Dante Server
...what a relief after dealing with the POS SS5 Socks software. There were a couple of glitches getting it going, but once running, ran solid and best of all, unlike SS5, it didn't crash all the time.
SOCKS Proxy & Dante
For basic information on SOCKS Proxy Servers, read this: https://en.wikipedia.org/wiki/SOCKS
For a SOCKS Proxy Server that actually works: https://www.inet.no/dante/index.html
Installation
Installation was fairly easy as someone made RPMs for my OS (CentOS 7);
- Their site: https://centos.pkgs.org/7/ghettoforge-plus-x86_64/
- URL for downloads (you'll need "plain" dante and dante-server RPMs): http://mirror.ghettoforge.org/distributions/gf/el/7/plus/x86_64/
- I like to stay within the "YUM boundaries", so I installed via YUM: yum install WhatEverRPMpackageName
The RPM is version 1.4.2, but the latest version is 1.4.2 (but per the Dante web site, the 1.4.2 version contains no code changes)
The plain Dante package creates a configuration file named /etc/socks.conf, which can be ignored if one is running the Dante-Server
The Dante-Server package creates a configuration file named /etc/sockd.conf. This is the one to edit.
Configuration
"Out of the box", the /etc/sockd.conf file has every line commented out.
The Dante web site has a "minimal server configuration" example here:https://www.inet.no/dante/doc/1.4.x/config/server.html (Note: At the time of this writing, if you Google it, the version 1.3 example is one of the first links displayed, but the syntax in the 1.3 and 1.4 .conf files is slightly different.)
Their example file did not work for me the first time, but it was a typo error on my part.
And it didn't work the second time either. I looked at the system log file (/var/log/messages) and noticed an error related to a PID file. The default "init.d" script wanted to create the following PID file: /var/run/sockd/sockd.pid The /var/run/sockd directory did not exist. I thought about creating that directory, but remembered the trap I'd fallen into before where directories created there in CentOS 7 (and I assume other flavors of Linux) are not persistent (IE, they disappear when the system is rebooted). My solution (instead of going to the trouble of having a directory named sockd created under /var/run every time the system reboots) was to modify the /etc/init.d/sockd file lines that referred to the PID to this: /var/run/sockd.pid.
I did change two items, requests as it seemed a bit more secure to only accept SOCK requests from my subnet instead of everywhere (0.0.0.0);
#generic pass statement - bind/outgoing traffic
socks pass {
from: 192.168.2.0/24 to: 0.0.0.0/0
command: bind connect udpassociate
log: error # connect disconnect iooperation
}
#generic pass statement for incoming connections/packets
socks pass {
from: 192.168.2.0/24 to: 0.0.0.0/0
command: bindreply udpreply
log: error # connect disconnect iooperation
}
UDP Related Stuff;
socks pass {
from: 0.0.0.0/0 to: 192.168.2.0/24
command: bindreply udpreply
log: connect error
}
The following command was very helpful and accurate in checking the configuration file: sockd -V (that's a capital V)
My Client Software
Everything noted for the client software I use is accurate in the SS5 article, except DNS requests work with Dante, so left that enabled.