Tag Archives: socks

Antinat outgoing ip same as incoming

Problem

The previous post shows you how you can configure the outgoing ip in antinat but if you have multiple ips and you want to use all of them and you want to be able to control which one to be used for certain things that patch doesn't do enough for you.

Solution

Antinat should bind the ougoing connection on the same ip on which it receives the connection from the client.

So if you want to use a different ip just set your configure your socks settings in the browser or proxifier to the ip you want antinat to use.

And here's the patch to let you do that ...

Antinat outgoing ip same as Incomming-1.0 (10.1 KB)

This patch is incompatible with the one on the previous post, you can either have that one or  this one so make sure you apply it on the original antinat source.

Questions or suggestions are welcome as always ...

http://www.google.com/url?sa=t&source=web&ct=res&cd=1&ved=0CAgQFjAA&url=http%3A%2F%2Fantinat.sourceforge.net%2F&ei=WoKjS9DcKczFsgaGwJjMCA&usg=AFQjCNEOlqPAc6T7bkDx0VQpJc2kIBBYHA&sig2=Mdve5s6Ylxdz72SqWJdYfA

Antinat outgoing ip

This post is the first in a series of posts about antinat. The posts will provide solutions for some "problems' with antinat. So here goes the first one ....

Problem

Antinat creates outgoing connection from the primary ip defined on the machine where it's running. There's a config option to make antinat listen on a specific ip but no config option to make it use a specific ip for outgoing connections.

Solution

The attached patch will make antinat use the same ip that it's listening on for outgoing connections. You specify the listening ip with the "interface" config option and now that ip will also be used for outgoing connections.

Antinat outgoing ip-1.0 (3.57 KB)

I assume you already know how to patch ... if not ... just ask in the comments or hire me to patch it for you 🙂

Ask me questions

Have a question about unix, linux, freebsd.  Or maybe you want some advice about configuring apache, mysql,an email server like exim, qmail, postfix, a proxy server like squid cache or antinat, dns or anything else similar. Want some help with php programming or maybe you want to create a wordpress plugin?

Feel free to ask and I'll do my best to answer it on this blog. I will publish a new blog post for each question and my answer.

You can use the contact form or ( if your question is short enough ) you can send it to me over twitter

You can follow me on twitter or subscribe to my RSS feeds if you want to be notified when I post the answer to your question.

HowTo: Shared Hosting as Socks Proxy

Problem

You need a proxy to connect to a service that would only accept connections from a certain location.

You have a shared hosting account on a server in location that is accepted by the service where you want to connect. Could you use it as a proxy server.?

You could install one of those proxy scripts made in php but that would only let you browse the web, what you want is be able to proxify any application and for that you need a socks server working with one of those proxifier applications  (like tsocks on linux/unix ).

So could you use a socks proxy on your shared hosting account?

Solutions

The solutions are listed starting with the most simple working on the most permissive hosting accounts and ending with the most complex suited for the least permissive accounts.
There will be further posts describing the solutions in detail. This post is mostly an introduction.

  1. SSH Tunnel

    This is the simplest but it assumes that your hosts allows ssh access to your account and they don't block ssh tunnels.

    1. ssh user@hosting-server.com -D1080

    This creates a socks server on your local host , then you can use it in the proxifyer app to forward all connections through it.

  2. Custom SSH Tunnel

    This is a solution for those hosting accounts that don't allow ssh tunneling, but allow you to connect over ssh and run a program ( antinat - a socks server ) once connected over ssh.

    ( One might wonder: why create a tunnel when you could just run antinat and connect directly to it? If you can do that then that's the best way to do it but most shared hosting servers would have all ports blocked so you would not be able to connect to any port other then the standard ones ( 80,443,25,110,143, etc ) but those are only available to root and are already busy anyway. )

    The idea is to forward the traffic from your computer to the proxy server through the actual ssh connection instead of using the standard tunneling mechanisms which are blocked by server's configuration.

    For this you would need a program on your host to act both as a socks server ( sort of ) and as a forwarder through a ssh connection. On the other side ( hosting account ) you would need another program that would receive data from the ssh connection and forward it to antinat. Both programs would actually have to forward data both ways.

    Both forwarders would have to multiplex connections and forward them through a single ssh connection because most hosting accounts only allow one connection / user

  3. Callback Socks server

    This is a solution in case your hosting account has no ssh access.

    It's similar to previous solution but in this case instead of having the local forwarder connect to the remote ( hosting ) forwarder through ssh, you eliminate the remote forwarder and just have the socks server connect back to the local forwarder and then forward everything through that connection.

    This would require modification to the socks server as antinat doesn't have this callback feature built in.

    Another requirement is that you are able to upload and run antinat on the server. Usually you can do this by just calling it in a php script ( eg.: system('antinat') ) or from a perl script if the host offers cgi access.

  4. Custom script ?

    What if for some reason (no cgi or php system() blocked ) you can't run antinat?

    Well in this case I'm guessing it would be possible to write a script that you could call over a http connection, and forward through it, but php's socket functions would need to be available and script's max execution time would limit your connection time so don't expect much of this.

I have used solution #1 and I wrote the software and patches required to make #2 and #3 work. In the following weeks I'll write the posts to describe them in more details.

You can subscribe to my RSS feeds or connect with me on one of the social networks listed in the sidebar if you want to be notified when they are posted.

If you know other ways of doing this or ideas about my solutions I'd love to read about them in the comments.

No browser supporting socks5 authentication?

If you're trying to use a socks server with Internet Explorer , Firefox, Opera or Safari everything will work just fine, except for authentication.

From my point of view this is a big problem. Who in the world would leave such a proxy server unprotected? Yeah of course you can always limit access to a proxy server based on ip address, but in some cases ( see NAT ) this is just not going to work.

Internet explorer supports only the socks4 protocol which doesn't even support full password authentication ( only username and it defaults to the current logged in username ) .

Firefox supports socks5 but no authentication mechanism so supporting socks5 is pretty much useless. I think I saw some ticket in bugzilla about this but no one managed to commit a fix yet.

Opera doesn't even support socks protocol but I thought I should mention all major browsers 🙂

Safari supports SOCKS5 and even allows you to set a username and password to access the SOCKS server but it does not use them.

I tried Konqueror, but I was unable to specify the Socks server, I guess this is because it was not compiled with a socks library.  Has anyone had any success with Konqueror and Socks ?