Turn any Linux computer to SOCKS5 proxy in one command

src:http://www.catonmat.net/blog/linux-socks5-proxy/

I thought I ' d do a shorter article on Catonmat this time. It goes hand in hand with my upcoming article series on "100% technicalGuide to anonymity" and it ' s much easier To write larger articles in smaller pieces. Then I can edit them together and produce the final article.

This article would be interesting for those who didn ' t know it already--can turn any Linux computer into a SOCKS5 D SOCKS4) Proxy in just one command:

Ssh-n-D 0.0.0.0:1080 localhost

And it doesn ' t require root privileges. The ssh command starts up dynamic -D port forwarding in port and talks to the 1080 clients via SOCSK5 or SOCKS4 Proto Cols, just like a regular SOCKS5 proxy would! The -N option makes sure SSH stays idle and doesn ' t execute any commands on localhost.

If You also wish the command to go into background as a daemon and then add -f option:

Ssh-f-n-d 0.0.0.0:1080 localhost

To use it, just make your software with SOCKS5 Proxy on your Linux computer ' s IP, port, and you ' re-done, all your requ ESTs now get proxied.

Access control can be implemented via iptables . For example, to-allow-people from the IP to use 1.2.3.4 the SOCKS5 proxy, add the following iptables rules:

Iptables-a INPUT--src 1.2.3.4-p tcp--dport 1080-j acceptiptables-a input-p tcp--dport 1080-j REJECT

The first rule says, allow anyone from to connect to port, and the other 1.2.3.4 1080 rule says, deny everyone else from co Nnecting to Port 1080 .

Surely, executing iptables requires root privileges. If you don't have the root privileges, and you don't want to leave your the proxy open (and you really don ' t want to does that), you ' ll have the some kind of a simple TCP proxy wrapper to do access control.

Here, I wrote one in Perl. It's called tcp-proxy.pl and it uses IO::Socket::INET to the abstract sockets, and to do IO::Select connection multiplexing.

#!/usr/bin/perl#UseWarnings;UseStrict;UseIo::socket::INET;UseIo::Select;My@allowed_ips=(' 1.2.3.4 ',' 5.6.7.8 ',' 127.0.0.1 ',' 192.168.1.2 ');My$ioset=Io::Select-New;My%socket_map;My$debug=1;SubNew_conn{My($host,$port)=@_;ReturnIo::socket::INET-New(Peeraddr=$host,Peerport=$port)||Die"Unable to connect to $host: $port: $!";}SubNew_server{My($host,$port)=@_;My$server=Io::socket::INET-New(Localaddr=$host,LocalPort=$port,Reuseaddr=1,Listen=100)||Die"Unable to listen on $host: $port: $!";}SubNew_connection{My$server=Shift;My$client=$server-Accept;My$client _ip=Client_ip($client);Unless(Client_allowed($client)){Print"Connection from $client _ip denied.\n"If$debug;$client-Close;Return;}Print"Connection from $client _ip accepted.\n"If$debug;My$remote=New_conn(' localhost ',55555);$ioset-Add($client);$ioset-Add($remote);$socket _map{$client}=$remote;$socket _map{$remote}=$client;}SubClose_connection{My$client=Shift;My$client _ip=Client_ip($client);My$remote=$socket _map{$client};$ioset-Remove($client);$ioset-Remove($remote);Delete$socket _map{$client};Delete$socket _map{$remote};$client-Close;$remote-Close;Print"Connection from $client _ip closed.\n"If$debug;}SubClient_ip{My$client=Shift;ReturnInet_ntoa($client-Sockaddr);}SubClient_allowed{My$client=Shift;My$client _ip=Client_ip($client);ReturnGrep{$_eq$client _ip}@allowed_ips;}Print"Starting a server on 0.0.0.0:1080\n";My$server=New_server(' 0.0.0.0 ',1080);$ioset-Add($server);While(1){ForMy$socket($ioset-Can_read){If($socket==$server){New_connection($server);}Else{NextUnlessExists$socket _map{$socket};My$remote=$socket _map{$socket};my  $buffer my  $read =  $socket ->sysread ( $buffer 4096 ); if  ( $read ) {$ Remote->syswrite ( $buffer ) ; } else {close_connection ( $socket } } }}        /span>                

To use it, you'll have the "make a" change to the previous configuration. Instead of running SSH SOCKS5 proxy on 0.0.0.0:1080 , you'll need to run it on localhost:55555 ,

Ssh-f-n-d 55555 localhost

After that, run tcp-proxy.pl the,

Perl tcp-proxy.pl &

The TCP proxy would start listening on and would redirect only the 0.0.0.0:1080 allowed IPs in @allowed_ips list to localhost:55555 .

Another possibility is to use another computer instead of your own as Exit node. What I mean are you can do the following:

Ssh-f-n-d other_computer.com

This would set up a SOCKS5 proxy on if you use localhost:1080 it, SSH would automatically tunnel your requests (encrypted) via other_computer.com. This is the "can hide" doing on the Internet from anyone who might is sniffing your link. They would see that your ' re doing something but the traffic would be is encrypted so they won ' t being able to tell what do you ' re doin G.

That ' s it. You ' re now the proxy king!

Download tcp-proxy.pl

Download link:tcp Proxy (tcp-proxy.pl)
Download URL:http://www.catonmat.net/download/tcp-proxy.pl
downloaded:6035 Times

I also pushed the tcp-proxy.pl to github:tcp-proxy.pl on GitHub. This project is also pretty nifty to generalize and make a program the redirects between any number of hosts:ports, not J UST.

PS. I'll probably also write "a definitive guide to SSH port forwarding" some time in the future because it ' s A N Interesting but little understood topic.

Turn any Linux computer to SOCKS5 proxy in one command