v5) proxy daemon (danted)
Loaded: loaded (/lib/systemd/system/danted.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Tue 2023-01-17 06:02:01 UTC; 4s ago
Docs: man:danted(8)
man:danted.conf(5)
Process: 3049367 ExecStartPre=/bin/sh -c uid=`sed -n -e "s/[[:space:]]//g" -e "s/#.*//" -e "/^user\.privileged/{s/[^:]*://p;q;}" /etc/danted.conf`; if [ -n "$uid" ]; then touch /var/run> Process: 3049389 ExecStart=/usr/sbin/danted (code=exited, status=1/FAILURE)
Main PID: 3049389 (code=exited, status=1/FAILURE)
To start the service we’ll need to edit the config file, start by deleting the default config file then creating a new one.
rm /etc/danted.conf
nano /etc/danted.conf
Add the following into the new file, make sure you edit the port if needed. If you’re running this on an LXC container you’ll probably need to change the external network interface from eth0
to venet0
logoutput: syslog
user.privileged: root
user.unprivileged: nobody
# The listening network interface or address.
internal: 0.0.0.0 port=1080
# The proxying network interface or address.
external: eth0
# socks-rules determine what is proxied through the external interface.
socksmethod: username
# client-rules determine who can connect to the internal interface.
clientmethod: none
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
}
If you’re using UFW be sure to open port 1080.
ufw allow 1080
Step 3 – Securing Dante
Dante will authenticate users using standard Linux user accounts. This is useful, but since the password for that connection will be transmitted in plain text, it’s crucial to create a specific SOCKS user who will not have access to any other parts of the server.
useradd -r -s /bin/false your_dante_user
passwd your_dante_user
Step 4 – Starting Dante
Now restart Dante with your configuration changes.
systemctl restart danted.service
Check the service is running correctly.
systemctl status danted.service
โ danted.service - SOCKS (v4 and v5) proxy daemon (danted)
Loaded: loaded (/lib/systemd/system/danted.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-01-17 06:10:50 UTC; 5s ago
Docs: man:danted(8)
man:danted.conf(5)
Process: 3058300 ExecStartPre=/bin/sh -c uid=`sed -n -e "s/[[:space:]]//g" -e "s/#.*//" -e "/^user\.privileged/{s/[^:]*://p;q;}" /etc/danted.conf`; if [ -n "$uid" ]; then touch /var/run> Main PID: 3058304 (danted)
You can now successfully connect to your Dante server through your SOCKS proxy client. In a future guide I’ll explain how to setup Foxyproxy & setting all external internet traffic from your webbrowser to travel through the proxy, this will be linked here replacing this text whenever that is written.