BLOG POSTS

MangoHost Blog / How to Set Up Dante Proxy on Ubuntu 24

How to Set Up Dante Proxy on Ubuntu 24

Setting up a Dante SOCKS proxy on Ubuntu 24 is one of those tasks that sounds intimidating but is actually pretty straightforward once you know the steps. Whether you’re looking to route traffic through a specific server, bypass geo-restrictions, set up a secure tunnel for your team, or just want to learn how proxy servers work under the hood, this guide will walk you through the entire process. Dante is a robust, enterprise-grade SOCKS proxy implementation that’s been battle-tested for years, and it’s perfect for both simple personal setups and complex multi-user environments. By the end of this post, you’ll have a fully functional proxy server running on your Ubuntu box, complete with authentication and logging.

How Does Dante Proxy Work?

Dante operates as a SOCKS4/SOCKS5 proxy server, which means it acts as an intermediary between your client applications and the internet. Unlike HTTP proxies that only handle web traffic, SOCKS proxies work at a lower network layer and can handle any type of TCP (and UDP with SOCKS5) traffic.

Here’s the basic flow:

Your client connects to the Dante proxy server
Client authenticates (if required) and sends connection requests
Dante establishes connections to target servers on behalf of the client
All traffic flows through the proxy server, appearing to originate from its IP

The beauty of Dante lies in its flexibility. It supports multiple authentication methods (no auth, username/password, PAM), extensive access control rules, and can handle thousands of concurrent connections. Unlike simpler proxy solutions like 3proxy or Shadowsocks, Dante gives you enterprise-level control over who can connect, what they can access, and how traffic is routed.

Quick and Easy Setup Guide

Let’s get your hands dirty with the actual installation. First, make sure you’re working with a fresh Ubuntu 24.04 server. If you need a VPS for this, grab one from https://mangohost.net/vps – they’re solid for testing setups like this.

Step 1: Install Dante

sudo apt update
sudo apt install dante-server -y

That’s it for the basic installation. Ubuntu 24 includes Dante 1.4.x in its repositories, which is the current stable branch.

Step 2: Basic Configuration

The main config file lives at /etc/danted.conf. Let’s start with a minimal working configuration:

sudo cp /etc/danted.conf /etc/danted.conf.backup
sudo nano /etc/danted.conf

Here’s a basic config to get you started:

# Basic logging
logoutput: syslog

# Listen on all interfaces, port 1080 (standard SOCKS port)
internal: 0.0.0.0 port = 1080

# External interface (change eth0 to your actual interface)
external: eth0

# Authentication method - start with none for testing
clientmethod: none
socksmethod: none

# Basic client access rule
client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: error connect disconnect
}

# Basic socks access rule
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: error connect disconnect
}

Step 3: Start and Enable Service

sudo systemctl start danted
sudo systemctl enable danted
sudo systemctl status danted

If everything’s working, you should see the service as active and running.

Step 4: Firewall Configuration

sudo ufw allow 1080/tcp
sudo ufw reload

Step 5: Test Your Proxy

From another machine, test the connection:

curl --socks5 YOUR_SERVER_IP:1080 http://httpbin.org/ip

You should see your server’s IP address in the response, not your local IP.

Real-World Examples and Use Cases

Now let’s dive into some practical scenarios where Dante really shines.

Scenario 1: Multi-User Setup with Authentication

For a team environment, you’ll want user authentication. Here’s how to set up username/password auth:

# Create users (this adds them to system, but we'll use PAM)
sudo useradd -r -s /bin/false proxyuser1
sudo useradd -r -s /bin/false proxyuser2
echo "proxyuser1:strongpassword1" | sudo chpasswd
echo "proxyuser2:strongpassword2" | sudo chpasswd

Updated config with PAM authentication:

logoutput: syslog
internal: 0.0.0.0 port = 1080
external: eth0

# Use PAM for authentication
clientmethod: none
socksmethod: username

# More restrictive client rules
client pass {
    from: 192.168.1.0/24 to: 0.0.0.0/0
    log: error connect disconnect
}

client block {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error
}

# Authenticated socks rules
socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: error connect disconnect
    socksmethod: username
}

Scenario 2: Geo-Restricted Content Access

Many folks use proxies to access region-locked content. Here’s a config optimized for that:

logoutput: /var/log/danted.log
internal: 0.0.0.0 port = 1080
external: eth0

clientmethod: none
socksmethod: none

# Allow specific streaming services
socks pass {
    from: 0.0.0.0/0 to: netflix.com port 1-65535
    log: connect disconnect
}

socks pass {
    from: 0.0.0.0/0 to: hulu.com port 1-65535
    log: connect disconnect
}

# Block everything else (optional)
socks block {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error
}

Performance Comparison Table

Proxy Solution	Max Concurrent Connections	Memory Usage (1000 conn)	CPU Usage	Config Complexity
Dante	10,000+	~50MB	Low	Medium
3proxy	5,000	~30MB	Low	Low
Shadowsocks	3,000	~20MB	Medium	Very Low
Squid (HTTP only)	15,000+	~100MB	Medium	High

Negative Cases and Troubleshooting

Problem: Service fails to start with “bind: Address already in use”

sudo netstat -tlnp | grep :1080
sudo systemctl stop danted
sudo systemctl start danted

