Own proxy server configuration for Diablo II

1) Introduction

This instruction shows how to install socks4 server on Linux Debian distribution. Installation on other distributions shouldn't be much different than this. The only difference will be that you won't be installing socks server from debian packages but from sources or from packages of some other distribution ( for example *.rpm for Red Hat or Mandrake ).

2) Instalation

Before starting you should check the content of /etc/apt/sources.list file. You should have something like this:

deb http://ftp.us.debian.org/debian woody main contrib non-free
deb http://security.debian.org woody/updates main contrib non-free

If not add these lines.

After configuring apt-get we can start installing.

First of all we have to install socks4-server with an apt-get install socks4-server command. Our system will check what other packages you need and will download and install them as well.

3) Configuration

Socks server have 2 major config files: /etc/sockd.conf and /etc/sockd.route. These are the files where you write ID of people who will be able to connect with your proxy server. ( We don't want our server to be open relay so that everyone who knows the address could connect to it ).

Let's start from /etc/sockd.route files because all you have to do in it is one time change. Open this file with your favorite edit program ( joe, vim, pico, mcedit ) and make sure that there something like that:

# IP of interface destination netmask for destination
0.0.0.0 0.0.0.0 0.0.0.0

Why only zeros? Ip of the interface is the IP of your internet connection. If you have static IP you can write it there, but if you have dynamic IP ( adsl connections for example ) lave as it is.

Now let's move to the /etc/sockd.conf file. This is the file where you write ID of people who can connect to your proxy server.

The file should contain something like that.

permit *=user1,user2,user3 0.0.0.0 0.0.0.0

This line allows people with ID's user1 user2 and user3 to connect to your server. Of course you can change his names for whatever you like.

That's all about these two files. After each change in each of them you have to make command make_sockdfc ( for changes in sockd.conf file ) or make_sockdfr ( for changes in sockd.route file ). This commands will encrypt each of the files to /etc/sockd.fc and /etc/sockd.fr files which have the priority ( for example if you have both /etc/sockd.conf and /etc/sockd.fc files the socks server will read only configuration which is encrypted in /etc/sockd.fc file ). This solution is very good for people who provides shell accounts on their servers. Thanks to that people who have shell account won't be able to check what ID's can connect to the server.

We are almost at the end of our configuration. The last thing you have to do is to add few lines to 2 system config files. These files are /etc/inetd.conf and /etc/services.

In /etc/inetd.conf in the far end of it you have to add this line:

socks stream tcp nowait nobody /usr/sbin/sockd sock

Of course you have to remember that /usr/sbin/sockd need to be replaced with path to your socked file ( ths is only required if you install socks4-server from sources or packages other than debian, because debian package always install it in /usr/sbin )

In /etc/services file we have to find such lines:

socks 1080/tcp # socks proxy server
socks 1080/udp # socks proxy server

1080 is a default port on which proxy servers operate. I suggest to change it to some other, for example 1440. If you don't have these line in /etc/services you have to add them.

After adding all the lines to both files we have to restart inetd daemon. In debian you do it with this command:

/etc/init.d/inetd restart

On other distributions daemon restart might be done differently but the script which does that should be somewhere in /etc/rc.* .

That's all if it is about configuration of socks server. If you did everything correctly your proxy server should accept connections from people with ID's you wrote in /etc/sockd.conf.

If you want to secure your server more precisely and allow only certain IP numbers to connect your socks server all you have to do cut out on your firewall all connections on your proxy port, except connections which come from the IP address you wish to allow. If your firewall/masquerade is based on iptables all you have to do is to add these lines to it:

iptables -A INPUT -p tcp -s x.x.x.x --dport 1440 -j ACCEPT
iptables -A INPUT -p tcp --dport 1440 -j DROP

1440 needs to be changes to the port on which your proxy server operates, and x.x.x.x needs to be replaced with the IP number which you want to be allowed to use your proxy server.

4) Conclusion

I hope that my FAQ will help someone in configuring his own proxy server. It's a very useful thing if you have static IP number and Biiz has banned it, or if you get RD and you need to get to BN very quickly to sell something.

All suggestions and questions are welcomed.

Originally Posted By ViVi