It’s not so obvious that socks servers with authentication are a necessary thing.
- You can run a “local socks service” simply by connecting to a remote host via ssh (with
-D <port>) - Most of software products, that support socks, don’t support socks servers with authentication
The last fact I find very unfortunate, because using socks without having to monitor ssh connection is much more comfortable. But if the software actually supports socks with authentication you can try Dante server.
Here’s how to install and configure it in CentOS 7.
Installation
Build the rpm files. You can see the last version of Dante at https://www.inet.no/dante/download.html
# yum install -y rpmdevtools rpm-build pam-devel bison flex gcc make glibc-devel libtool autoconf automake binutils
$ wget https://www.inet.no/dante/files/dante-1.4.2.tar.gz
$ rpmbuild -tb dante-*.tar.gzIf everything is ok, you will find the following packages:
$ ls rpmbuild/RPMS/x86_64/dante-*
rpmbuild/RPMS/x86_64/dante-1.4.2-1.el7.x86_64.rpm
rpmbuild/RPMS/x86_64/dante-debuginfo-1.4.2-1.el7.x86_64.rpm
rpmbuild/RPMS/x86_64/dante-devel-1.4.2-1.el7.x86_64.rpm
rpmbuild/RPMS/x86_64/dante-server-1.4.2-1.el7.x86_64.rpmInstalling the packages:
# rpm -ivh rpmbuild/RPMS/x86_64/dante-1.4.2-1.el7.x86_64.rpm
# rpm -ivh rpmbuild/RPMS/x86_64/dante-server-1.4.2-1.el7.x86_64.rpmConfiguration
Note the port number, which you can set arbitrarily, for example 1313:
# cat >/etc/sockd.conf <<EOL
logoutput: syslog
user.privileged: root
user.unprivileged: nobody
# The listening network interface or address.
internal: 0.0.0.0 port=1313
# The proxying network interface or address.
external: eth0
# socks-rules determine what is proxied through the external interface.
# The default of "none" permits anonymous access.
socksmethod: username
# client-rules determine who can connect to the internal interface.
# The default of "none" permits anonymous access.
clientmethod: none
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
#log: connect disconnect error
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
#log: connect disconnect error
}
EOLDante uses Linux system authentication, so it’s a good idea to create a separate user account that will be used only socks authentication, and it will be impossible to use this user to log in:
# useradd -r -s /bin/false danteuser
# passwd danteuserStart the service
Open the port on the firewall:
# firewall-cmd --zone=public --add-port=1313/tcp --permanent
# firewall-cmd --reloadAnd start the service:
# systemctl start sockd
# systemctl status sockdSock server works:
<server_ip>:1313
danteuser/<danteuser_password>
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
I’ve changed the interface to the network interface of mine as below
external: ens160
But when starting the service I receive an error saying
Failed to start sockd.service: Unit not found.
What could be done?
My OS is Centos 7
Hi, such a great tutorial thanks. I have a question, is dante supports multiple IP addresses?
Thanks a lot.
Hi,
Thank you! There is a new version dante-1.4.3