1. Overview
In the world of system administration, there are often situations where we need to access resources on the internet securely or bypass network restrictions. One powerful tool at our disposal is the SOCKS proxy, which allows us to tunnel our network traffic through a proxy server.
In this tutorial, we’ll learn how to create a simple SOCKS proxy on a remote machine and how to proxy our commands’ network traffic through it.
2. What Is a SOCKS Proxy?
Before we dive into the nitty-gritty details, let’s clarify what a SOCKS proxy is and why it’s useful.
A SOCKS proxy, short for Socket Secure, is a networking protocol that allows us to establish a secure connection through a proxy server. It acts as an intermediary between our local machine and the destination server, anywhere on the internet. The proxy server relays our network requests, making it appear as if they originate from the proxy server itself rather than our local device.
Here are some common scenarios where SOCKS proxies come in handy:
- Bypassing Network Restrictions: Many organizations or networks restrict internet access, preventing us from accessing certain websites or services. By using a SOCKS proxy, we can bypass these restrictions since our requests appear to be coming from a different source.
- Enhancing Security: When we connect to the internet through a SOCKS proxy, our traffic is encrypted, adding an extra layer of security. This is particularly useful when we’re on a public Wi-Fi network or accessing sensitive information.
- Anonymity: SOCKS proxies can also be used to anonymize our internet activities. By routing our traffic through a proxy server, our IP address remains hidden, making it harder for websites to track our online behavior.
Now that we understand the benefits of SOCKS proxies, let’s move on to how we can create and use one on our Linux system.
3. Creating a SOCKS Proxy With SSH
Setting up a SOCKS proxy server on Linux can be accomplished using various software packages, including Dante, SS5, and SSH.
For this article, we’ll use a method that utilizes SSH to create a SOCKS proxy server. This method is convenient because SSH is often pre-installed on most Linux systems.
To create a SOCKS proxy on our Linux machine, we can use the ssh command with the -D option:
$ ssh -D 1080 username@remote_serverHere, remote_server is the hostname or IP address of the server we want to proxy through. The -D option specifies that the local port 1080 will be used for the SOCKS proxy.
With the SOCKS proxy in place, we can now route our network traffic through it.
4. Using tsocks to Proxy Command Traffic
Several applications are SOCKS-aware, which means they have built-in support for routing their network traffic through a SOCKS proxy. These applications include Firefox, FileZilla, get, curl, and many others. All those applications have configuration parameters allowing them to use a SOCKS proxy for network communication.
Some applications are not SOCKS-aware, such as telnet, SSH, and FTP. For such applications, we can use a handy tool called tsocks. tsocks is a shell wrapper and library that intercepts network calls made by applications and routes them through a SOCKS proxy.
In the next section, we’ll look into how to install and configure tsocks.
4.1. Installation
On distributions like Debian and Ubuntu, we can install it using apt-get:
$ sudo apt-get install tsocksFor Red Hat, Fedora, and RHEL derivatives, tsocks is not available as a repository package and, therefore, needs to be compiled from the source.
First, we’ll need to install the EPEL Repository and yum-utils:
$ sudo yum install epel-release
$ sudo yum install yum-utilsOn RHEL 8, Almalinux 8, and Rocky Linux 8 and newer, we’ll also need to enable the PowerTools repository:
$ sudo dnf config-manager --set-enabled powertoolsLet’s ensure we have prerequisite packages installed:
$ sudo yum install gcc make binutils wget glibc-staticNext, we need to download the tsocks source package from the project page on SourceForge. We can use wget to download the source package to our server:
$ wget "https://netix.dl.sourceforge.net/project/tsocks/tsocks/1.8%20beta%205/tsocks-1.8beta5.tar.gz"After that, let’s use tar to unpack the downloaded archive:
$ tar -xzf tsocks-1.8beta5.tar.gzNow, let’s switch to the unpacked directory and use the make command to compile and run the installation script:
$ cd tsocks-1.8
$ ./configure
$ make
$ sudo make installOnce we finish compiling and installing, we can proceed to configure and use tsocks. In the next section, we’ll look into its basic configuration.
4.2. Configuration
After installation, we need to configure tsocks to use the SOCKS proxy we created earlier using SSH. Let’s edit the tsocks configuration file and make sure we have the following lines:
$ sudo cat /etc/tsocks.conf
server = 127.0.0.1
server_port = 1080These settings tell tsocks to use the SOCKS proxy running on our local machine at port 1080.
4.3. Using tsocks With Our Commands
Now, we can use tsocks to run commands through the SOCKS proxy. For example, to use curl to access a website via the proxy, we can use:
$ tsocks curl https://example.comThis command will fetch the content of https://example.com through the SOCKS proxy, ensuring that it hides our IP.
Additionally, if we want all commands in a session to use tsocks, we can source the shell script with the on option, for example:
$ source tsocks on
$ command 1
$ command 2
...Similarly, we can disable tsocks for the session using the off option:
$ source tsocks offWe can check tsocks status using the show option:
$ source tsocks on
$ tsocks show
LD_PRELOAD="/usr/lib/libtsocks.so"
$ source tsocks off
$ tsocks show
LD_PRELOAD=""In the above output, when the LD_PRELOAD variable is empty, it signifies that this shell session has tsocks disabled.
5. Conclusion
In this article, we’ve explored SOCKS proxies on Linux and learned how to create and use them effectively with our command-line tools.
By setting up a SOCKS proxy using SSH’s -D option and utilizing tsocks to route our command-line tools’ network traffic through it, we’ve enhanced our ability to securely access the internet while maintaining anonymity and bypassing restrictions.