Debugging Dante SOCKS Proxy Connection Issues: Browser Integration and Configuration Guide


2 views

When attempting to configure a Dante SOCKS proxy server (version 1.4.x), the primary symptom manifests as browsers failing to establish connections despite the proxy daemon appearing to run normally. The test case shows:

$ telnet 10.0.0.40 1080
Trying 10.0.0.40...
Connected to 10.0.0.40.
Escape character is '^]'.

Yet browser requests through the same endpoint fail with "Server not found" errors.

Modern browsers handle SOCKS proxies differently than raw TCP connections:

  1. Firefox: Requires explicit SOCKS v5 selection in manual proxy settings
  2. Chrome/Edge: Uses system-wide proxy settings by default
  3. CURL Testing: Recommended for initial validation:
curl --socks5 10.0.0.40:1080 http://example.com

The original configuration needs these adjustments:

# Enable protocol logging
logoutput: /var/log/danted/all.log
debug: 1

# Explicit SOCKS5 method declaration
method: username none

# Add DNS resolution through proxy
client pass {
    from: 10.0.0.0/8 to: 0.0.0.0/0
    command: bind connect udpassociate
    log: connect error
}

# Allow DNS resolution
pass {
    from: 10.0.0.0/8 to: 0.0.0.0/0
    command: bindreply udpreply
    protocol: udp
    port = domain
}

Before troubleshooting the application layer:

# Check firewall rules
iptables -L -n -v

# Verify port binding
ss -tulnp | grep 1080

# Test raw SOCKS protocol
printf "\x05\x01\x00" | nc -N 10.0.0.40 1080 | hexdump -C
  • Missing UDP permissions for DNS resolution
  • Overly restrictive client IP ranges
  • Firewall blocking return traffic
  • IPv6 vs IPv4 mismatches

When basic checks don't reveal the issue:

# Packet capture on proxy server
tcpdump -i eth0 'port 1080' -vvv -X

# Dante debug mode
danted -d -f /etc/danted.conf

# Browser network console inspection
chrome://net-internals/#events

For persistent issues, consider testing with alternative SOCKS clients like tsocks or proxychains to isolate the problem domain.

When your telnet test succeeds but browser connections fail through Dante SOCKS proxy, we're typically looking at one of these scenarios:

# Successful telnet test output example
$ telnet 10.0.0.40 1080
Trying 10.0.0.40...
Connected to 10.0.0.40.
Escape character is '^]'.

Your config appears mostly correct, but let's enhance it with critical missing elements:

logoutput: /var/log/danted/danted.log
debug: 1  # Increased verbosity
internal: eth0 port = 1080
external: eth0

# Authentication - critical for browser compatibility
method: username none
clientmethod: none

user.privileged: root
user.notprivileged: nobody

# Extended timeout for debugging
connecttimeout: 60
io.timeout: 600

# Allow rules - simplified for testing
client pass {
    from: 10.0.0.0/8 to: 0.0.0.0/0
    method: none
}

pass {
    from: 10.0.0.0/8 to: 0.0.0.0/0
    command: bind connect udpassociate
    protocol: tcp udp
}

Firefox requires special handling for SOCKS proxies:

  1. Set "network.proxy.socks_remote_dns" to true in about:config
  2. Ensure no extensions are interfering (test in Safe Mode)
  3. For IE, disable "Automatically detect settings" in LAN settings

Simultaneously monitor these while testing:

# Terminal 1 - Dante debug
$ sudo /usr/sbin/danted -d -D -f /etc/danted.conf

# Terminal 2 - Network traffic
$ sudo tcpdump -i eth0 port 1080 -nn -v

# Terminal 3 - Log monitoring
$ tail -f /var/log/danted/danted.log
  • Missing clientmethod: none when using method: username none
  • Firefox's DNS-over-SOCKS setting conflicting with proxy config
  • NetworkManager overwriting interface routes
  • SELinux/apparmor blocking connections (check audit logs)

Try this curl command before browser testing:

curl -v --socks5 10.0.0.40:1080 http://example.com

Successful output should show complete HTTP transaction through the proxy.