How to Run Your Own SOCKS Proxy Server

UPDATE 10 April 2009: The Windows version of antinat is no longer available from the links below. I recommend trying something else if you still require a Windows SOCKS server, for example SOCKS Puppet. Note that SOCKS Puppet source code is not available, and so its efficacy and safety (i.e., no nefarious behavior) cannot be vetted.

Run your own SOCKS5 proxy server on Windows/Mac/Linux. Access restricted web sites, use instant messenger, ftp, and other protocols from school/work by leveraging your cable/DSL connection at home!

Who is this tutorial for?

  1. This tutorial is for the person who needs to access restricted web sites, use instant messenger, ftp, and other protocols from a location with a restricted internet connection (e.g., work, school)
  2. You should be comfortable installing and configuring software.
  3. You should have a decent understand of the internet and networks in general
  4. You should know what a proxy is (see About Proxy Servers if you don't).

Prerequisites

  1. An unrestricted internet connection. Perhaps you have this at home (instead of school/work) or at a friend's house.
  2. A computer which you can leave turned on while you're at school, work, or wherever the restricted internet connection is.

Let's begin.

  1. Download and install the latest Windows version of Antinat here. There are also versions for Linux and Unix.
  2. Accept the default installation options [screenshot].
  3. If you want Antinat to start automatically every time Windows starts, go to Windows Services and change the Antinat service startup type from manual to automatic [screenshot].
  4. Click the Windows Start button, select Run, and in the Open box type notepad c:\program files\Antinat\antinat.xml
  5. Replace the contents of the file with:
    <?xml version='1.0'?>
    <antinatconfig>
      <!-- Use any ethernet interface -->
      <interface value='0.0.0.0'/>

      <!-- Port on which to listen -->
      <port value='1080'/>

      <maxbindwait value='60'/>

      <!-- What security methods do we offer clients? -->
      <authchoice>
        <select mechanism='anonymous'/>
      </authchoice>

      <!-- Which connections should we accept or reject? -->
      <filter source_addrtype='ipv4'>
        <filter source_addr='aaa.bbb.ccc.ddd'><accept/></filter>
        <filter source_addr='eee.fff.ggg.hhh'><accept/></filter>
        <filter source_addr='iii.jjj.kkk.mmm'><accept/></filter>
        <reject/>
      </filter>
    </antinatconfig>

    Change the IP addresses in the <filter source_addr='aaa.bbb.ccc.ddd'><accept/></filter> entries to the IP addresses which you'd like to grant access to this proxy server.

    Change <port value='1080'/> to the port on which you'd like to expose the proxy server. If this proxy server will be running on a residential cable/DSL connection, many ISPs prevent inbound connections to residential connections on ports 80 and 25 as well as others. To find out which inbound ports your ISP prevents connection to, find the FAQ for your ISP at dslreports.com. Additionally, if you will be connecting to this proxy server from a corporate environment, be aware that some corporate firewalls only permit outbound connections on a few ports to machines outside their firewall. Often outbound ports 21, 23, 80, and 443 are permitted because they are typically used for FTP, telnet, HTTP, and SSL, respectively.

    For complete instructions on Antinat configuration, see the Antinat man page. You can, for example, configure Antinat to accept connections based on userid/password credentials instead of by IP address.

  6. If your IP address is in one of these ranges:
    • 10.0.0.0 - 10.255.255.255
    • 172.16.0.0 - 172.31.255.255
    • 192.168.0.0 - 192.168.255.255
    you are most likely behind a router using NAT addressing. If so, configure port forwarding on your router to forward the port you chose in the previous step to the NAT'd IP address of the PC which will run Antinat (e.g., 198.168.x.x).
  7. Save the file restart Antinat. On Windows, if you selected to install Antinat as a service, this is done from the Service Control Panel [screenshot] by right-clicking and selecting "Start" or "Restart".

Configuring FoxyProxy to Use Your Proxy Server

Finally, you must install and configure FoxyProxy on the computer with restricted internet access.
  1. Create a new proxy definition by clicking the "Add New Proxy" button on the FoxyProxy Options dialog [screenshot].
  2. Enter a name and optionally, notes, on the General tab [screenshot]. For example, under name you might enter "My Home Proxy" and under notes, "SOCKS5 proxy running at home"
  3. On the Proxy Details tab [screenshot], select "Manual Proxy Configuration". In the SOCKS proxy field, enter the IP address or domain name of the machine on which you installed Antinat. If your ISP periodically changes your IP address as many cable/dsl ISPs do, read this below.
  4. In the port field, enter the port under which you configured Antinat to run. This is specified in the c:\program files\Antinat\antinat.xml file in the <port value='1080'/> entry.
  5. Leave all other fields on the Proxy Details tab blank.
  6. On the Patterns tab [screenshot], enter URL patterns which match blocked URLs at your school/place-of-business. You can read more about patterns here.
  7. Change FoxyProxy from disabled to Use proxies based on their pre-defined patterns and priorities.
  8. Surf the web. Whenever a URL to which you browse matches one of the patterns* you've defined, the associated proxy is used to load that URL.
  9. Surf the web. Whenever a URL to which you browse matches one of the patterns* you've defined, the associated proxy is used to load that URL.

* Providing (1) FoxyProxy is set to "Use proxies based on their pre-defined patterns and priorities" and (2) there is no blacklist pattern defined for that URL.

Optional

If you would like to configure encryption so all communications between you and your proxy are encrypted (even plain http:// addresses), see the stunnel/OpenSSL tutorial.

What if my unrestricted internet connection has a dynamic IP address?

If your ISP periodically changes your IP address as many cable/dsl ISPs do, get a free No-IP or DynDNS account. These services grant you a free domain name; for example, myproxy.bounceme.net. You run client software on your PC which "phones home" to DynDNS/No-IP every 30 minutes, informing them of your current IP address. Note that many modern consumer-oriented routers from Linksys, Netgear, D-Link, etc. have this software built-in so you don't need to run a client on your PC.

Other Tutorials