# How to configure an entire OS to SOCKS5?



## ikevin8me (Jul 16, 2021)

I have a new FreeBSD 13 PC behind a firewall and need to connect to a SOCKS5 proxy to "go out". 

How do I configure the operating system to proxy to a fixed SOCKS IP address and fixed port?*

* So all applications will just "go out" without configuring each one individually.


----------



## SirDice (Jul 16, 2021)

You don't. It's an application specific setting. Not all applications are able to use a SOCKS5 proxy.

There are settings for a 'regular' proxy though, most applications (if they support a proxy) will respect the HTTP_PROXY environment variable. 

```
HTTP_PROXY              URL of the proxy to use for HTTP requests.  The
                             document part is ignored.  Only HTTP proxies are
                             supported for HTTP requests.  If no port number
                             is specified, the default is 3128.

                             Note that this proxy will also be used for FTP
                             documents, unless the FTP_PROXY variable is set.
```
See fetch(3) for more variables.


----------



## ikevin8me (Jul 16, 2021)

SirDice said:


> You don't. It's an application specific setting. Not all applications are able to use a SOCKS5 proxy.


I knew that and thought so, BUT it is troublesome to set all applications. Further, in macOS, there is a SOCKS proxy settings in the Network system preferences which is universal to the entire OS. And so therefore I thought FreeBSD can do the same. It'll be so much convenient if this is possible.


----------



## SirDice (Jul 16, 2021)

Some desktop environments have a central proxy setting you can use. But it's not a system-wide setting, it's a user setting. Some applications simply can't be proxied. Anything that's based on HTTP usually can but a lot of other protocols simply can't be proxied or require specific protocol proxies.


----------



## Deleted member 30996 (Jul 16, 2021)

You might check out net/proxychains to run Firefox through with `proxychains firefox` from the command line.

But then you need a fresh SOCKS5 proxy to use with it. This is where I look. 

After I have coffee, if I can write a few paragraphs and it not take hours, I'll show you how to chain proxies without using proxychains.


----------



## covacat (Jul 16, 2021)

net/tsocks 
use the ld_preload trick to make connect(2) use a socks proxy


----------



## kpedersen (Jul 16, 2021)

In many ways the point of SOCKS is to only allow certain applications access to the wider network (Great for creepy operating systems like Windows).

There are tools like tsocks that work via LDPRELOADing presumably a hook into the socket / connect calls. Perhaps you can use that:

https://wiki.debian.org/HowtoProxyThroughSSH

`$ tsocks <window manager>`

Then every application you launch via the WM will have the preloaded hook.

Edit: Ah covacat just beat me to it


----------



## varda (Jul 17, 2021)

For example stunnel can be systemwide transparent

stunnel local/client side

```
[forward-socks]
sni = socks
client = yes
protocol = socks
accept = localhost:1080
connect = IP.RE.MO.TE:https
```


```
ipfw nat $nat config if $nat_if reset same_ports
ipfw add set $set nat $nat all from any to any via $nat_if
ipfw add set $set fwd 127.0.0.1,1080 tcp from any to any out via $nat_if
```
stunnel server side

```
[TLS]
client = no
accept = https
transparent = source
connect = localhost:http

[socks]
client = no
sni = TLS:socks
protocol = socks
transparent = none
;transparent = source
```
Optional transparent if wanted to keep logging client IP

```
ipfw add fwd IP.RE.MO.TE,443 tcp from 127.0.0.1 443 to any
```
Refer to stunnel site at https://www.stunnel.org/socksvpn.html for hints.


----------



## Alain De Vos (Jul 17, 2021)

py38-urllib3 seems to have the option SOCKS


----------

