Debian Socks5 Proxy Server


SOCKS - Debian Wiki

SOCKS – Debian Wiki

SOCKS is an Internet protocol that facilitates the routing of network packets between client–server applications via a proxy server. SOCKS performs at Layer 5 of the OSI model—the session layer (an intermediate layer between the presentation layer and the transport layer). Port 1080 is the registered port designated for the SOCKS server. The SOCKS5 protocol was originally a security protocol that made firewalls and other security products easier to administer. (source: Wikipedia: SOCKS) SOCKS servers
Debian provides some SOCKS5 compatible server… search SOCKS in your prefered packages manager, like: apt-cache search SOCKS At the time of writting, DebianTesting has: hpsockd – HP SOCKS server (last updated 2008) dante-server – SOCKS (v4 and v5) proxy daemon (danted) shadowsocks – Fast tunnel proxy that helps you bypass firewalls socks4-server – SOCKS4 server for proxying IP-based services over a firewall (orphaned) Also, many people uses openssh to act as a SOCKS5 server, see SOCKS clients
Some applications can be instructed to use the SOCKS proxy in various ways: Gnome compatible applications should use the system settings (in Menu >> System >> Preferences >> Network Proxy). KDE may have similar setting. Some applications can be explicitely configured to use a SOCKS server, like iceweasel web browser, filezilla FTP client, putty SSH client, sim Instant messaging, etc. Most applications can use some kind of helper, which encapsulate/proxy the application’s connection(s) through the specified server (more below) SOCKS helpers & wrappers
Some helpers: connect-proxy – Establish TCP connection using SOCKS4/5 or HTTP tunnel socat – multipurpose relay for bidirectional data transfer tsocks – transparent network access through a SOCKS 4 or 5 proxy proxychains – proxy chains – redirect connections through proxy servers dante-client – SOCKS wrapper for users behind a firewall redsocks – Redirect any TCP connection to a SOCKS or HTTPS proxy server (If you wonder which one is the most poular, check: popcon) tsocks
See Application specific instructions
Using SSH client
(If your gateway doesn’t have a SOCKS helper, there are some alternatives, using netcat, or even this one [which doesn’t work in Debian because of 146464]) tsocks can be used too. SSH and connect-proxy
Assuming your SOCKS server is running on your localhost, listening on port 20000, you could run one of the following commands: ssh [email protected] -o ProxyCommand=’connect-proxy -S localhost:20000%h%p’ Configure your ~/ host mysshserver
User root
ProxyCommand connect-proxy -S localhost:20000%h%pthen simply run: ssh mysshserver Define an environement variable and an alias in ~/: export SOCKS5_SERVER=localhost:20000
alias ssh_socks=”ssh -o ProxyCommand=’connect-proxy -s%h%p'”which makes it easy to ssh through your SOCKS proxy when you need it, by simply running: ssh_socks [email protected] See also
torsocks – use socks-friendly applications with Tor corkscrew – tunnel TCP connections through HTTP proxies
Install and Configure Dante Socks5 Proxy on Debian/Ubuntu

