Small blog about system administration.

HOWTO: SS5 SOCKS5 Proxy server on CentOS 6 x64

SS5 is a high performance SOCKS proxy server implementing SOCK4 and SOCKS5 protocols. This step-by-step guide describes installation and configuration of SS5 with user/password authentication on a CentOS 5.x/6.x server.
1. Download the latest source rpm from sourceforge.net

wget http://downloads.sourceforge.net/ss5/ss5-3.8.9-6.src.rpm

2. Build the source rpm
This requires the rpmbuild tool provided by rpm-build package. Also, ss5 requires openldap-devel, pam-devel and openssl-devel development packages. Install these packages using YUM package manager:

For 32 bit Linux,
yum install gcc rpm-build openldap-devel pam-devel openssl-devel -y
For 64 bit Linux,
yum install gcc.x86_64 rpm-build.x86_64 openldap-devel.x86_64 pam-devel.x86_64 openssl-devel.x86_64 -y

Now build ss5 source rpm to create the binary rpm package:
rpmbuild --rebuild ss5-3.8.9-6.src.rpm

3. Install SS5 rpm package
On CentOS 5.x, the RPM package will be created in /usr/src/redhat/RPMS/. On CentOS 6.x, RPM package will we created in the subdirectory rpmbuild/RPMS/ of build directory. You can install the RPM package using following command:
On CentOS 5,
rpm -ivh /usr/src/redhat/RPMS/x86_64/ss5-3.8.9-6.x86_64.rpm (for 64 bit Linux)
rpm -ivh /usr/src/redhat/RPMS/i386/ss5-3.8.9-6.i386.rpm (for 32 bit Linux)
On CentOS 6,
rpm -ivh rpmbuild/RPMS/x86_64/ss5-3.8.9-6.x86_64.rpm (for 64 bit Linux)
rpm -ivh rpmbuild/RPMS/x86_64/ss5-3.8.9-6.i386.rpm (for 32 bit Linux)

4. Run SS5 as root and change the port to 8899 (default port is 1080)
Edit /etc/init.d/ss5 and put following lines at the top after shabang(#!/bin/sh):
export SS5_SOCKS_PORT=8899
export SS5_SOCKS_USER=root

You can use any available port you want. Make sure that the port is opened in the server firewall, if any.
5. User/password authentication
SS5 configuration file is /etc/opt/ss5/ss5.conf. The ‘auth’ directive sets the authentication policy.

For no authentication,
auth 0.0.0.0/0 - -
For user/pass authentication,
auth 0.0.0.0/0 - u

The user/password pairs are stored in /etc/opt/ss5/ss5.passwd. Make sure that this file is readable only by root:
chown root.root /etc/opt/ss5/ss5.passwd
chmod 750 /etc/opt/ss5/ss5.passwd

In /etc/opt/ss5/ss5.passwd, put user and password separated by a space and one user/password per line.
E.g.
user1 pass1
user2 pass2
6. Set permission
Allow all hosts to connect:

permit - 0.0.0.0/0 - 0.0.0.0/0 - - - - -

7. Start ss5
service ss5 start

If you see an error message like the following,
Can’t create pid file /var/run/ss5/ss5.pid
Can’t unlink pid file /var/run/ss5/ss5.pid
create the directory /var/run/ss5 and start ss5 again.
That’s all.

5 comments :

Post a Comment