Turning a Home Computer into a Proxy Server [2]

1. Originally I wrote the first version of [url=http://forum.logicalgamers.com/programming/48611-turning-home-computer-into-proxy-server.html]this[/url] post to bypass school filters through a self-maintained proxy server.
2.  
3. The school year is beginning anew, and as a few of the commentors on my original post mentioned, my first method does not provide for authentication or security.
4.  
5. So I did an overhaul of my proxy server setup and instituted SOCKS5 for the added security.
6. The tutorial is written for Windows, but can be adapted to most systems, although not necessarily with the same software.
7. It has been tested on Windows 7 64-bit and implemented on a standard wireless network.
8.  
9. [B]Port Forwarding on your Router/Switch[/B]
10.  
11. Before you begin installing anything, it'd be helpful to set up port forwarding for the new server you'll be installing.
12. When choosing a port, keep this information in mind:
13. 0-1023 are Well-known ports
14. 1024-49151 are Registered ports
15. 49152-65535 are Dynamic or private ports
16.  
17. I'd recommend using a dynamic port as to avoid application conflicts with whatever might be running on your registered or well-known ports.
18.  
19. Once you choose a port you'll need to go into the settings of your router and do some port forwarding.
20. Port forwarding can be different for every make and model of router, so I'd recommend either poking around in your settings, or using [url=http://portforward.com/english/routers/port_forwarding/]this[/url] handy little site.
21.  
22. I tend to portforward both the TCP and UDP ports.
23.  
24. [B]Setting up the Server Software[/B]
25.  
26. Alright, on to the meat of the issue. You'll be using a different software then in the previous tutorial.
27. Specifically, this nifty, lightweight little application called [url=http://phrozenblog.com/?p=52]TightSocks5[/url].
28.  
29. Just download it and install the software.
30. Once you're done, simply set "Choose Port" as the port you portforwarded, and then set up your username and password.
31.  
32. [I]DO NOT SHARE THIS AUTHENTICATION WITH ANYONE YOU DON'T WANT ACCESSING YOUR PROXY SERVER.[/I]
33.  
34. Then, just click Launch and you're good to go.
35.  
36. [B]Utilizing the Server (Chromium)[/B]
37.  
38. In Chromium, the process of implementing a connection to your new SOCKS5 proxy server is very simple.
39.  
40. Navigate to Settings
41. [img]http://i44.tinypic.com/16anpjk.png[/img]
42.  
43. Network -> Change Proxy Settings
44. [img]http://gyazo.com/3a163e389c8d3270aeb00b191774a222.png[/img]
45.  
46. Local Are Network (LAN) settings -> LAN Settings
47. [img]http://gyazo.com/a8103db92e680e94192f1d5961c73b91.png[/img]
48.  
49. Proxy Server -> Advanced
50. [img]http://gyazo.com/f728ac65962c226db24757c90e80f67e.png[/img]
51.  
52. And lastly configure your 127.0.0.1 as the external IP address of the computer your server is hosted on with the port you've forwarded.
53. [img]http://gyazo.com/6edd7bfd8c78b6f494607b830a335c65.png[/img]
54.  
55. [B]Utilizing the Server (Firefox)[/B]
56. For Firefox simply navigate to Options.
57.  
58. [img]http://gyazo.com/31903642f349e300d67dca3aa8f58d23.png[/img]
59.  
60. Then Network -> Settings
61.  
62. [img]http://gyazo.com/ebc6f77b4038cc1056fa84ec0fe9caac.png[/img]
63.  
64. And configure things the same as you did before.
65.  
66. [B]Why SOCKS?[/B]
67.  
68. As I've already said, the primary reason I wanted a SOCKS proxy was for security.
69. But things go a bit deeper than that.
70.  
71. I wanted a more flexible general purpose type of proxy.
72. Although an HTTP proxy might be faster, SOCKS doesn't work exclusively with HTTP traffic.
73. You can use it for POP3, SMTP, IRC, or even FTP.
74.  
75. [B]Securing the Communication Link[/B]
76.  
77. BUT WAIT. There is one huge problem with SOCKS.
78. SOCKS doesn't actually protect that data being sent from your system to your home computer.
79.  
80. The username and password is an authentication mechanism that prevents other people from leeching your bandwidth and abusing your uncensored connection, but the information in between isn't encrypted.
81.  
82. I once heard a computer security expert say that there's no such thing as "too paranoid", and as a result, I always use this extra method to secure my data.
83.  
84. The way we'll be securing this communication is via SSH.
85. I'm going to keep this short, but firstly, install an SSH server.
86.  
87. At first I tried working with freeSSHd, but ran into multiple problems with the software.
88. I actually found one I like better called [url=http://www.bitvise.com/winsshd]Bitvise SSH[/url].
89. It gives you live feedback and alert everytime your server gets a connection.
90. The setup is easy and it works like a charm.
91.  
92. Just download the free commercial version, install it, and you're good to go.
93. Once you've tested all your settings on the localhost, you can open it up to all connections.
94.  
95. Once you have the SSH daemon all configured and running (which I won't detail. There are docs for that), follow the following instructions for Windows:
96. [img]http://gyazo.com/6fb750be579ac265983b3102b3ac75c2.png[/img]
97.  
98. Just replace the VPS with your home server and you should have encrypted communication with your SOCKS5 server.
99.  
100. Keep in mind, I'm still testing this section, so I'll be editing it as I conduct more research.
101.  
102. [B]DNS Lookups[/B]
103.  
104. This section is separate, and technically unnecessary. But again, I like to go the extra step and hide my traffic from my ISP.
105. The final problem is that though SSH greatly secures traffic in route, it doesn't do one thing.
106. When it makes request to your DNS servers, it doesn't shield the traffic from prying ISPs.
107.  
108. How do we resolve this? We simply tunnel DNS lookups over our proxy.
109.  
110. [list]
111.  
112. [*] In [B]Firefox[/B], this can be configured by typing [i]about: config[/i] (without the space) and changing [I]network.proxy.socks_remote_dns[/I] to true.
113.  
114. [*] In [B]Chromium[/B], the configuration is automatic if you are using a Socks 5 proxy. Which we are.
115. [/list]
116.  
117. Although these browser methods are simple, since you're probably going to be using Socks 5 for other things (do to its versatile nature), it's useful to have a more [B]global[/B] way of setting this up.
118.  
119. This part can be a bit complicated, so I normally stick with the browser methods.
120. However, if you feel like trying, you'll need to set your DNS to localhost in windows settings.
121. Then forward port 53 over SSH to port 53 on the remote DNS server you've been using.
122.  
123. Once that's done, you're proxy traffic is pretty much secure from prying eyes.
124.  
125. Good luck, let me know if you run into any problems.