Dante SOCKS Proxy config

I use Dante in tandem with SSH to encrypt my browsing or any other online activity when I am someplace that I don’t want to be snooped on. The full tutorial on how to set this all up is here, I am just posting my Dante config file for my reference (and if anyone else would like to take a look at it) .

Then you just have to remember:

ssh -L 1080:localhost:1080 user@host

And remember! Dante is a SOCKS host NOT an HTTP proxy, you are going to get all sorts of weird errors if you get this wrong.

/etc/dante.conf


#Where are we going to log all those useful error messages?
logoutput: /var/log/dante.log
 
#What ip and port should Dante listen on,
# since I am only going to be using this via SSH 
#I only want to allow connections over the loopback
internal: 127.0.0.1 port = 1080
 
#Bind to the eth0 interface
external: eth0
 
#Since I am only accepting connections over the loopback, 
# the only people that COULD connect 
# would already be authenticated, 
# no need to have dante authenticate also
method: username none
 
#Which unprivileged user will Dante impersonate if need-be?
user.notprivileged: nobody
 
# Who can access this proxy?
# Accept only connections from the loopback, all ports
client pass {
  from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}
 
#Block all other connection attempts
client block {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  log: connect error
}
 
# Once connected, where can they go?
block {
  from: 0.0.0.0/0 to: 127.0.0.0/8
  log: connect error
}
 
#Pass from the internal IP to anywhere
pass {
  from: 192.168.0.0/16 to: 0.0.0.0/0
  protocol: tcp udp
}
 
#Pass from the loopback going anywhere
pass {
  from: 127.0.0.0/8 to: 0.0.0.0/0
  protocol: tcp udp
}
 
# Block everything else
block {
  from: 0.0.0.0/0 to: 0.0.0.0/0
  log: connect error
}

If you have any questions let me know, maybe we can be confused together.. :-P

  1. #1 by brockers on February 10, 2009 - 5:24 am

    Thanks for the config but the link to the tutorial is broken?

  2. #2 by jeffro on February 10, 2009 - 9:23 am

    Link corrected..thanks for the heads up!
    It looks like he moved his site..
    http://blog.edseek.com/~jasonb/articles/dante_tunnel.shtml

  3. #3 by xxmsaxx on January 26, 2012 - 11:07 pm

    Hey man this config file showed me exactly what I needed with the plain as day comments thanks a ton!

  4. #4 by jeffro on January 27, 2012 - 9:50 am

    I am glad the article helped you out.

  5. #5 by boo on June 18, 2012 - 1:31 pm

    Hello :)
    All that I want is a SOCKS5 proxy with authentication (user:password). However I just can’t get it to work. Do you think you can pass me a link or a hint on how to do that?
    Thanks

  6. #6 by jeffro on June 20, 2012 - 1:57 pm

    Not sure what you have tried so I can’t tell you if what you did is incorrect or not. I would start here for answers on authentication with Dante: http://www.inet.no/dante/doc/latest/config/auth.html

  7. #7 by pumin on May 2, 2013 - 3:57 pm

    Thank you very much. This helps.

  8. #8 by soheil on June 1, 2013 - 8:47 am

    hi man <3
    You are an angel from god
    Thank You very much jeff.

  9. #9 by soheil on June 1, 2013 - 6:44 pm

    hi again :D
    i changed config file to this:
    #################
    logoutput: stderr
    internal: eth0 port = 80
    #internal: 127.0.0.1 port = 80
    external: eth0
    method: pam
    user.privileged : root
    user.notprivileged : sockd
    client pass {
    from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
    log: error # connect disconnect
    }
    pass {
    from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
    protocol: tcp udp
    log: error # connect disconnect
    }
    #################
    but i have some problem :-s
    i get this error on the server every time when i want connect to socks server with Proxifier :
    ####################
    Jun 1 20:35:14 (1370133314.976393) sockd[27250]: info: pass(1): tcp/connect ]: 1130 -> pam%soheil@128.140.105.14.56962 37.220.10.106.80 -> 43, 43 -> 37.220.10.106.56962 http://www.google.com.80 -> 1130: local client error (Connection reset by peer). Session duration: 2s
    Jun 1 20:35:14 (1370133314.976589) sockd[27250]: info: pass(1): tcp/accept ]: 1130 -> 128.140.105.14.56962 37.220.10.106.80 -> 43: local client error (Connection reset by peer). Session duration: 2s
    ####################
    and this error on the proxifier:
    ####################
    [06:43] Error : the reply that was recieved from the target host does not look like a usual Web Server reply.
    Please make sure that the target host is a Web Server.
    The error may also indicate that the proxy server is not operating properly.
    Target host reply = HTTP/1.1 404
    [06:43] Test failed.
    ####################
    i think i am confused now :D
    i mixed this tutorial (http://safesrv.net/setup-socks-proxy-server-dante-with-freeradius/) whit yours.
    do you have any idea how can i fix this ?
    sorry about my trouble English.

  10. #10 by jeffro on June 3, 2013 - 10:28 am

    I’m not 100% sure what your issue is but the first thing that jumps out at me is the address you are trying to access there… http://www.google.com.80/ You probably meant to try http://www.google.com:80 but the port is totally unnecessary so just go to http://google.com

  11. #11 by Kabir on November 11, 2013 - 6:56 am

    Can you please tell me what I have to do to socksify the client. As I have to test SSH connection to my server after socksifying my client.

  12. #12 by tomski on March 23, 2014 - 1:39 pm

    hi Jeff

    i am often using free wifi connections with my laptop in public sites (malls), but there are lots of things that I cannot do on them, such as watch youtube videos, or even visit some websites (Streaming).
    So I am very interested in the info you provided.

    However I got the following error:
    tomski@liberty:~/Documents/$ ssh -L 1080:localhost:1080 tomski@liberty
    ssh: connect to host liberty port 22: Connection refused

    what did i do wrong?
    It would be very cool if u could help!

    —edit, remove config

    Many thanks in advance for your help!
    And if u could tell me as well how to do this in Jdownloader, it would be super nice!

    Best regards

  13. #13 by jeffro on March 24, 2014 - 8:51 pm

    I’m not sure about the your config but your starting wrong

    tomski@liberty:~/Documents/$ ssh -L 1080:localhost:1080 tomski@liberty
    ssh: connect to host liberty port 22: Connection refused

    For starters, you already tomski@liberty and your trying to SSH to tomski@liberty. You can’t create a tunnel to the machine you are currently on, well you can, but it doesn’t make any sense. You need another (read:external) server to run Dante, then you tunnel to that so your outside any firewall. So it would be:

    tomski@liberty:~/Documents/$ ssh -L 1080:localhost:1080 tomski@outside-server.com

    Get the tunnel working first.

(will not be published)