Synology usage series 4 – Setup Socks 5 Proxy with nylon


After setup the squid http proxy, I want to give socks 5 proxy a try as well.
Same as squid proxy, you will need to figure out an tcp port which is not blocked by your broadband ISP. If you need to access your proxy from other network (say company network), the tcp port should not blocked by the firewall from other network as well.

Socks proxy do not encrypt data. Your data is subject to be inspected by the administrator. If privacy is a concern, use SSH tunneling instead.

To install nylon:

  1. #ipkg install nylon –force-depends

    This should installed both of the libevent and nylon packages.

  2. Edit the nylon.conf

    # vi /opt/etc/nylon.conf

    Binding-Interface=eth0
    Connecting-Interface=eth0
    Port=8080
    Allow-IP=192.168.1.0/24,192.168.21.0/24
    

    By default, socks will usually run at TCP port 1080. You can change the port to whatever you wish, for example, 8080.

    Only allowed IP is permitted to connect to the nylon proxy, so assign the proxy client IP address(es) to the Allow-IP field. IP addresses were separated with a comma.

    If you need to connect the socks proxy from remote network, and the remote network only have dynamic IP, same as srelay, IP filtering will not works in this case. You need to allow any host to connect to the proxy by assigning 0.0.0.0/0 to the Allow-IP field.

  3. To start nylon

    # /opt/etc/init.d/S10nylon start

  4. Setup router, insert a port forwarding rule in order to allow incoming proxy connection, example for linksys WRT54G router
    Linksys WRT54G setup port forwarding for Nylon : Port 8080 : TCP

    Linksys WRT54G setup port forwarding for Nylon : Port 8080 : TCP

    Input your own nylon port and IP address of the NAS. Protocol should be TCP or Both.

  5. For firmware 2.2 user, a firewall rule is required for external access of the nylon server.

    Network Services > Firewall > Click ‘Create’ button

    Ports > Check ‘Custom’ radio button > Click ‘Custom’ button

    Synology: Adding a new firewall rule with custom port

    To add a new custom port:

    Ports: Type: Destination Port
    Protocol: TCP
    Ports: 8080 (or your defined port)

    Synology: Adding new firewall rule for Nylon Proxy : Port 8080 : TCP

    Synology: Adding new firewall rule for Nylon Proxy : Port 8080 : TCP

    Source IP: ALL (or any other permitted IP address)

    DiskStation: Firewall: Assign 'ALL' for source IP

    Action : Access : Allow

    DiskStation: Firewall: Allow an firewall rule

  6. Configure your browser to use your NAS as socks proxy

    For Internet Explorer (replace localhost to your NAS ip and your proxy port, if you connect from remote location, input dynamic domain name instead)

    IE LAN Advanced Setting for local Socks Proxy Server

    IE LAN Advanced Setting for local Socks Proxy Server

    For Firefox (replace localhost to your NAS ip and your proxy port, if you connect from remote location, input dynamic domain name instead)

    Firefox setup for Socks 5 Proxy

    Firefox setup for Socks 5 Proxy





One thought


  1. Pingback: Synology DS207+ usage series 6 – Securing Squid and Socks5 connection using Bitvise Tunnelier « BLoG of R@y

Leave a Reply

Your email address will not be published. Required fields are marked *