1

I want to tunnel all my internet traffic through my vps, so I'm trying to install a proxy server.

However: I can't seem to browse the internet through Dante. I get the ERR_EMPTY_RESPONSE error.

This is my config:

logoutput: stderr /home/user/dantelog
internal: eth1 port=1080
external: eth1

method: username pam

user.privileged: proxy
user.notprivileged: nobody
user.libwrap: nobody

client pass {
       from: 10.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}

Do I really have to run 2 proxy servers: one for http and one for socks? or is there something else I can do?

Jelle De Loecker
  • 1,055
  • 6
  • 16
  • 29

1 Answers1

1

The client pass section has 10.0.0.0/8 as the source network to permit. This is private ip space. If you are trying to connect across the internet to the proxy, you will need to change this to whatever public ip address you NAT to.

Also your method statement is forcing authentication. None of the major browsers support SOCKS5 authentication. Change the config as below:

method: username pam none

client pass {
from: port 1-65535 to: 0.0.0.0/0
}

client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
}

This will allow unauthenticated access from your IP to the proxy while explicitly blocking all others.

Also instead of setting up a Dante proxy you may want to use OpenSSH or Putty (depending on your OS platform) to create a ssh tunnel and proxy over that. Both OpenSSH and Putty can create socks proxies on the loopbak interface of your client. You point your applications to it and the traffic is routed across the ssh connection to the server and out. No additonal proxy needed on the server. Directions can be found here and here.

TimS
  • 2,136
  • 13
  • 8
  • Using SSH is indead the quickest solution on an ad-hoc basis, but making it work flawlessly on boot is not really possible. Anyway: I filled in the public ip address (with both /16 and /8) but it still does not work. – Jelle De Loecker May 06 '11 at 18:43
  • Ok, just took another look. You had two issues. the first was the private IP. The second is your authentication methods. You have username and pam which means the client will have to authenticate. To my knowledge none of the major browsers support SOCKS5 authentication. – TimS May 06 '11 at 19:13
  • Yeah, but I'm using a "global" proxy in the gnome settings. And they already work for other applications (like bittorrent) just not for http connections... are there any other servers I can use? – Jelle De Loecker May 06 '11 at 19:25
  • I added info to the answer for changing Dante to not require authentication. In this case access is strictly controlled by ip address. If you want a way to reliably start and keep up a ssh tunnel look into autossh in combination with a passwordless ssh key. – TimS May 06 '11 at 20:08