Dante Socks proxy – how to install and manage on RHEL or other distros, RPM package included

Updated: 2019/October/29 – Fixed bad installation directory in Sockd for RPM package

Installing socks proxy is usually not very good documented. There are only a few materials on internet and most of it won’t simply work, so here is mine.

First thing we should go through is why do we need a socks proxy? Sometimes it happens that we have a server (for example in DMZ) which has many connections and provide connectivity for ssh or other services which won’t be able to go through HTTP proxy.

So here is a short tutorial:

RPM install (tested on CentOS 7.6 x86.64)

1. Download and install package

rpm -ivh  https://github.com/koss822/misc/raw/master/Linux/Projects/dante_socks/rpmbuild/RPMS/x86_64/sockd-1.4.3-0.x86_64.rpm

Note

I know that a security and trust concerns are on place whenever you download some package from internet. This is a reason why I provide source code of RPM package so you can compile it yourself.

This is not some anonymous site. You can find more information about me or contact me directly on my e-mail martin (at) enigma14 (dot) eu in case you have some questions.

In case you do not want to use some package from internet you can easily follow to manual installation and compilation steps which are also described on this page.

2. Edit config file

vi /etc/sockd.conf
internal: YOUR-NETWORK-INTERFACE port = 3000
external: INSERT-YOUR-EXTERNAL-IP
socksmethod: none
logoutput: syslog stdout /

3. Start service

start the service and you are done.

systemctl start sockd
systemctl enable sockd

Manual compilation and installation

1. Download and compile dante socks proxy

From website https://www.inet.no/dante/download.html download source code, compile it and configure, e.g.

cd
wget https://www.inet.no/dante/files/dante-1.4.2.tar.gz
tar -zxvf dante-1.4.2.tar.gz
cd dante-1.4.2/
./configure
make
make install

2. Create a config file

Documentation to dante is not really clear but you have to bear in mind one thing. You are not only allowing access to socks proxy, but you also need to allow access from socks proxy to outside world. So you basically need two access lists. My example is below.

vi /etc/sockd.conf
internal: eth0 port = 3000
external: INSERT-YOUR-EXTERNAL-IP
socksmethod: none
logoutput: syslog stdout /var/log/sockd.log

client pass {
  from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
  clientmethod: none
  log: connect error
}

socks pass {
  from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
  clientmethod: none
  log: connect error
}

3. How to use it as service

Last thing is pretty easy, mostly if you use systemd.

vi /usr/lib/systemd/system/sockd.service
[Unit]
Description=Sockd Service

[Service]
Type=normal
ExecStart=/usr/local/sbin/sockd

[Install]
WantedBy=multi-user.target

Just start the service and you are done.

systemctl start sockd
systemctl enable sockd