I have just installed clash from my Linux distribution's repository, and both my Linux distribution and clash are outdated (which, I am not sure, is the cause of the following problem): $ clash -v Clash 1.16.0 linux amd64 with go1.20.8 unknown time I got the following config error when running clash $ clash FATA Parse config error: proxy 3: uuid: incorrect UUID length 4 in string "uuid" I have made ~/.config/clash/config.yaml (whose content is copied and pasted at the end of this post) to be the same as the one in https://doreamon-design.github.io/clash/configuration/configuration-reference.html , except the following part for section proxy-providers (see https://doreamon-design.github.io/clash/configuration/outbound.html for detailed information): proxy-providers: provider1: type: http url: "https://node.freev2raynode.com/uploads/2025/08/1-20250807.yaml " interval: 3600 path: ./provider1.yaml health-check: enable: true interval: 600 # lazy: true url: http://www.gstatic.com/generate_204 test: type: file path: /test.yaml health-check: enable: true interval: 36000 url: http://www.gstatic.com/generate_204 Is the uuid error in ~/.config/clash/config.yaml or https://node.freev2raynode.com/uploads/2025/08/1-20250807.yaml ? How can I fix it? In config.yaml, uuid appears in > uuid: uuid as in # vmess # cipher support auto/aes-128-gcm/chacha20-poly1305/none - name: "vmess" type: vmess server: server port: 443 uuid: uuid alterId: 32 cipher: auto If there's a problem there, what's it and how is it fixed? Thanks! **************************** In https://node.freev2raynode.com/uploads/2025/08/1-20250807.yaml , uuid has appeared in the following part: proxies: - {name: HK香港(mibei77.com 米贝节点分享), server: free-relay.themars.top, port: 37906, type: vmess, uuid: 90030631-4027-4810-8ce9-3e9095390f2d, alterId: 0, cipher: auto, tls: false, skip-cert-verify: true, network: ws, ws-path: /cctv1.m3u8, ws-headers: {Host: www.cctv.com}, udp: true} - {name: US美国(mibei77.com 米贝节点分享), server: 45.67.215.95, port: 443, type: trojan, password: tg-fq521free, skip-cert-verify: true, udp: true} - {name: US美国(mibei77.com 米贝节点分享) 2, server: dDdDdDdddDDDDyUUUIO.4444926.XyZ, port: 80, type: vmess, uuid: dc50eb1d-244d-4711-b168-a101a5e6fb1b, alterId: 0, cipher: auto, tls: false, skip-cert-verify: true, network: ws, ws-path: /awmqq79B17rfnpXiNaWb, ws-headers: {Host: dddddddddddddyuuuio.4444926.xyz}, udp: true} - {name: US美国(mibei77.com 米贝节点分享) 3, server: switcher-nick-croquet.freesocks.work, port: 443, type: ss, cipher: chacha20-ietf-poly1305, password: 9tqhMdIrTkgQ46PvhyAtMH, udp: true} - {name: US美国(mibei77.com 米贝节点分享) 4, server: 172.67.214.21, port: 443, type: trojan, password: 7248e825-887c-48b9-83bc-c26bc6392bf8, skip-cert-verify: true, udp: true} - {name: HK香港(mibei77.com 米贝节点分享) 2, server: v29.heduian.link, port: 30829, type: vmess, uuid: cbb3f877-d1fb-344c-87a9-d153bffd5484, alterId: 2, cipher: auto, tls: false, skip-cert-verify: true, network: ws, ws-path: /oooo, ws-headers: {Host: ocbc.com}, udp: true} - {name: JP日本(mibei77.com 米贝节点分享), server: arxfw2b78fi2q9hzylhn.freesocks.work, port: 443, type: ss, cipher: chacha20-ietf-poly1305, password: Nk9asglDzHzjktVzTkvhaA, udp: true} - {name: US美国(mibei77.com 米贝节点分享) 5, server: rrrrrrrrrt.11890604.xyz, port: 443, type: vmess, uuid: f898ffcb-6417-4373-9640-0b66091e8206, alterId: 0, cipher: auto, tls: true, skip-cert-verify: true, network: ws, ws-path: /GnJ3bBxV91uFkYtuzXyJ5XNeH1R1, ws-headers: {Host: rrrrrrrrrt.11890604.xyz}, udp: true} - {name: US美国(mibei77.com 米贝节点分享) 6, server: 141.11.203.26, port: 8880, type: vmess, uuid: 