Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Originally I wrote the first version of [url=http://forum.logicalgamers.com/programming/48611-turning-home-computer-into-proxy-server.html]this[/url] post to bypass school filters through a self-maintained proxy server.
- The school year is beginning anew, and as a few of the commentors on my original post mentioned, my first method does not provide for authentication or security.
- So I did an overhaul of my proxy server setup and instituted SOCKS5 for the added security.
- The tutorial is written for Windows, but can be adapted to most systems, although not necessarily with the same software.
- It has been tested on Windows 7 64-bit and implemented on a standard wireless network.
- [B]Port Forwarding on your Router/Switch[/B]
- Before you begin installing anything, it'd be helpful to set up port forwarding for the new server you'll be installing.
- When choosing a port, keep this information in mind:
- 0-1023 are Well-known ports
- 1024-49151 are Registered ports
- 49152-65535 are Dynamic or private ports
- I'd recommend using a dynamic port as to avoid application conflicts with whatever might be running on your registered or well-known ports.
- Once you choose a port you'll need to go into the settings of your router and do some port forwarding.
- Port forwarding can be different for every make and model of router, so I'd recommend either poking around in your settings, or using [url=http://portforward.com/english/routers/port_forwarding/]this[/url] handy little site.
- I tend to portforward both the TCP and UDP ports.
- [B]Setting up the Server Software[/B]
- Alright, on to the meat of the issue. You'll be using a different software then in the previous tutorial.
- Specifically, this nifty, lightweight little application called [url=http://phrozenblog.com/?p=52]TightSocks5[/url].
- Just download it and install the software.
- Once you're done, simply set "Choose Port" as the port you portforwarded, and then set up your username and password.
- [I]DO NOT SHARE THIS AUTHENTICATION WITH ANYONE YOU DON'T WANT ACCESSING YOUR PROXY SERVER.[/I]
- Then, just click Launch and you're good to go.
- [B]Utilizing the Server (Chromium)[/B]
- In Chromium, the process of implementing a connection to your new SOCKS5 proxy server is very simple.
- Navigate to Settings
- [img]http://i44.tinypic.com/16anpjk.png[/img]
- Network -> Change Proxy Settings
- [img]http://gyazo.com/3a163e389c8d3270aeb00b191774a222.png[/img]
- Local Are Network (LAN) settings -> LAN Settings
- [img]http://gyazo.com/a8103db92e680e94192f1d5961c73b91.png[/img]
- Proxy Server -> Advanced
- [img]http://gyazo.com/f728ac65962c226db24757c90e80f67e.png[/img]
- And lastly configure your 127.0.0.1 as the external IP address of the computer your server is hosted on with the port you've forwarded.
- [img]http://gyazo.com/6edd7bfd8c78b6f494607b830a335c65.png[/img]
- [B]Utilizing the Server (Firefox)[/B]
- For Firefox simply navigate to Options.
- [img]http://gyazo.com/31903642f349e300d67dca3aa8f58d23.png[/img]
- Then Network -> Settings
- [img]http://gyazo.com/ebc6f77b4038cc1056fa84ec0fe9caac.png[/img]
- And configure things the same as you did before.
- [B]Why SOCKS?[/B]
- As I've already said, the primary reason I wanted a SOCKS proxy was for security.
- But things go a bit deeper than that.
- I wanted a more flexible general purpose type of proxy.
- Although an HTTP proxy might be faster, SOCKS doesn't work exclusively with HTTP traffic.
- You can use it for POP3, SMTP, IRC, or even FTP.
- [B]Securing the Communication Link[/B]
- BUT WAIT. There is one huge problem with SOCKS.
- SOCKS doesn't actually protect that data being sent from your system to your home computer.
- The username and password is an authentication mechanism that prevents other people from leeching your bandwidth and abusing your uncensored connection, but the information in between isn't encrypted.
- I once heard a computer security expert say that there's no such thing as "too paranoid", and as a result, I always use this extra method to secure my data.
- The way we'll be securing this communication is via SSH.
- I'm going to keep this short, but firstly, install an SSH server.
- At first I tried working with freeSSHd, but ran into multiple problems with the software.
- I actually found one I like better called [url=http://www.bitvise.com/winsshd]Bitvise SSH[/url].
- It gives you live feedback and alert everytime your server gets a connection.
- The setup is easy and it works like a charm.
- Just download the free commercial version, install it, and you're good to go.
- Once you've tested all your settings on the localhost, you can open it up to all connections.
- Once you have the SSH daemon all configured and running (which I won't detail. There are docs for that), follow the following instructions for Windows:
- [img]http://gyazo.com/6fb750be579ac265983b3102b3ac75c2.png[/img]
- Just replace the VPS with your home server and you should have encrypted communication with your SOCKS5 server.
- Keep in mind, I'm still testing this section, so I'll be editing it as I conduct more research.
- [B]DNS Lookups[/B]
- This section is separate, and technically unnecessary. But again, I like to go the extra step and hide my traffic from my ISP.
- The final problem is that though SSH greatly secures traffic in route, it doesn't do one thing.
- When it makes request to your DNS servers, it doesn't shield the traffic from prying ISPs.
- How do we resolve this? We simply tunnel DNS lookups over our proxy.
- [list]
- [*] In [B]Firefox[/B], this can be configured by typing [i]about: config[/i] (without the space) and changing [I]network.proxy.socks_remote_dns[/I] to true.
- [*] In [B]Chromium[/B], the configuration is automatic if you are using a Socks 5 proxy. Which we are.
- [/list]
- Although these browser methods are simple, since you're probably going to be using Socks 5 for other things (do to its versatile nature), it's useful to have a more [B]global[/B] way of setting this up.
- This part can be a bit complicated, so I normally stick with the browser methods.
- However, if you feel like trying, you'll need to set your DNS to localhost in windows settings.
- Then forward port 53 over SSH to port 53 on the remote DNS server you've been using.
- Once that's done, you're proxy traffic is pretty much secure from prying eyes.
- Good luck, let me know if you run into any problems.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement