Sam - October 28, 2016
This instruction suitable for all Unix distributions. All commands above running with sudo privileges.
First of all you need to check your system version and distributive
For ubuntu 14 and older or debian 6 and older based systems add next repository to your system:
And install 3proxy
apt-get install 3proxy
For CentOS systems use next commands:
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
Check result with
yum install 3proxy
Compiling from source code more preffer, becouse you will get latest version and instruction is same for all unix versions and distributives, for example installation from repository is not supported for latest Ubuntu versions
For compiling 3proxy form source code you need to install git, make and gcc
Type into your terminal
apt-get install gcc make git -y
Next, browse to home dir
cd ~ git clone https://github.com/z3APA3A/3proxy.git
this will download latest version of 3proxy to your machine
next step to compile it and setup
cd 3proxy make -f Makefile.Linux
Next step to put files into correct path and setup autostart of service
mkdir /usr/local/etc/3proxy/bin –p cp src/3proxy /usr/local/etc/3proxy/bin cp ./scripts/rc.d/proxy.sh /etc/init.d/3proxy
chkconfig 3proxy on
update-rc.d 3proxy defaults
Now you need to create config file
Main configuration file
If you running 3proxy from command line you need to uncomment it for close console, do not use it with service command.
First of all you need to change log path to UNIX format
log /var/log/3proxy.log D
How long your logs will stored in system
For restrict possible network causes in your system or set default network interface for proxy use external/internal parameters with ip address of needed interface
None authentication, everybody who knows ip and port can use proxy
Note: there are a lot of proxy scanner in internet, be careful
Authentication using login and password, specified in users.conf file
With strong option you need to create list of users and passwords in /usr/local/etc/3proxy/users.conf
Example with clear text password
Example with password hash
For generate NTLM hash from password you can use online tool
Note: If you using not encrypted passwords, its strongly recommended to set permissions to users.conf file
chmod 600 users.conf
Reducing connection speed for clients
bandlimin <bitrate> <userlist> <sourcelist> <targetlist> <targetportlist> <commandlist>
For example, reduce speed to 100Kbps for user UserName
bandlimin 100 UserName
Additional you can disable limit for specify port, user or ip
Example, no limit for all users to https
nobandlimin * * * 443
Commands allow, deny and flush are used to manage ACLs:
allow <userlist> <sourcelist> <targetlist> <targetportlist> <commandlist> <weekdaylist> <timeperiodlist> deny <userlist> <sourcelist> <targetlist> <weekdaylist> <timeperiodlist> flush
For using http proxy uncomment string
Next parameters can be setted, but not necessary
-pNUMBER change default server port to NUMBER
-u Never ask for username/password
-n disable NTLM authentication
-a (for proxy) – anonymous proxy (no information about client reported)
-a1 (for proxy) – anonymous proxy (random client information reported)
-a2 (for proxy) – generate Via: and X-Forwared-For: instead of Forwarded:
Default settings are:
In mostly this configuration will be enough for using proxy
Configuration of SOCKS proxy is more simple than default proxy
For start this proxy add next line to config file
This will enable socks proxy on 1080 port, any additional configuration not needed
Note: If you using http and socks proxy together use
command before starting proxy to flush authorization information about client
Note: Be sure that you don`t have spaces at the line start!
For start or stop 3proxy with service use next command
service 3proxy start
service 3proxy stop
If your 3proxy was compiled you need to find process id and terminate it
ps aux | grep 3proxy
root 10069 0.0 0.5 534188 2832 ? Ssl 17:57 0:00 3proxy /etc/3proxy.conf root 10269 0.0 0.4 11992 2204 pts/0 S+ 18:14 0:00 grep 3proxy
Type to kill process
For start 3proxy type
nserver 188.8.131.52 nserver 184.108.40.206
#Do not forget to comment it if you are using service command to start or stop daemon
daemon users UserName:CL:Password #include /usr/local/etc/3proxy/users.conf log /var/log/3proxy.log D external 0.0.0.0 internal 0.0.0.0 auth strong flush proxy -p3128 -n flush socks -p1080
In some systems all incoming connections disabled by default
For allow it type next command
iptables -I INPUT -p tcp - -dport 3128 -j ACCEPT
You need change port 3128 to yours if you are using not default settings
You can combine different settings for each block in configuration file.
For example it possible to set few authentification settings for each proxy type, limit speed, disable ports, etc.
For this you need to use ‘flush’ command, which used to finish with existing ACL and to start new one. It’s required to have different ACLs for different services.
pop3p [options] ftppr [options] admin [options] dnspr [options] tcppm [options] <SRCPORT> <DSTADDR> <DSTPORT> udppm [options] <SRCPORT> <DSTADDR> <DSTPORT>
proxy − HTTP/HTTPS proxy (default port 3128) socks − SOCKS 4/4.5/5 proxy (default port 1080) pop3p − POP3 proxy (default port 110) ftppr − FTP proxy (default port 21) admin − Web interface (default port 80) dnspr − caching DNS proxy (default port 53) tcppm − TCP portmapper udppm − UDP portmapper
3proxy have a lot of flexible settings which could help you with more elastic configuration, controlling users and use access control to web resources. Let`s look to few of them
sets maximum number of simulationeous connections to each services started after this command. Default is 100.
Execute progname if external name can’t be resolved. Hint: if you use nscache, dialer may not work, because names will be resolved through cache. In this case you can use something like http://dial.right.now/ from browser to set up connection.
execute system command
calls setuid(uid), uid must be numeric. Unix only. Warning: under some Linux kernels setuid() works onle for current thread. It makes it impossible to suid for all threads.
calls setgid(gid), gid must be numeric. Unix only.
nscache <cachesize> nscache6 <cachesize> Cache <cachesize>
records for name resolution (nscache for IPv4, nscache6 for IPv6). Cachesize usually should be large enougth (for example 65536).
Plugins give additional power to 3proxy
plugin <path_to_shared_library> <function_to_call> [<arg1> ...]
Loads specified library and calls given export function with given arguments
3proxy transparent plugin (Linux) This plugin can be used to implement 3proxy transparently for client for any TCP-based protocols.
3proxy SSL plugin This plugin can be used to decrypt and manupulate SSL/TLS traffic
3proxy Perl Compatible Regular Expressions (PCRE) plugin This filtering plugin can be used to create matching and replace rules with regular expressions for client’s request, client and servers header and client and server data.
Traffic correction plugin (Windows only) Attempts to correct 3proxy traffic to count network/link level headers to conform provider’s billing system.
Strings substitution plugin Allows to change replies of HTTP proxy server
Get Started by signing up for a Proxy ProductView Plans