1fcb582e-7ffb-3708-8a0f-96c2a070e40d, alterId: 0, cipher: auto, tls: false, skip-cert-verify: true, network: ws, ws-path: "/dabai&Telegram🇨🇳@WangCai2/?ed=2560", ws-headers: {Host: TG.WangCai2.s2.cn-db.top}, udp: true} ******************************** ~/.config/clash/config.yaml: # Port of HTTP(S) proxy server on the local end port: 7890 # Port of SOCKS5 proxy server on the local end socks-port: 7891 # Transparent proxy server port for Linux and macOS (Redirect TCP and TProxy UDP) # redir-port: 7892 # Transparent proxy server port for Linux (TProxy TCP and TProxy UDP) # tproxy-port: 7893 # HTTP(S) and SOCKS4(A)/SOCKS5 server on the same port # mixed-port: 7890 # authentication of local SOCKS5/HTTP(S) server # authentication: # - "user1:pass1" # - "user2:pass2" # Set to true to allow connections to the local-end server from # other LAN IP addresses # allow-lan: false # This is only applicable when allow-lan is true # '*': bind all IP addresses # 192.168.122.11: bind a single IPv4 address # "[aaaa::a8aa:ff:fe09:57d8]": bind a single IPv6 address # bind-address: '*' # Clash router working mode # rule: rule-based packet routing # global: all packets will be forwarded to a single endpoint # direct: directly forward the packets to the Internet mode: rule # Clash by default prints logs to STDOUT # info / warning / error / debug / silent # log-level: info # When set to false, resolver won't translate hostnames to IPv6 addresses # ipv6: false # RESTful web API listening address external-controller: 127.0.0.1:9090 # A relative path to the configuration directory or an absolute path to a # directory in which you put some static web resource. Clash core will then # serve it at http://{{external-controller}}/ui . # external-ui: folder # Secret for the RESTful API (optional) # Authenticate by spedifying HTTP header Authorization: Bearer ${secret} # ALWAYS set a secret if RESTful API is listening on 0.0.0.0 # secret: "" # Outbound interface name # interface-name: en0 # fwmark on Linux only # routing-mark: 6666 # Static hosts for DNS server and connection establishment (like /etc/hosts) # # Wildcard hostnames are supported (e.g. *.clash.dev, *.foo.*.example.com) # Non-wildcard domain names have a higher priority than wildcard domain names # e.g. foo.example.com > *.example.com > .example.com # P.S. +.foo.com equals to .foo.com and foo.com # hosts: # '*.clash.dev': 127.0.0.1 # '.dev': 127.0.0.1 # 'alpha.clash.dev': '::1' # profile: # Store the select results in $HOME/.config/clash/.cache # set false If you don't want this behavior # when two different configurations have groups with the same name, the selected values are shared # store-selected: true # persistence fakeip # store-fake-ip: false # DNS server settings # This section is optional. When not present, the DNS server will be disabled. dns: enable: false listen: 0.0.0.0:53 # ipv6: false # when the false, response to AAAA questions will be empty # These nameservers are used to resolve the DNS nameserver hostnames below. # Specify IP addresses only default-nameserver: - 114.114.114.114 - 8.8.8.8 # enhanced-mode: fake-ip fake-ip-range: 198.18.0.1/16 # Fake IP addresses pool CIDR # use-hosts: true # lookup hosts and return IP record # search-domains: [local] # search domains for A/AAAA record # Hostnames in this list will not be resolved with fake IPs # i.e. questions to these domain names will always be answered with their # real IP addresses # fake-ip-filter: # - '*.lan' # - localhost.ptlogin2.qq.com # Supports UDP, TCP, DoT, DoH. You can specify the port to connect to. # All DNS questions are sent directly to the