How to configure an entire OS to SOCKS5?

ikevin8me

Active Member

Reaction score: 12
Messages: 198

I have a new FreeBSD 13 PC behind a firewall and need to connect to a SOCKS5 proxy to "go out".

How do I configure the operating system to proxy to a fixed SOCKS IP address and fixed port?*

* So all applications will just "go out" without configuring each one individually.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,357
Messages: 38,883

You don't. It's an application specific setting. Not all applications are able to use a SOCKS5 proxy.

There are settings for a 'regular' proxy though, most applications (if they support a proxy) will respect the HTTP_PROXY environment variable.
Code:
     HTTP_PROXY              URL of the proxy to use for HTTP requests.  The
                             document part is ignored.  Only HTTP proxies are
                             supported for HTTP requests.  If no port number
                             is specified, the default is 3128.

                             Note that this proxy will also be used for FTP
                             documents, unless the FTP_PROXY variable is set.
See fetch(3) for more variables.
 
OP
I

ikevin8me

Active Member

Reaction score: 12
Messages: 198

You don't. It's an application specific setting. Not all applications are able to use a SOCKS5 proxy.
I knew that and thought so, BUT it is troublesome to set all applications. Further, in macOS, there is a SOCKS proxy settings in the Network system preferences which is universal to the entire OS. And so therefore I thought FreeBSD can do the same. It'll be so much convenient if this is possible.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 12,357
Messages: 38,883

Some desktop environments have a central proxy setting you can use. But it's not a system-wide setting, it's a user setting. Some applications simply can't be proxied. Anything that's based on HTTP usually can but a lot of other protocols simply can't be proxied or require specific protocol proxies.
 

Trihexagonal

Son of Beastie

Reaction score: 2,436
Messages: 2,955

You might check out net/proxychains to run Firefox through with proxychains firefox from the command line.

But then you need a fresh SOCKS5 proxy to use with it. This is where I look.

After I have coffee, if I can write a few paragraphs and it not take hours, I'll show you how to chain proxies without using proxychains.
 

kpedersen

Son of Beastie

Reaction score: 2,096
Messages: 2,954

In many ways the point of SOCKS is to only allow certain applications access to the wider network (Great for creepy operating systems like Windows).

There are tools like tsocks that work via LDPRELOADing presumably a hook into the socket / connect calls. Perhaps you can use that:

https://wiki.debian.org/HowtoProxyThroughSSH

$ tsocks <window manager>

Then every application you launch via the WM will have the preloaded hook.

Edit: Ah covacat just beat me to it ;)
 

varda

Active Member

Reaction score: 26
Messages: 124

For example stunnel can be systemwide transparent

stunnel local/client side
Code:
[forward-socks]
sni = socks
client = yes
protocol = socks
accept = localhost:1080
connect = IP.RE.MO.TE:https
Code:
ipfw nat $nat config if $nat_if reset same_ports
ipfw add set $set nat $nat all from any to any via $nat_if
ipfw add set $set fwd 127.0.0.1,1080 tcp from any to any out via $nat_if
stunnel server side
Code:
[TLS]
client = no
accept = https
transparent = source
connect = localhost:http

[socks]
client = no
sni = TLS:socks
protocol = socks
transparent = none
;transparent = source
Optional transparent if wanted to keep logging client IP
Code:
ipfw add fwd IP.RE.MO.TE,443 tcp from 127.0.0.1 443 to any
Refer to stunnel site at https://www.stunnel.org/socksvpn.html for hints.
 
Top