Contributed by
jose
on
from the stepping-stone dept.
Balam
writes:
"I would like to know if anyone ever tried to deploy a SOCKS proxy under OpenBSD. Well, I submit someone already did, therfore I would greatly enjoy information on the matter. I have an up and running OpenBSD 3.2 (upgrading to 3.3 on the way) gateway/firewall with eleet pf rules, squid running and also ftp-proxy. I would like to add a nice and secure SOCKS proxy.
Thanks in advance."
SOCKS implementations are in the ports tree, including Dante and the reference implementation. Also, the FWTK port can be used to set up a secure, generic proxy. Anyone have any recipes and tips they want to share?
(Comments are closed)
Comments
By
Anonymous Coward ()
on
I've been using Dante for about twelve months now without a whisper of a problem. I highly recommend it.
Comments
By
Anonymous Coward ()
on
I recall dante does not support authentication does it ?
Comments
By
Anonymous Coward ()
on
It does support authentication. I stopped looking too deeply into authentication when it turned out that some SOCKSv5 apps can't remember login info between sessions. Way too annoying to keep filling in the proxy's IP, username and password in obscure dialog boxes everytime. It's on a trusted network with only me with a computing clue anyway so it's pretty safe.
Comments
By
Anonymous Coward ()
on
well in the case of socks, authentication is always interesting for the admin of a large system since it generates logs and can shift the responsibility to the end user in case of problems (child porn, ...)
if you can't provide such info, your legally responsible for everything going on on your network.
Besides Dante which is very advanced, you could also try more lightweight NYLON SOCKS proxy:
http://www.monkey.org/~marius/nylon/
Developed under OpenBSD, it's an easy and quick
socks v4 and v5 proxy server.
Cheers
Comments
By
Uzbad ()
on
At my university the man limited upload speeds drastically to try to cut kazaa use and I believe didn't prioritize ACK packets--as such ALL internet usage is terrible. 20% packetloss in pings is completely average in and out of the residential network.
I installed nylon on some cluster computers (that weren't affected by the cap) and routed all my personal traffic through it--worked like a charm. Nylon is great.
I've used dante since openbsd2.8, for home irc chatting on a
dialup gateway, the only thing I needed to do was a sed script to replace the dynamic ip of the provider every time I dialed, no probs!
Comments
By
Anonymous Coward ()
on
How well does it accomodate DCC transfers?
Are there some sockd.conf tricks to make it work?
nylon is a very good piece of software. i'm using it
to proxy instant-messenger-protocols like ICQ as well as to mirror irc-servers locally. enhances
the security of the network without cutting any
services down.
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
Comments
By Anonymous Coward () on
if you can't provide such info, your legally responsible for everything going on on your network.
By Shant () askshant_at_alloyant.com on mailto:askshant_at_alloyant.com
http://www.monkey.org/~marius/nylon/
Developed under OpenBSD, it's an easy and quick
socks v4 and v5 proxy server.
Cheers
Comments
By Uzbad () on
I installed nylon on some cluster computers (that weren't affected by the cap) and routed all my personal traffic through it--worked like a charm. Nylon is great.
By Anonymous Coward () on
By Anonymous Coward () on
By sickness () on http://www.sickness.it
dialup gateway, the only thing I needed to do was a sed script to replace the dynamic ip of the provider every time I dialed, no probs!
Comments
By Anonymous Coward () on
How well does it accomodate DCC transfers?
Are there some sockd.conf tricks to make it work?
By tom hensel () tom@replic8.net on mailto:tom@replic8.net
to proxy instant-messenger-protocols like ICQ as well as to mirror irc-servers locally. enhances
the security of the network without cutting any
services down.
many thanks to marius@monkey.org!