Problem: Clients can connect but can’t access any websites

This usually means your external interface is incorrectly configured. Check your interface name:

ip addr show
# Update /etc/danted.conf with correct interface name

Problem: Authentication isn’t working

Make sure PAM is properly configured and users exist:

sudo tail -f /var/log/auth.log
# Test PAM authentication
sudo pamtester login proxyuser1 authenticate

Advanced Configuration and Automation

For larger deployments, you’ll want to automate the setup. Here’s a script that handles the entire installation:

#!/bin/bash

# Dante auto-installer for Ubuntu 24
PROXY_PORT=${1:-1080}
INTERFACE=$(ip route | grep default | awk '{print $5}' | head -1)

echo "Installing Dante on interface $INTERFACE, port $PROXY_PORT"

# Install
apt update && apt install -y dante-server

# Backup original config
cp /etc/danted.conf /etc/danted.conf.orig

# Generate config
cat > /etc/danted.conf << EOF
logoutput: syslog
internal: 0.0.0.0 port = $PROXY_PORT
external: $INTERFACE

clientmethod: none
socksmethod: none

client pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: error connect disconnect
}

socks pass {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: error connect disconnect
}
EOF

# Start services
systemctl enable danted
systemctl restart danted

# Configure firewall
ufw allow $PROXY_PORT/tcp

echo "Dante proxy is running on port $PROXY_PORT"
echo "Test with: curl --socks5 $(curl -s ifconfig.me):$PROXY_PORT http://httpbin.org/ip"

Integration with Other Tools

Dante plays well with monitoring tools. Here's how to set up basic monitoring with systemd and integrate it with common tools:

# Monitor with journalctl
journalctl -u danted -f

# Integration with fail2ban for brute force protection
cat > /etc/fail2ban/jail.d/dante.conf << EOF
[dante]
enabled = true
port = 1080
protocol = tcp
filter = dante
logpath = /var/log/syslog
maxretry = 5
bantime = 3600
EOF

For high-traffic scenarios, consider setting up Dante on a dedicated server where you have more control over network configuration and can handle enterprise-level loads.

Load Balancing Multiple Dante Instances

You can run multiple Dante instances for load distribution:

# Run additional instances on different ports
sudo cp /etc/danted.conf /etc/danted2.conf
# Edit port in danted2.conf to 1081
sudo systemctl start danted@2

Interesting Facts and Statistics

Here are some cool things about Dante that might surprise you:

Dante can handle over 65,000 concurrent connections on a properly tuned system
It's been in development since 1997, making it older than many Linux distributions
Netflix and other streaming services have gotten very good at detecting proxy traffic, but Dante's enterprise features make it harder to fingerprint
The SOCKS5 protocol supports UDP tunneling, which means you can proxy DNS queries, games, and VoIP traffic
Dante uses about 1KB of memory per connection, making it incredibly efficient

Automation and Scripting Possibilities

Once you have Dante running, it opens up interesting automation possibilities:

Dynamic IP rotation: Script multiple Dante instances across different servers and rotate between them
Geo-distributed proxy networks: Deploy Dante across multiple regions for location-specific access
Integration with CI/CD: Use proxied connections for testing geo-restricted features
Load testing: Distribute load testing traffic through multiple proxy endpoints

For API automation, you can use Dante with tools like curl, wget, or Python requests:

# Python example
import requests

proxies = {
    'http': 'socks5://your-dante-server:1080',
    'https': 'socks5://your-dante-server:1080'
}

response = requests.get('http://httpbin.org/ip', proxies=proxies)
print(response.json())

Conclusion and Recommendations

Dante is hands-down one of the most robust proxy solutions available for Linux systems. It strikes the perfect balance between functionality and simplicity - complex enough to handle enterprise requirements, but straightforward enough for personal use.

Use Dante when you need:

A reliable, long-term proxy solution that won't break with updates
Fine-grained access control and user authentication
High concurrent connection counts (1000+ simultaneous users)
Protocol flexibility beyond just HTTP (games, VoIP, etc.)
Integration with existing Linux infrastructure and monitoring tools

Consider alternatives when:

You need something dead simple with zero configuration (try Shadowsocks)
You only need HTTP proxying and want caching features (Squid is better)
You're dealing with extremely high throughput requirements (HAProxy might be overkill but more optimized)

For production deployments, always set up proper authentication, logging, and monitoring. Don't run open proxies on the internet - they'll get abused quickly and might land you in trouble.

The configuration examples in this guide should get you 90% of the way there for most use cases. The official Dante documentation at https://www.inet.no/dante/ covers advanced scenarios like bandwidth limiting, connection routing rules, and integration with LDAP systems if you need enterprise features.

Remember, with great proxy power comes great responsibility - use your new Dante setup wisely!

This article incorporates information and material from various online sources. We acknowledge and appreciate the work of all original authors, publishers, and websites. While every effort has been made to appropriately credit the source material, any unintentional oversight or omission does not constitute a copyright infringement. All trademarks, logos, and images mentioned are the property of their respective owners. If you believe that any content used in this article infringes upon your copyright, please contact us immediately for review and prompt action.

This article is intended for informational and educational purposes only and does not infringe on the rights of the copyright owners. If any copyrighted material has been used without proper credit or in violation of copyright laws, it is unintentional and we will rectify it promptly upon notification. Please note that the republishing, redistribution, or reproduction of part or all of the contents in any form is prohibited without express written permission from the author and website owner. For permissions or further inquiries, please contact us.