How to Set Up a SOCKS Proxy Server with Dante
Dante is a free, mature SOCKS proxy server for Linux that supports both SOCKS v4 and SOCKS v5 protocols. Running Dante on your Breeze instance provides a secure proxy for routing application traffic, bypassing network restrictions, and adding an extra layer of privacy for outbound connections.
Installing Dante
On Ubuntu/Debian:
sudo apt update
sudo apt install -y dante-serverOn CentOS/RHEL, you may need to compile from source or use a third-party repository:
sudo dnf install -y gcc make flex
wget https://www.inet.no/dante/files/dante-1.4.3.tar.gz
tar xzf dante-1.4.3.tar.gz
cd dante-1.4.3
./configure --prefix=/usr --sysconfdir=/etc
make && sudo make installConfiguring Dante
Edit the main configuration file at /etc/danted.conf:
# Logging
logoutput: syslog
# Server addresses
internal: eth0 port = 1080
external: eth0
# Authentication methods
socksmethod: username
# Client access rules
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: error
}
# SOCKS rules - who can use the proxy
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
command: bind connect udpassociate
log: error
socksmethod: username
}
# Block all other traffic
socks block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}Creating Proxy Users
Dante authenticates against system users. Create a dedicated proxy user:
sudo useradd -r -s /usr/sbin/nologin proxyuser
sudo passwd proxyuserStarting the Server
sudo systemctl enable --now danted
# Verify it is running
sudo systemctl status danted
sudo ss -tlnp | grep 1080Firewall Configuration
Allow inbound connections on the SOCKS port and restrict access to trusted IP ranges:
# Using nftables
sudo nft add rule inet filter input tcp dport 1080 ip saddr 10.0.0.0/8 accept
# Or using iptables
sudo iptables -A INPUT -p tcp --dport 1080 -s 10.0.0.0/8 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 1080 -j DROPTesting the Proxy
From a client machine, test the SOCKS proxy with curl:
# SOCKS5 with authentication
curl --socks5-hostname your-breeze-ip:1080 \
--proxy-user proxyuser:password \
https://ifconfig.co
# Test DNS resolution through the proxy
curl --socks5-hostname your-breeze-ip:1080 \
--proxy-user proxyuser:password \
https://api.example.com/endpointRestricting Destination Access
Limit which destinations proxy users can access:
# Only allow HTTPS traffic
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
port: 443
command: connect
socksmethod: username
}
# Block access to internal networks
socks block {
from: 0.0.0.0/0 to: 10.0.0.0/8
log: connect
}
socks block {
from: 0.0.0.0/0 to: 172.16.0.0/12
log: connect
}
socks block {
from: 0.0.0.0/0 to: 192.168.0.0/16
log: connect
}Monitoring and Logging
Monitor proxy usage through syslog:
sudo journalctl -u danted -f
sudo grep danted /var/log/syslog | tail -50For detailed connection logging, change the log level in /etc/danted.conf:
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
socksmethod: username
}Performance Tuning
For high-traffic deployments on your Breeze, increase the file descriptor limits in /etc/security/limits.conf and tune the kernel's TCP settings. Dante can handle thousands of concurrent connections with proper configuration, making it suitable for team-wide proxy deployments.