SOCKS5 rfc可參考1996年 rfc 1928 (其他: rfc 3089 socks based gateway)
須注意socks5本身並未加密,最好是透過ssh port forwarding
SOCKS5 proxy設置最簡單的方式 是
putty ssh tunnel
ssh -D 1080 user@server
注意port number 1024以下的權限問題(root)
-D [bind_address:]port
Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.
socks5 proxy設定成 127.0.0.1:1080
ssh tunnel with SOCKS5
如果要透過跳轉兩台server連接時(例如server2只允許server1連入)
client -> socks5 -> server1 -> socks5 -> server2 -> destination
在server1上先建立SOCKS5 proxy to server2
ssh -D 1080 server2
在client端建立ssh tunnel local port forwarding
ssh -L 1080:localhost:1080
#ss5 install yum groupinstall 'Development Tools' yum install gcc automake autoconf libtool make pam-devel yum-utils openldap-devel openssl-devel mkdir /opt/ss5 cd /opt/ss5 wget http://sourceforge.net/projects/ss5/files/ss5/3.8.9-8/ss5-3.8.9-8.tar.gz tar -zxf ss5-3.8.9-8.tar.gz cd ss5-3.8.9 ./configure make make install cd /etc/opt/ss5/
設定全帳密認證
/etc/opt/ss5.conf
加上
auth 0.0.0.0/0 – u
permit u 0.0.0.0/0 – 0.0.0.0/0 – – – – –
帳密格式:
/etc/opt/ss5/ss5.passwd
ACCOUNT PASSWORD
啟動:
ss5 -u root -b 0.0.0.0:1080
測試:
curl –socks5 PROXY_IP:1080 –proxy-user user:password 遠端URL
參考: https://www.proxyrack.com/how-to-setup-a-socks5-proxy-server-using-ss5-on-centos7/