Setup dante 1.4.1 (sockd) dante-server on Ubuntu 16.04

Recently I had the need to setup a SOCKS5 Proxy server. After looking at all of my options, I settled on the easiest solution (Dante SOCKS Server v1.4.1) that met all of my criteria.

  • Allow multiple incoming interfaces routed to the corresponding outgoing interfaces
  • IP Based authentication (no username and password)
  • Simple Configuration

Dante 1.4.x fit the bill perfectly, however Ubuntu has a really old version in apt-get. Below is how I was able install and configure Dante to allow Proxy connections to specific incoming IPs.

Compile Dante 1.4.1 from source

I know this seems scary to many admins who are not developers. But Dante is a really easy application to compile, and it is a rather small application, meaning the compilation doesn't take the whole afternoon. Note: I am doing all of this from the root user. If you are not logged into SSH via root, do a su root before starting this process. I have not tried it any other way.

Create a directory for source files

I like to create a directory in either my home or /opt/ for the compilation process.

root@localhost:~$ cd /opt/
root@localhost:~$ mkdir dante-server

Download and Extract the source code

Now we need to use wget to download the specific source version we want to compile and install. Then we will need to extract the source files.

root@localhost:~$ wget https://www.inet.no/dante/files/dante-1.4.1.tar.gz
root@localhost:~$ tar -xvf dante-1.4.1.tar.gz
root@localhost:~$ cd dante-1.4.1

Install the required and optional dependencies

It is almost time to actually compile and install dante-server, (now called sockd). But first we have to make sure we have the needed libraries and applications. I specifically needed libwrap for the ip based authentication rules. I would suggest you use it as well.

root@localhost:~$ apt-get install libwrap0 libwrap0-dev
root@localhost:~$ apt-get install gcc make

Now to the compile and install

We need to configure the project or source to install on this machines specific setup. Then we will run the compile process followed by the installation. I want to create a directory in the /home/ path for the final application configuration and binaries.

root@localhost:~$ mkdir /home/dante
root@localhost:~$ ./configure --prefix=/home/dante
root@localhost:~$ make
root@localhost:~$ make install

That was everything to get Dante (sockd) 1.4.1 compiled and installed from source on our Ubuntu 16.04 machine. Now we need to configure Dante for the specific use.

Configure Dante

This is going to be a really simple configuration. You should find your configuration file and all of the binary files needed for Dante in the directory /home/dante

So using nano we should open up the danted.conf file and configure it like so

root@localhost:~$ nano /home/dante/danted.conf
-------
logoutput: /var/log/socks.log

internal: eth0 port = 1080
internal: eth0:0 port = 1080

external: eth0
external: eth0:0

external.rotation: same-same

libwrap.hosts_access: yes

user.notprivileged: nobody
clientmethod: none
method: none

client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: error connect disconnect
}

pass {
        from: 174.135.39.206/0 to: 0.0.0.0/0
        log: error connect disconnect
}

block {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect error
}

# dante-server configuration from tazdij.com

Configuring Hosts Allow for libwrap

You might have noticed that we are not actually directly setting any authentication rules in this configuration file. That is because we are leaving it to the libwrap which was previously installed.

So using nano (the simple text editor on linux CLI) we need to edit the /etc/hosts.allow file which was installed by the apt-get install of libwrap0

root@localhost:~$ nano /etc/hosts.allow
-------
# /etc/hosts.allow: list of hosts that are allowed to access the system.
#                   See the manual pages hosts_access(5) and hosts_options(5).
#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "rpcbind" for the
# daemon name. See rpcbind(8) and rpc.mountd(8) for further information.
#

sshd : ALL : allow

# replace the 1.2.3.4 & 1.2.3.5 with the actual IP Addresses you want to allow
sockd : 1.2.3.4 : allow
sockd : 1.2.3.5 : allow
ALL : ALL : deny

Configuration is all done! Time to test it out.

That is is, all of the configuration is done; at least as much of the configuration as I required. To run this in the CLI we will simply execute the binary in the home directory and give it the config file location.

root@localhost:~$ /home/dante/sbin/sockd -f /home/dante/danted.config

To run this as a daemon, just ad a -D option to the command

root@localhost:~$ /home/dante/sbin/sockd -f /home/dante/danted.config -D

 

That's all there is to setting up and running Dante SOCKS proxy on your Ubuntu 16.04 LTS server, Virtual, Metal, Private or Public cloud. It should work on all of the alike.