Skip to content

Instantly share code, notes, and snippets.

@GlitchWitch

GlitchWitch/dante-setup.md

Last active June 12, 2022 18:43
Show Gist options
  • Save GlitchWitch/a2de84e606c91a2aaf99c25de02dbf01 to your computer and use it in GitHub Desktop.
Save GlitchWitch/a2de84e606c91a2aaf99c25de02dbf01 to your computer and use it in GitHub Desktop.
Download ZIP
Setup a simple proxy server with dante
Raw
dante-setup.md

Install the server

sudo apt install dante-server

Update the config file

sudo rm /etc/danted.conf
sudo nano /etc/danted.conf

# /etc/danted.conf

logoutput: syslog
user.privileged: root
user.unprivileged: nobody

# The listening network interface or address.
internal: 0.0.0.0 port=1337

# The proxying network interface or address.
external: eth0

# socks-rules determine what is proxied through the external interface.
# The default of "none" permits anonymous access.
socksmethod: username

# client-rules determine who can connect to the internal interface.
# The default of "none" permits anonymous access.
clientmethod: none

client pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect disconnect error
}

socks pass {
        from: 0.0.0.0/0 to: 0.0.0.0/0
        log: connect disconnect error
}

Restart and check

# sudo ufw allow 1337
service danted restart
netstat -nlpt | grep dant

Add new proxy user

sudo adduser $your_dante_user --shell=/bin/false --no-create-home

Install fail2ban / crowdsec

Setup iptables

iptables -I INPUT -p tcp -s $managmentip --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 22 -j DROP
iptables -A INPUT -p tcp -s 0.0.0.0/0 --dport 1337 -j ACCEPT
iptables -A INPUT -p udp -s 0.0.0.0/0 --dport 1337 -j ACCEPT
iptables-save

Setup logging

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment