Dante SOCKS Proxy config
I use Dante in tandem with SSH to encrypt my browsing or any other online activity when I am someplace that I don’t want to be snooped on. The full tutorial on how to set this all up is here, I am just posting my Dante config file for my reference (and if anyone else would like to take a look at it) .
Then you just have to remember:
ssh -L 1080:localhost:1080 user@host |
And remember! Dante is a SOCKS host NOT an HTTP proxy, you are going to get all sorts of weird errors if you get this wrong.
/etc/dante.conf
#Where are we going to log all those useful error messages? logoutput: /var/log/dante.log #What ip and port should Dante listen on, # since I am only going to be using this via SSH #I only want to allow connections over the loopback internal: 127.0.0.1 port = 1080 #Bind to the eth0 interface external: eth0 #Since I am only accepting connections over the loopback, # the only people that COULD connect # would already be authenticated, # no need to have dante authenticate also method: username none #Which unprivileged user will Dante impersonate if need-be? user.notprivileged: nobody # Who can access this proxy? # Accept only connections from the loopback, all ports client pass { from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0 } #Block all other connection attempts client block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error } # Once connected, where can they go? block { from: 0.0.0.0/0 to: 127.0.0.0/8 log: connect error } #Pass from the internal IP to anywhere pass { from: 192.168.0.0/16 to: 0.0.0.0/0 protocol: tcp udp } #Pass from the loopback going anywhere pass { from: 127.0.0.0/8 to: 0.0.0.0/0 protocol: tcp udp } # Block everything else block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error } |
If you have any questions let me know, maybe we can be confused together.. 
About Jeff
Jeff Robbins is a software engineer and father of three that lives in Pennsylvania, USA. With his varied career he's been able to pick up a lot of different technologies. Thats what this site is about, what ever is on his mind at the time, which is generally something to do with technology. But occasionally he goes off the rails and rants about something he knows very little about.
If want to know a little more about me, go here.
#1 by brockers on February 10, 2009 - 5:24 am
Thanks for the config but the link to the tutorial is broken?
#2 by jeffro on February 10, 2009 - 9:23 am
Link corrected..thanks for the heads up!
It looks like he moved his site..
http://blog.edseek.com/~jasonb/articles/dante_tunnel.shtml
#3 by xxmsaxx on January 26, 2012 - 11:07 pm
Hey man this config file showed me exactly what I needed with the plain as day comments thanks a ton!
#4 by jeffro on January 27, 2012 - 9:50 am
I am glad the article helped you out.
#5 by boo on June 18, 2012 - 1:31 pm
Hello
All that I want is a SOCKS5 proxy with authentication (user:password). However I just can’t get it to work. Do you think you can pass me a link or a hint on how to do that?
Thanks
#6 by jeffro on June 20, 2012 - 1:57 pm
Not sure what you have tried so I can’t tell you if what you did is incorrect or not. I would start here for answers on authentication with Dante: http://www.inet.no/dante/doc/latest/config/auth.html
#7 by pumin on May 2, 2013 - 3:57 pm
Thank you very much. This helps.
#8 by soheil on June 1, 2013 - 8:47 am
hi man <3
You are an angel from god
Thank You very much jeff.
#9 by soheil on June 1, 2013 - 6:44 pm
hi again
i changed config file to this:
#################
logoutput: stderr
internal: eth0 port = 80
#internal: 127.0.0.1 port = 80
external: eth0
method: pam
user.privileged : root
user.notprivileged : sockd
client pass {
from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
log: error # connect disconnect
}
pass {
from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
protocol: tcp udp
log: error # connect disconnect
}
#################
but i have some problem :-s
i get this error on the server every time when i want connect to socks server with Proxifier :
####################
Jun 1 20:35:14 (1370133314.976393) sockd[27250]: info: pass(1): tcp/connect ]: 1130 -> pam%soheil@128.140.105.14.56962 37.220.10.106.80 -> 43, 43 -> 37.220.10.106.56962 http://www.google.com.80 -> 1130: local client error (Connection reset by peer). Session duration: 2s
Jun 1 20:35:14 (1370133314.976589) sockd[27250]: info: pass(1): tcp/accept ]: 1130 -> 128.140.105.14.56962 37.220.10.106.80 -> 43: local client error (Connection reset by peer). Session duration: 2s
####################
and this error on the proxifier:
####################
[06:43] Error : the reply that was recieved from the target host does not look like a usual Web Server reply.
Please make sure that the target host is a Web Server.
The error may also indicate that the proxy server is not operating properly.
Target host reply = HTTP/1.1 404
[06:43] Test failed.
####################
i think i am confused now
i mixed this tutorial (http://safesrv.net/setup-socks-proxy-server-dante-with-freeradius/) whit yours.
do you have any idea how can i fix this ?
sorry about my trouble English.
#10 by jeffro on June 3, 2013 - 10:28 am
I’m not 100% sure what your issue is but the first thing that jumps out at me is the address you are trying to access there… http://www.google.com.80/ You probably meant to try http://www.google.com:80 but the port is totally unnecessary so just go to http://google.com