Building a SOCKS proxy on EC2
At the NXNE Mobile Hackathon, we ran into a small problem. The wifi set up in the room would only allow connections over HTTP and HTTPS, which made it impossible to do many things you might want to do at a hackathon, like:
- Push to GitHub over SSH
- Connect to MongoDB instances
- Connect to… anything… that isn’t on ports 80 or 443… so a lot.
If you can configure your tools correctly, the easiest way to get around this kind of problem is via a SOCKS proxy. Normally, I’d set up an SSH tunnel and run the SOCKS proxy over that… but no SSH. So the next best thing is to get a SOCKS server running on EC2. Let’s go through the steps required to set this up so that if you end up in the same situation, you can help those around you.
Doing this assumes that you temporarily have an internet connection that is unrestricted, like a tethered smartphone or a wired connection. I’m also assuming that you know your way around EC2 a bit.
- Connect to your unrestricted internet connection
- Login to EC2
- Ensure that you have a keypair setup
- Create an EC2 Security Group that opens ports 22 and 443 to the world
- Fire up an Ubuntu 12.04 LTS instance (micro will usually do) with your keypair and Security Group
- SSH into the new machine with the SSH key (default username: ubuntu)
-
Run the following commands at the prompt or in a shell script:
sudo apt-get install build-essential wget http://www.inet.no/dante/files/dante-1.3.2.tar.gz # or another version tar -zxvf dante-1.3.2.tar.gz cd dante-1.3.2 ./configure make sudo make install $ sudo make me a sandwich
-
Put the following config in /etc/sock.conf
Notice:
When useinternal: 127.0.0.1 port = 7071
, then the proxy address is127.0.0.1:7071
.
When useinternal: eth0 port = 7071
, and the IP binded toeth0
is10.210.235.113
, then the proxy address is10.210.235.113:7071
, it’s the only proxy address.logoutput: /var/log/danted.log # But, when use eth0 instead, the the proxy addresss will turn out to be # the IP that binded to eth0, support the IP binded to eth0 is `` internal: 127.0.0.1 port = 7071 #internal: eth0 port = 7071 external: eth0 method: username none #user.privileged: root user.notprivileged: nobody client pass { from: 127.0.0.1/32 port 1-65535 to: 0.0.0.0/0 } client pass { from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0 } client block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error } block { from: 0.0.0.0/0 to: 127.0.0.0/8 log: connect error } pass { from: 127.0.0.1/32 to: 0.0.0.0/0 protocol: tcp udp } pass { from: 127.0.0.0/8 to: 0.0.0.0/0 protocol: tcp udp } block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error }
- Run
sudo sockd -D
Now that we’ve got the server running, we have to configure our clients to connect to it. Fortunately, this is relatively easy. If you’re on linux, run your programs with tsocks. On Windows or Mac, you can try Proxifier (never tried it myself). Remember that the proxy is on port 443.
If you’re using PuTTY, you can set your proxy under Connection > Proxy.
This set of steps creates an open proxy that anyone can use to proxy to anywhere. Don’t leave it running unless you want really big EC2 bills.
In doing this, I realized that it would be even better to be able to do this via a VPN instead of a SOCKS proxy in order to get better Windows and Mac full capture support. I’m going to play with this idea and post again when I’ve got something.