Skip to content
GProxy
Sign up
Guides 6 Connection Type: 1 views

Dante

Detailed guide on setting up a Dante SOCKS5 proxy server on Linux. Covers installation, configuration, and testing for secure network access.

SOCKS5

Setting up a SOCKS5 proxy server on Linux using Dante involves installing the dante-server package, configuring /etc/danted.conf to define network interfaces, authentication methods, and access rules, then starting the danted service. Dante functions as a SOCKS server, routing network traffic between clients and target destinations, enhancing network security and enabling access to restricted resources.

Prerequisites

Before proceeding, ensure the following:

  • A Linux server (e.g., Debian, Ubuntu, CentOS, RHEL, Fedora) with root or sudo privileges.
  • Basic understanding of Linux command-line interface and networking concepts.
  • An available network interface for the proxy to listen on (internal) and an interface for outbound connections (external). These can be the same.

Installation

Install the Dante server package specific to your Linux distribution.

Debian/Ubuntu

sudo apt update
sudo apt install dante-server

RHEL/CentOS/Fedora

sudo dnf install dante-server # For Fedora/RHEL 8+
# Or for older CentOS/RHEL 7:
sudo yum install dante-server

Configuration

The primary configuration file for Dante is /etc/danted.conf. The default file may contain example configurations; it is often best to back up the original and start with a minimal, clean configuration.

sudo mv /etc/danted.conf /etc/danted.conf.bak
sudo nano /etc/danted.conf

Basic Configuration Structure

A minimal danted.conf defines the listening interface (internal), the outbound interface (external), and basic access rules.

logoutput: /var/log/danted.log
internal: 0.0.0.0 port=1080
external: eth0 # Replace eth0 with your server's external network interface

socksmethod: none
user.privileged: root
user.notprivileged: nobody

client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: error connect disconnect
}

socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: error connect disconnect
}

Explanation of directives:

  • logoutput: Specifies the log file path.
  • internal: Defines the network interface and port Dante listens on for incoming client connections.
    • 0.0.0.0 binds to all available network interfaces.
    • port=1080 is the standard SOCKS port.
    • You can specify a specific IP address (e.g., internal: 192.168.1.10 port=1080).
  • external: Defines the network interface Dante uses for outbound connections to target destinations. Replace eth0 with your server's actual public-facing or outbound interface (e.g., ens3, enp0s3).
  • socksmethod: Specifies the authentication methods SOCKS clients can use. none means no authentication.
  • user.privileged: The user Dante runs as when performing privileged operations (e.g., binding to low ports).
  • user.notprivileged: The user Dante switches to for unprivileged operations after initialization.
  • client pass rules: Control which clients are allowed to connect to the Dante server.
    • from: 0.0.0.0/0 allows connections from any IP address. Restrict this for security.
    • to: 0.0.0.0/0 specifies the destination for client connections (always the proxy itself in this context).
  • socks pass rules: Control what destinations the SOCKS clients are allowed to reach through the proxy.
    • from: 0.0.0.0/0 refers to clients that have successfully authenticated or passed client rules.
    • to: 0.0.0.0/0 allows connections to any destination. Restrict this for security.
    • log: error connect disconnect enables logging for connection events.

Authentication Methods

Dante supports various authentication methods. The most common are none (no authentication) and username (username/password).

1. No Authentication (Anonymous)

This method is suitable for trusted private networks where all clients are known and authorized to use the proxy without explicit credentials. It is not recommended for public-facing proxies.

# ... (rest of the basic config)
socksmethod: none

client pass {
    from: 192.168.1.0/24 to: 0.0.0.0/0 # Restrict to a specific subnet
    log: error connect disconnect
}

socks pass {
    from: 192.168.1.0/24 to: 0.0.0.0/0 # Clients from this subnet can reach anything
    log: error connect disconnect
}

2. Username/Password Authentication

This is the most common and recommended method for SOCKS5 proxies, especially when clients are external or untrusted. Dante uses system users for authentication.

Steps:

  1. Create a system user for the proxy. Do not create a home directory or assign a shell for security.
    bash sudo useradd -r -s /bin/false proxyuser sudo passwd proxyuser # Enter and confirm a strong password
    Repeat for additional users if needed.

  2. Modify danted.conf:
    ```
    logoutput: /var/log/danted.log
    internal: 0.0.0.0 port=1080
    external: eth0

    socksmethod: username # Enable username/password authentication
    user.privileged: root
    user.notprivileged: nobody

    client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: error connect disconnect
    }

    socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    socksmethod: username # Require username/password for SOCKS connections
    log: error connect disconnect
    }
    `` Thesocksmethod: usernamedirective in thesocks pass` rule ensures that only authenticated users can use the proxy.

3. IP-based Authentication

This method allows specific IP addresses or subnets to use the proxy without a username/password. It can be combined with username authentication.

# ... (rest of the config)
socksmethod: username # Allow username/password as an option

client pass {
    from: 192.168.1.0/24 to: 0.0.0.0/0 # Allow specific subnet without auth
    log: error connect disconnect
}

client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0 # Allow all other clients, but require authentication
    socksmethod: username
    log: error connect disconnect
}

socks pass {
    from: 192.168.1.0/24 to: 0.0.0.0/0 # Clients from this subnet can reach anything (no auth needed)
    log: error connect disconnect
}

socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0 # Authenticated clients can reach anything
    socksmethod: username
    log: error connect disconnect
}

In this setup, clients from 192.168.1.0/24 do not need authentication, while all other clients must provide a username and password.

Firewall Configuration

After configuring Dante, open the SOCKS port (default 1080) in your system's firewall to allow incoming connections.

Firewalld (CentOS/RHEL/Fedora)

sudo firewall-cmd --permanent --add-port=1080/tcp
sudo firewall-cmd --reload

UFW (Debian/Ubuntu)

sudo ufw allow 1080/tcp
sudo ufw enable # If UFW is not already enabled

Service Management

After configuration and firewall adjustments, start and enable the Dante service.

sudo systemctl start danted
sudo systemctl enable danted
sudo systemctl status danted

Check the service status to ensure it is running without errors. Review /var/log/danted.log for any configuration issues.

Testing the Proxy

Use a client machine to test the SOCKS5 proxy.

Using curl (without authentication)

curl -x socks5://YOUR_SERVER_IP:1080 http://ifconfig.me/ip

The output should be your server's public IP address, indicating the traffic is routed through the proxy.

Using curl (with username/password authentication)

curl -x socks5://proxyuser:your_password@YOUR_SERVER_IP:1080 http://ifconfig.me/ip

Replace proxyuser and your_password with the credentials configured earlier.

Using proxychains (Linux client utility)

  1. Install proxychains:
    bash sudo apt install proxychains4 # Debian/Ubuntu sudo dnf install proxychains-ng # RHEL/CentOS/Fedora

  2. Configure proxychains.conf:
    Edit /etc/proxychains.conf or ~/.proxychains/proxychains.conf.
    Comment out strict_chain and uncomment dynamic_chain.
    At the end of the file, add your proxy server details:

    ```

    ... (other proxychains config)

    dynamic_chain

    strict_chain

    random_chain

    round_robin_chain

    dynamic_chain # Use dynamic chain for flexibility

    [ProxyList]

    add proxy here ...

    socks5 127.0.0.1 9050

    socks5 YOUR_SERVER_IP 1080 proxyuser your_password # With authentication

    Or, for no authentication:

    socks5 YOUR_SERVER_IP 1080

    ```

  3. Test with proxychains:
    bash proxychains curl http://ifconfig.me/ip
    The output should show your proxy server's IP address.

Security Best Practices

  • Restrict Access: Use client pass rules to limit which client IP addresses can connect to your proxy.
  • Strong Passwords: For username/password authentication, ensure all proxy users have strong, unique passwords.
  • Least Privilege: Do not grant unnecessary privileges to the nobody user or the proxy users.
  • Regular Updates: Keep your Linux operating system and Dante package updated to patch security vulnerabilities.
  • Logging and Monitoring: Regularly review Dante logs (/var/log/danted.log) for suspicious activity. Implement log monitoring solutions.
  • Firewall Rules: Configure your firewall to only allow connections to the SOCKS port (1080) from trusted IP ranges.
  • Dedicated User: Use a dedicated system user for proxy access instead of existing user accounts.
  • Disable Unused Methods: Only enable socksmethod options that are strictly necessary.
Auto-update: 04.03.2026
All Categories

Advantages of our proxies

25,000+ proxies from 120+ countries

Unlimited Proxies Residential Proxies