Install and Configure Dante Socks5 Proxy on Debian/Ubuntu

This tutorial will explain how to install and configure the Dante Socks5 Proxy on Debian/Ubuntu. Before you start the installation, you must meet the following conditions:
Server with Operating System Linux:
Debian 9
Ubuntu 18. 04
Root access
SSH Tools
Putty For Windows
OpenSSH in Linux/macOS (available by default)
Step 1 – Install Dante
Step 1. 1 – Install from APT
apt update
// Debian 9
apt install dante-server
// Ubuntu 18. 04
When the installation is complete, you will see that Danted has encountered an error, because it has not been configured yet.
Check Dante Version:
[email protected]_host:~# danted -v
Dante v1. 4. 1
Dante v1. 2
Please note: when installing Dante using apt on Debian 9 and Ubuntu 18. 04 there are differences in versions. In Debian 9 the Dante version of 1. 1 is different from Ubuntu 18. 04 which is 1. 2. Full details about release information are HERE.
Step 1. 2 – Install from Source (Optional)
If you want to install the latest version, please follow the tutorial below. Make sure to delete dante if it’s already installed.
In this tutorial, we use the Dante version 1. 2 (Download Pages)
apt install build-essential gcc make
wget tar -xvf
cd dante-1. /configure –prefix=/usr –sysconfdir=/etc –localstatedir=/var –disable-client –without-libwrap –without-bsdauth –without-gssapi –without-krb5 –without-upnp –without-pam
make install
Check Dante version:
[email protected]_host:~# /usr/sbin/sockd -v
You have successfully installed Dante from sources. Now, We have to make daemons danted on linux systems.
Copy and paste the configuration below:
#! /bin/sh
# Provides: danted
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: SOCKS (v4 and v5) proxy daemon (danted)
# Description: Starts or stops the Dante SOCKS proxy daemon.
# Its configuration is stored in the /etc/ file;
# see the (5) manual page for details.
# dante SOCKS server init. d file. Based on /etc/init. d/skeleton:
# Version: @(#)skeleton 1. 8 03-Mar-1998. /lib/lsb/init-functions
DESC=”Dante SOCKS daemon”
test -f $DAEMON || exit 0
set -e
# This function makes sure that the Dante server can write to the pid-file.
touch_pidfile ()
if [ -r $CONFFILE]; then
uid=”`sed -n -e ‘s/[[:space:]]//g’ -e ‘s/#. *//’ -e ‘/^user. privileged/{s/[^:]*p;q;}’ $CONFFILE`”
if [ -n “$uid”]; then
touch $PIDFILE
chown $uid $PIDFILE
case “$1” in
if! egrep -cve ‘^ *(#|$)’
-e ‘^(logoutput|user. ((not)? privileged|libwrap)):’
$CONFFILE > /dev/null
echo “Not starting $DESC: not configured. ”
exit 0
echo -n “Starting $DESC: ”
start-stop-daemon –start –quiet –oknodo –pidfile $PIDFILE
–exec $DAEMON — -D
echo “$NAME. “;;
echo -n “Stopping $DESC: ”
start-stop-daemon –stop –quiet –oknodo –pidfile $PIDFILE
–exec $DAEMON
# If the daemon can reload its config files on the fly
# for example by sending it SIGHUP, do it here.
# If the daemon responds to changes in its config file
# directly anyway, make this a do-nothing entry.
echo “Reloading $DESC configuration files. ”
start-stop-daemon –stop –signal 1 –quiet –pidfile
$PIDFILE –exec $DAEMON — -D;;
# If the “reload” option is implemented, move the “force-reload”
# option to the “reload” entry above. If not, “force-reload” is
# just the same as “restart”.
echo -n “Restarting $DESC: ”
start-stop-daemon –stop –quiet –pidfile $PIDFILE –exec $DAEMON
sleep 1
start-stop-daemon –start –quiet –pidfile $PIDFILE
if start-stop-daemon –status –quiet –pidfile $PIDFILE
–exec $DAEMON; then
if [ -n “$configured”]; then
echo “$DESC running”
echo “$DESC running, yet not configured?! ”
echo “$DESC not running”
echo “$DESC not configured”
N=/etc/init. d/$NAME
# echo “Usage: $N {start|stop|restart|reload|force-reload}” >&2
echo “Usage: $N {start|stop|restart|force-reload|status}” >&2
exit 1;;
Give access to Danted daemon:
chmod +x /etc/init. d/danted
update-rc. d danted defaults
Now you can start / stop danted services with the installed version using apt:
systemctl status danted
systemctl start danted
systemctl stop danted
// Automatic Start Danted After Reboot
systemctl enable danted
Step 2 – Configure Dante
Step 2. 1 – Internet Interface
We must check the server interface, in the example below, the server uses the eth0 interface.
[email protected]_host:~# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127. 0. 1/8 scope host lo
valid_lft forever preferred_lft forever
inet6::1/128 scope host
2: eth0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:56:06:d1:d0 brd ff:ff:ff:ff:ff:ff
inet 10. 1/24 brd 10. 1 scope global eth0
Step 2. 2 – Dante Configuration
Before we change the configuration, we must make a backup configuration file, because in the configuration file there is information about the functions of each configuration line.
mv /etc/ /etc/
Then we edit the Danted configuration:
logoutput: /var/log/
internal: eth0 port = 1080
external: eth0
clientmethod: none
socksmethod: none
ivileged: root
tprivileged: nobody
client pass {
from: 0. 0/0 to: 0. 0/0
log: error connect disconnect}
client block {
log: connect error}
socks pass {
socks block {
Configuration Notes
If your server does not use the eth0 interface, change it in the section internal and external.
If you use public wifi and it turns out that the non-standard port is blocked, you can replace it with another port like 53 or 443, change in port = 1080 to port you want it.
Start and check if Danted is running normally:
Step 2. 3 – Dante Socks5 Test
curl -x socks5:
Example output of the command:
[email protected]_host:~# curl -x socks510. 1:1080
10. 1
If when doing a test it turns out that it failed, you can check the log is Danted on /var/log/
Step 3 – Limit Access
Step 3. 1 – Limit by Username
You can restrict access to your proxy server using a username and password.
Edit Danted Configuration on /etc/, and change this section:
# socksmethod: none // for non-authentication
socksmethod: username
command: bind connect udpassociate
log: error connect disconnect
socksmethod: username}
Save and restart using systemctl restart danted.
To create a user and password, use the following command:
useradd holu -r
passwd holu
Use the following command to test the login with your username and password:
curl -x socks5:@:
With Username & Password:
[email protected]_host:~# curl -x socks5holu:[email protected] 1:1080
Without Username & Password:
curl: (7) No authentication method was acceptable. (It is quite likely that the SOCKS5 server wanted a username/password, since none was supplied to the server on this connection. )
You can check the login for success or failure on your proxy server with the command `tail -10 /var/log/`
[email protected]_host:~# tail -10 /var/log/
Apr 19 12:15:16 (1555701316. 599506) danted[1477]: info: pass(1): tcp/accept [: 203. 113. 1. 36730 10. 1080
Apr 19 12:15:16 (1555701316. 625405) danted[1479]: info: pass(1): tcp/connect [: username%[email protected] 1080 -> 10. 36730 104. 28. 19. 94. 80
Apr 19 12:15:16 (1555701316. 808180) danted[1479]: info: pass(1): tcp/connect]: 363 -> username%[email protected] 1080 -> 75, 75 -> 10. 80 -> 363: local client closed. Session duration: 0s
Apr 19 12:15:16 (1555701316. 808231) danted[1479]: info: pass(1): tcp/accept]: 363 -> 203. 1080 -> 75: local client closed. Session duration: 0s
Apr 19 12:15:20 (1555701320. 794622) danted[1596]: info: pass(1): tcp/accept [: 203. 36732 10. 1080
Apr 19 12:15:20 (1555701320. 796002) danted[1596]: info: block(1): tcp/accept]: 203. 1080: error after reading 4 bytes in 0 seconds: client offered no acceptable authentication method
Step 3. 2 – Limit by IP Address
In the previous danted configuration, we gave public access to all IPs to connect to our proxy server. In this step, we will limit access to only one or several IPs.
from: 203. 1/32 to: 0. 0/0
203. 1/32 is the single IP you want to allow access to your proxy server.
If you want to add another single IP again, just repeat the configuration.
from: 198. 51. 100. 0/0
If you want to give a range or block of IPs access, change the slash behind the IP to your IP block.
Use the following command to test the login to the proxy server with an unregistered IP:
If you are using username and password authentication
curl: (7) Unable to receive initial SOCKS5 response.
* If you are not using username and password authentication
Now your server is ready to be used as a Socks5 Proxy using restrictions with username and IP address with danted applications on Debian or Ubuntu.
License: MIT
Want to contribute? Get Rewarded: Get up to €50 in credit! Be a part of the community and contribute. Do it for the money. Do it for the bragging rights. And do it to teach others!
Debian Jessie: how to setup a socks5 proxy server?

