OpenBSD Journal


Contributed by jose on from the stepping-stone dept.

Balam writes: "I would like to know if anyone ever tried to deploy a SOCKS proxy under OpenBSD. Well, I submit someone already did, therfore I would greatly enjoy information on the matter. I have an up and running OpenBSD 3.2 (upgrading to 3.3 on the way) gateway/firewall with eleet pf rules, squid running and also ftp-proxy. I would like to add a nice and secure SOCKS proxy.

Thanks in advance." SOCKS implementations are in the ports tree, including Dante and the reference implementation. Also, the FWTK port can be used to set up a secure, generic proxy. Anyone have any recipes and tips they want to share?

(Comments are closed)

  1. By Anonymous Coward () on

    I've been using Dante for about twelve months now without a whisper of a problem. I highly recommend it.

    1. By Anonymous Coward () on

      I recall dante does not support authentication does it ?

      1. By Anonymous Coward () on

        It does support authentication. I stopped looking too deeply into authentication when it turned out that some SOCKSv5 apps can't remember login info between sessions. Way too annoying to keep filling in the proxy's IP, username and password in obscure dialog boxes everytime. It's on a trusted network with only me with a computing clue anyway so it's pretty safe.

        1. By Anonymous Coward () on

          well in the case of socks, authentication is always interesting for the admin of a large system since it generates logs and can shift the responsibility to the end user in case of problems (child porn, ...)
          if you can't provide such info, your legally responsible for everything going on on your network.

  2. By Shant () on

    Besides Dante which is very advanced, you could also try more lightweight NYLON SOCKS proxy:

    Developed under OpenBSD, it's an easy and quick
    socks v4 and v5 proxy server.


    1. By Uzbad () on

      At my university the man limited upload speeds drastically to try to cut kazaa use and I believe didn't prioritize ACK packets--as such ALL internet usage is terrible. 20% packetloss in pings is completely average in and out of the residential network.

      I installed nylon on some cluster computers (that weren't affected by the cap) and routed all my personal traffic through it--worked like a charm. Nylon is great.

  3. By Anonymous Coward () on

    You can use Openssh i guess

  4. By Anonymous Coward () on

    use ssh -D

  5. By sickness () on

    I've used dante since openbsd2.8, for home irc chatting on a
    dialup gateway, the only thing I needed to do was a sed script to replace the dynamic ip of the provider every time I dialed, no probs!

    1. By Anonymous Coward () on

      How well does it accomodate DCC transfers?
      Are there some sockd.conf tricks to make it work?

  6. By tom hensel () on

    nylon is a very good piece of software. i'm using it
    to proxy instant-messenger-protocols like ICQ as well as to mirror irc-servers locally. enhances
    the security of the network without cutting any
    services down.

    many thanks to!


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]