HideIPVPN
RSS Feed Click to Subscribe!

How to set up your own private proxy server for anonymous internet browsing

A Virtual Private Server can work well to set up your own anonymous Internet browsing proxy, a VPS can cost as little as $8 a month, which is roughly the same a private proxy or VPN provider would charge you, but with you being in full control over the logs and resources on the server which can be used for other things besides hiding your IP when browsing the Internet, like for example IRC chat through the shell with irssi or hosting a website with lighttpd.

You could also open this proxy for friends and even set up your own anonymous proxy business open to the public. You do not need a great knowledge of Unix to do this, I will write down an step by step tutorial, this was done on a Debian server.

Proxy server diagram
Proxy server diagram

1) You will need to install a proxy sever on your machine, this example uses  micro proxy,  a small Unix based HTTP/HTTPS proxy that runs from inetd.

privacydusk# apt-get install micro-proxy
Reading package lists… Done
Building dependency tree
Reading state information… Done
Suggested packages:
micro-httpd micro-inetd
The following NEW packages will be installed:
micro-proxy
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 9838B of archives.
After this operation, 65.5kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org lenny/main micro-proxy 20021030+debian-5 [9838B]
Fetched 9838B in 0s (24.8kB/s)
Selecting previously deselected package micro-proxy.
(Reading database … 16543 files and directories currently installed.)
Unpacking micro-proxy (from …/micro-proxy_20021030+debian-5_amd64.deb) …
Processing triggers for man-db …
Setting up micro-proxy (20021030+debian-5) …

2) Install xinetd on your sever:

privacydusk# apt-get install xinetd
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following NEW packages will be installed:
xinetd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 147kB of archives.
After this operation, 336kB of additional disk space will be used.
Get:1 http://ftp.us.debian.org lenny/main xinetd 1:2.3.14-7 [147kB]
Fetched 147kB in 1s (140kB/s)
Selecting previously deselected package xinetd.
(Reading database … 16548 files and directories currently installed.)
Unpacking xinetd (from …/xinetd_1%3a2.3.14-7_amd64.deb) …
Processing triggers for man-db …
Setting up xinetd (1:2.3.14-7) …
Stopping internet superserver: xinetd.
Starting internet superserver: xinetd.

Set micro proxy to run via xinetd (or inetd if you use that instead). Here goes my xinetd.conf file configured to use microproxy:

service microproxy
{
disable = no
bind = 127.0.0.1
socket_type = stream
protocol = tcp
user = root
wait = no
server = /usr/sbin/micro_proxy
}service microproxyssl
{
disable = no
bind = 127.0.0.1
socket_type = stream
protocol = tcp
user = root
wait = no
server = /usr/sbin/micro_proxy
}

3) Force xinetd to start the service for you by adding the following snippet of code in your etc/services file:

microproxy 2280/tcp
microproxyssl 2243/tcp

Notice that I am using port 2280 for HTTP and port 2243 for HTTPS, you can use any ports you like but make sure they are open in your server. You will also need to comment out any existing entries in /etc/services that try to define the same service ports.

After you have modified etc/services you will need to restart xinetd for the changes to take effect:

/etc/init.d/xinetd restart

4) Make sure the ports you want to use are open on the server, there are various methods to achieve this:

a) Install  lsoft and then:

lsof -i -nN -P | grep 2280
xinetd 29568 root 5u IPv4 1152793 TCP 127.0.0.1:2280 (LISTEN)

As you can see the line returns listen, this means that port 2280 is open. Change the port in the grep statement  for the port you want to check.

b) You can use netstat to check for open ports:

netstat -vatn

privacydusk:/etc# netstat -vatn
Active Internet connections (servers and established)
Proto                        Recv-Q Send-Q Local Address                  Foreign                                 Address State
tcp                                  0 0 0.0.0.0:111 0.0.0.0:*                                                                      LISTEN
tcp                                  0 0 64.62.173.51:53 0.0.0.0:*                                                            LISTEN
tcp                                 0 0 127.0.0.1:53 0.0.0.0:*                                                                    LISTEN
tcp                                 0 0 127.0.0.1:982 0.0.0.0:*                                                                 LISTEN
tcp                                 0 0 0.0.0.0:22 0.0.0.0:*                                                                       LISTEN
tcp                                0 0 0.0.0.0:25 0.0.0.0:*                                                                       LISTEN
tcp                                0 0 127.0.0.1:953 0.0.0.0:*                                                                LISTEN
tcp6                             0 0 :::80 :::*                                                                                                LISTEN
tcp6                             0 0 :::53 :::*                                                                                                LISTEN
tcp6                             0 0 :::22 :::*                                                                                                LISTEN
tcp6                            0 0 ::1:953 :::*                                                                                           LISTEN


c) Another method to check for open ports on the server is to scan yourself with nmap:

privacydusk# nmap localhost
Starting Nmap 4.62 ( http://nmap.org ) at 2009-03-30 05:21 UTC

5) Once you have installed micro proxy, configured xinetd and edited etc/services you should be done on the server side, now it is time to configure your internet browser.

If you are using Opera 9.*, go to Tools>Preferences>Advanced>Network>Proxy Servers now enter 127.0.0.1 port 5000 in the HTTP box and 127.0.0.1 port 5043 in the HTTPS box.

If you are using Firefox 3.* you will need to go to Tools>Options>Advanced>Settings and do exactly the same.

You only have left setting up the tunnel from the shell. Before start surfing with your browser, type:

ssh -L 5000:127.0.0.1:2280 -L 5043:127.0.0.1:2243 username@machine.net

machine.net=your hostname, you will need to change the port numbers if you are using different ones.

To surf through the SSH tunnel on a Windows machine without shell you can use KiTTY

Firewall:
If you have IPtables installed, you will need to instruct your firewall to allow traffic through those ports, the following code will open port 2280 in IPTables:

iptables -A INPUT -p tcp -i eth0 –dport 2280 -j ACCEPT

To find out the list of open ports in the firewall use iptables -L:

privacydusk# iptables -L
Chain INPUT (policy ACCEPT)
target                 prot                         opt                     source                        destination
ACCEPT             tcp                             —                       anywhere                  anywhere                                      tcp dpt:2280
ACCEPT              tcp                            —                       anywhere                  anywhere                                      tcp dpt:2243

Newsgroup dealing with port forwarding: comp.security.ssh

One Comment

Add a Comment

Your email address will not be published. Required fields are marked *