Debian Jessie: how to setup a socks5 proxy server?

I’m running a Debian Jessie server. I’m trying to setup a socks5 proxy server on such server:
Firefox (local computer) <> Debian (remote server) <> The Internet
I know how to configure proxy with Firefox, and how to configure firewall rules on the server. However my main concern is about to choose and configure a debian socks5-server related package.
I have looked at Dante-server. However, such package doesn’t exists anymore on Debian Jessie. Moreover, I don’t think it’s a good idea to compile such software on production server.
I have looked at hpsockd but the configuration file seems a bit complex to fit my very simple setup. Additionally, the corresponding documentation is very difficult to find.
I also heard that OpenSSH-Server can act as socks5 proxy server. However configuration directive like “DynamicForward 0. 0. 0:1080” doesn’t seems to be available both in the documentation and in the /etc/config/sshd_config file.
So, could someone give me a way to start?
asked May 1 ’15 at 18:46
TutuxTutux631 silver badge5 bronze badges
Is hpsockd sufficient for your needs? Appears all the alternative SOCKS5 servers, like dante, survive only in unstable now, so maybe they developed bugs, exploits, etc.
answered May 19 ’15 at 7:15
Not the answer you’re looking for? Browse other questions tagged debian socks or ask your own question.

Frequently Asked Questions about debian socks5 proxy server

About the author


If you 're a SEO / IM geek like us then you'll love our updates and our website. Follow us for the latest news in the world of web automation tools & proxy servers!

By proxyreview

Recent Posts

Useful Tools