Dante

docker-compose.yaml

version: '3'
services:
  dante:
    build: .
    ports:
      - "2016:2016"
    restart: always

Dockerfile

FROM wernight/dante
ADD . /etc/
RUN chmod 755 /etc/sockd.conf
RUN printf '123qwe\n123qwe\n' | adduser denis

sockd.conf

debug: 0
logoutput: stderr
internal: 0.0.0.0 port = 2016
external: eth0
socksmethod: username none
clientmethod: none
user.privileged: root
user.unprivileged: nobody

client pass {
    from: 0.0.0.0/0 port 1-65535 to: 0.0.0.0/0
    log: error
}

socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    socksmethod: username
    log: error
}

Need to put all these files into one folder and run

docker-compose.yaml up -d --build

Test connection

curl --proxy socks5://denis:123qwe@localhost:2016 https://example.com

Add FW policy if it's cloud vm

Don't need to create forwarding but just in case:

forwarding.sh

#!/bin/bash
ipt="/sbin/iptables"
echo "Enable IP forward."
$ipt -F
$ipt -X
$ipt -Z
$ipt -P INPUT ACCEPT
$ipt -P OUTPUT ACCEPT
#SOCKS5 -open 2016
#=======================
$ipt -A INPUT -p tcp -i eth0 -m tcp --dport 2016 -j ACCEPT
#DNS
#=======================
$ipt -A INPUT -p tcp --sport 53 -j ACCEPT
$ipt -A INPUT -p udp --sport 53 -j ACCEPT
#echo "Allow connection to '$ip' on port 443"
#$ipt -A INPUT  -p tcp --sport 443 -m state --state ESTABLISHED     -j ACCEPT
#ICMP
iptables -A INPUT -p icmp -s 0.0.0.0/0 -d 0.0.0.0/0 -j ACCEPT
#
sysctl -w net.ipv4.ip_forward=1
echo net.ipv4.ip_forward = 1 >> "/etc/sysctl.conf"
iptables -A FORWARD -s 172.17.0.1/16 -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.17.0.1/16 -o eth0 -j MASQUERADE
iptables -A OUTPUT -p tcp --dport 25 -j DROP
iptables -t filter -I OUTPUT 1 -m state --state NEW -p tcp --dport 25 -j DROP
#iptables -I OUTPUT 1 -j LOG
#iptables -I FORWARD 1 -j LOG
service iptables save
systemctl daemon-reload
echo "Done"