Turn any Linux computer to SOCKS5 proxy in one command

Source: Internet
Author: User
Tags ssh port

src:http://www.catonmat.net/blog/linux-socks5-proxy/

I thought I ' d do a shorter article on Catonmat this time. It goes hand in hand with my upcoming article series on "100% technicalGuide to anonymity" and it ' s much easier To write larger articles in smaller pieces. Then I can edit them together and produce the final article.

This article would be interesting for those who didn ' t know it already--can turn any Linux computer into a SOCKS5 D SOCKS4) Proxy in just one command:

Ssh-n-D 0.0.0.0:1080 localhost

And it doesn ' t require root privileges. The ssh command starts up dynamic -D port forwarding in port and talks to the 1080 clients via SOCSK5 or SOCKS4 Proto Cols, just like a regular SOCKS5 proxy would! The -N option makes sure SSH stays idle and doesn ' t execute any commands on localhost.

If You also wish the command to go into background as a daemon and then add -f option:

Ssh-f-n-d 0.0.0.0:1080 localhost

To use it, just make your software with SOCKS5 Proxy on your Linux computer ' s IP, port, and you ' re-done, all your requ ESTs now get proxied.

Access control can be implemented via iptables . For example, to-allow-people from the IP to use 1.2.3.4 the SOCKS5 proxy, add the following iptables rules:

Iptables-a INPUT--src 1.2.3.4-p tcp--dport 1080-j acceptiptables-a input-p tcp--dport 1080-j REJECT

The first rule says, allow anyone from to connect to port, and the other 1.2.3.4 1080 rule says, deny everyone else from co Nnecting to Port 1080 .

Surely, executing iptables requires root privileges. If you don't have the root privileges, and you don't want to leave your the proxy open (and you really don ' t want to does that), you ' ll have the some kind of a simple TCP proxy wrapper to do access control.

Here, I wrote one in Perl. It's called tcp-proxy.pl and it uses IO::Socket::INET to the abstract sockets, and to do IO::Select connection multiplexing.

#!/usr/bin/perl#UseWarnings;UseStrict;UseIo::socket::INET;UseIo::Select;My@allowed_ips=(' 1.2.3.4 ',' 5.6.7.8 ',' 127.0.0.1 ',' 192.168.1.2 ');My$ioset=Io::Select-New;My%socket_map;My$debug=1;SubNew_conn{My($host,$port)=@_;ReturnIo::socket::INET-New(Peeraddr=$host,Peerport=$port)||Die"Unable to connect to $host: $port: $!";}SubNew_server{My($host,$port)=@_;My$server=Io::socket::INET-New(Localaddr=$host,LocalPort=$port,Reuseaddr=1,Listen=100)||Die"Unable to listen on $host: $port: $!";}SubNew_connection{My$server=Shift;My$client=$server-Accept;My$client _ip=Client_ip($client);Unless(Client_allowed($client)){Print"Connection from $client _ip denied.\n"If$debug;$client-Close;Return;}Print"Connection from $client _ip accepted.\n"If$debug;My$remote=New_conn(' localhost ',55555);$ioset-Add($client);$ioset-Add($remote);$socket _map{$client}=$remote;$socket _map{$remote}=$client;}SubClose_connection{My$client=Shift;My$client _ip=Client_ip($client);My$remote=$socket _map{$client};$ioset-Remove($client);$ioset-Remove($remote);Delete$socket _map{$client};Delete$socket _map{$remote};$client-Close;$remote-Close;Print"Connection from $client _ip closed.\n"If$debug;}SubClient_ip{My$client=Shift;ReturnInet_ntoa($client-Sockaddr);}SubClient_allowed{My$client=Shift;My$client _ip=Client_ip($client);ReturnGrep{$_eq$client _ip}@allowed_ips;}Print"Starting a server on 0.0.0.0:1080\n";My$server=New_server(' 0.0.0.0 ',1080);$ioset-Add($server);While(1){ForMy$socket($ioset-Can_read){If($socket==$server){New_connection($server);}Else{NextUnlessExists$socket _map{$socket};My$remote=$socket _map{$socket};my  $buffer my  $read =  $socket ->sysread ( $buffer 4096 ); if  ( $read ) {$ Remote->syswrite ( $buffer ) ; } else {close_connection ( $socket } } }}        /span>                

To use it, you'll have the "make a" change to the previous configuration. Instead of running SSH SOCKS5 proxy on 0.0.0.0:1080 , you'll need to run it on localhost:55555 ,

Ssh-f-n-d 55555 localhost

After that, run tcp-proxy.pl the,

Perl tcp-proxy.pl &

The TCP proxy would start listening on and would redirect only the 0.0.0.0:1080 allowed IPs in @allowed_ips list to localhost:55555 .

Another possibility is to use another computer instead of your own as Exit node. What I mean are you can do the following:

Ssh-f-n-d other_computer.com

This would set up a SOCKS5 proxy on if you use localhost:1080 it, SSH would automatically tunnel your requests (encrypted) via other_computer.com. This is the "can hide" doing on the Internet from anyone who might is sniffing your link. They would see that your ' re doing something but the traffic would be is encrypted so they won ' t being able to tell what do you ' re doin G.

That ' s it. You ' re now the proxy king!

Download tcp-proxy.pl

Download link:tcp Proxy (tcp-proxy.pl)
Download URL:http://www.catonmat.net/download/tcp-proxy.pl
downloaded:6035 Times

I also pushed the tcp-proxy.pl to github:tcp-proxy.pl on GitHub. This project is also pretty nifty to generalize and make a program the redirects between any number of hosts:ports, not J UST.

PS. I'll probably also write "a definitive guide to SSH port forwarding" some time in the future because it ' s A N Interesting but little understood topic.

Turn any Linux computer to SOCKS5 proxy in one command

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.