Never Ending Security

It starts all here

HowTo – Installation of 3proxy 0.7.1, a tiny free proxy server on Debian 7

In this tutorial I’m going install and configure 3proxy on Debian 7×86. It is a really fast and lightweight alternative to Squid Proxy. My whole system with running 3proxy needs only 15 MB RAM. I will configure a HTTP Proxy and chroot him to increase security. Users for the Proxy are stored in the /usr/local/etc/3proxy/passwd file. At the end of the article I will add an user.

Attention: As far as I know 3proxy is not compatible with x64 distributions!

# Install Dependencies

apt-get update && apt-get -y upgrade
apt-get install -y build-essential libssl-dev

# Download, compile and move 3proxy to wanted directory
# 3proxy will be chrooted to the directory /usr/local/etc/3proxy for security reasons

tar xzf 3proxy-
cd 3proxy
make -f Makefile.Linux
cd src
mkdir -p /usr/local/etc/3proxy/bin/
install 3proxy /usr/local/etc/3proxy/bin/3proxy
install mycrypt /usr/local/etc/3proxy/bin/mycrypt
touch /usr/local/etc/3proxy/3proxy.cfg
touch /usr/local/etc/3proxy/passwd
mkdir -p /usr/local/etc/3proxy/log/

# Setting the file permissions.
# Only the log folder and the pid file should be rightable by 65535

chown -R root:root /usr/local/etc/3proxy/
chown -R 65535 /usr/local/etc/3proxy/log/
touch /usr/local/etc/3proxy/
chown 65535 /usr/local/etc/3proxy/

# Save the following config in /usr/local/etc/3proxy/3proxy.cfg

# start config file
# 3proxy- Configuration File by
# Tested on Debian 7 at 13.02.2015

# configure nameserver and nscache which good to save speed, traffic and bandwidth
# Important -> DNS-Server must work. At the moment the Free Google DNS is configured
nscache 65536

# configure where the users are stored who are allowed to use the proxy
users $passwd

#specify the startup mode as Deamon

#write pid of current process to file. It can be used to manipulate 3proxy with signals under Unix.

#Path to configuration file to use on 3proxy restart or to save configuration.
config 3proxy.cfg

#If file monitored changes in modification time or size,
# proxy reloads configuration within one minute.
monitor 3proxy.cfg
monitor passwd

# log allows to specify log file location and rotation, D means logfile is created daily
log log/3proxy.log D
logformat “L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T”

# We will keep last 30 log files
rotate 30

# auth specifies type of user authentication. For strong authentication
# unknown user will not be allowed to use proxy regardless of ACL.
auth strong

# We want to protect internal interface
deny * *
# and allow HTTP and HTTPS traffic.
allow * * * 80-88,8080-8088 HTTP
allow * * * 443,8443 HTTPS

# Sets the proxy on port 3128 with high anonymous flag -a
# You need root priviliges to bind to a port lower than 1000
proxy -a -p3128

# now we needn’t any root rights. We can chroot and setgid/setuid.
chroot /usr/local/etc/3proxy/
setgid 65535
setuid 65535

# End config file

# Generate an init script for automatic startup 3proxy after reboot

cd /etc/init.d/

Content of the file /etc/init.d/3proxyinit

# Provides: 3Proxy
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Initialize 3proxy server
# Description: starts 3proxy

cd /usr/local/etc/3proxy/
case “$1” in
echo Starting 3Proxy

/usr/local/etc/3proxy/bin/3proxy /usr/local/etc/3proxy/3proxy.cfg
echo Stopping 3Proxy
kill `pidof 3proxy`
echo Usage: \$0 “{start|stop}”
exit 1
exit 0

# Make the file executable

chmod +x /etc/init.d/3proxyinit
update-rc.d 3proxyinit defaults

# Manual stop and start 3proxy

/etc/init.d/3proxyinit stop
/etc/init.d/3proxyinit start

# Tell iptables, the internal firewall to forward packets arriving at Port 80 to 3128 (Port 3proxy ist listening)

iptables -t nat -A PREROUTING -p tcp –dport 80 -j REDIRECT –to-port 3128

# Install programm to make iptable Rules persistent (even after reboot)

apt-get install iptables-persistent

######Add a user to the /usr/local/etc/3proxy/passwd file

echo username:`/usr/local/etc/3proxy/bin/mycrypt $$ password` >> /usr/local/etc/3proxy/passwd

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s