Dante SOCKS Proxy config

I use Dante in tandem with SSH to encrypt my browsing or any other online activity when I am someplace that I don’t want to be snooped on. The full tutorial on how to set this all up is here, I am just posting my Dante config file for my reference (and if anyone else would like to take a look at it) .

Then you just have to remember:

ssh -L 1080:localhost:1080 user@host

And remember! Dante is a SOCKS host NOT an HTTP proxy, you are going to get all sorts of weird errors if you get this wrong.

/etc/dante.conf

#Where are we going to log all those useful error messages?
logoutput: /var/log/dante.log
 
#What ip and port should Dante listen on,
# since I am only going to be using this via SSH 
#I only want to allow connections over the loopback
internal: 127.0.0.1 port = 1080
 
#Bind to the eth0 interface
external: eth0
 
#Since I am only accepting connections over the loopback, 
# the only people that COULD connect 
# would already be authenticated, 
# no need to have dante authenticate also
method: username none
 
#Which unprivileged user will Dante impersonate if need-be?
user.notprivileged: nobody
 
# Who can access this proxy?
# Accept only connections from the loopback, all ports
client pass {
  from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}
 
#Block all other connection attempts
client block {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  log: connect error
}
 
# Once connected, where can they go?
block {
  from: 0.0.0.0/0 to: 127.0.0.0/8
  log: connect error
}
 
#Pass from the internal IP to anywhere
pass {
  from: 192.168.0.0/16 to: 0.0.0.0/0
  protocol: tcp udp
}
 
#Pass from the loopback going anywhere
pass {
  from: 127.0.0.0/8 to: 0.0.0.0/0
  protocol: tcp udp
}
 
# Block everything else
block {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  log: connect error
}

If you have any questions let me know, maybe we can be confused together.. :-P

  1. #1 by brockers on February 10th, 2009 - 5:24 am

    Thanks for the config but the link to the tutorial is broken?

    Reply Quote

  2. #2 by jeffro on February 10th, 2009 - 9:23 am

    Link corrected..thanks for the heads up!
    It looks like he moved his site..
    http://blog.edseek.com/~jasonb/articles/dante_tunnel.shtml

    Reply Quote

  3. #3 by xxmsaxx on January 26th, 2012 - 11:07 pm

    Hey man this config file showed me exactly what I needed with the plain as day comments thanks a ton!

    Reply Quote

  4. #4 by jeffro on January 27th, 2012 - 9:50 am

    I am glad the article helped you out.

    Reply Quote
(will not be published)
Subscribe to comments feed
  1. No trackbacks yet.