nameserver, without proxies # involved. Clash answers the DNS question with the first result gathered. nameserver: - 114.114.114.114 # default value - 8.8.8.8 # default value - tls://dns.rubyfish.cn:853 # DNS over TLS - https://1.1.1.1/dns-query # DNS over HTTPS - dhcp://en0 # dns from dhcp # - '8.8.8.8#en0' # When fallback is present, the DNS server will send concurrent requests # to the servers in this section along with servers in nameservers. # The answers from fallback servers are used when the GEOIP country # is not CN. # fallback: # - tcp://1.1.1.1 # - 'tcp://1.1.1.1#en0' # If IP addresses resolved with servers in nameservers are in the specified # subnets below, they are considered invalid and results from fallback # servers are used instead. # # IP address resolved with servers in nameserver is used when # fallback-filter.geoip is true and when GEOIP of the IP address is CN. # # If fallback-filter.geoip is false, results from nameserver nameservers # are always used if not match fallback-filter.ipcidr. # # This is a countermeasure against DNS pollution attacks. # fallback-filter: # geoip: true # geoip-code: CN # ipcidr: # - 240.0.0.0/4 # domain: # - '+.google.com' # - '+.facebook.com' # - '+.youtube.com' # Lookup domains via specific nameservers # nameserver-policy: # 'www.baidu.com': '114.114.114.114' # '+.internal.crop.com': '10.0.0.1' proxies: # Shadowsocks # The supported ciphers (encryption methods): # aes-128-gcm aes-192-gcm aes-256-gcm # aes-128-cfb aes-192-cfb aes-256-cfb # aes-128-ctr aes-192-ctr aes-256-ctr # rc4-md5 chacha20-ietf xchacha20 # chacha20-ietf-poly1305 xchacha20-ietf-poly1305 - name: "ss1" type: ss server: server port: 443 cipher: chacha20-ietf-poly1305 password: "password" # udp: true - name: "ss2" type: ss server: server port: 443 cipher: chacha20-ietf-poly1305 password: "password" plugin: obfs plugin-opts: mode: tls # or http # host: bing.com - name: "ss3" type: ss server: server port: 443 cipher: chacha20-ietf-poly1305 password: "password" plugin: v2ray-plugin plugin-opts: mode: websocket # no QUIC now # tls: true # wss # skip-cert-verify: true # host: bing.com # path: "/" # mux: true # headers: # custom: value # vmess # cipher support auto/aes-128-gcm/chacha20-poly1305/none - name: "vmess" type: vmess server: server port: 443 uuid: uuid alterId: 32 cipher: auto # udp: true # tls: true # skip-cert-verify: true # servername: example.com # priority over wss host # network: ws # ws-opts: # path: /path # headers: # Host: v2ray.com # max-early-data: 2048 # early-data-header-name: Sec-WebSocket-Protocol - name: "vmess-h2" type: vmess server: server port: 443 uuid: uuid alterId: 32 cipher: auto network: h2 tls: true h2-opts: host: - http.example.com - http-alt.example.com path: / - name: "vmess-http" type: vmess server: server port: 443 uuid: uuid alterId: 32 cipher: auto # udp: true # network: http # http-opts: # # method: "GET" # # path: # # - '/' # # - '/video' # # headers: # # Connection: # # - keep-alive - name: vmess-grpc server: server port: 443 type: vmess uuid: uuid alterId: 32 cipher: auto network: grpc tls: true servername: example.com # skip-cert-verify: true grpc-opts: grpc-service-name: "example" # socks5 - name: "socks" type: socks5 server: server port: 443 # username: username # password: password # tls: true # skip-cert-verify: true # udp: true # http - name: "http" type: http server: server port: 443 # username: username # password: password # tls: true # https # skip-cert-verify: true # sni: custom.com # Snell # Beware that there's currently no UDP support yet - name: "snell" type: snell server: server port: 44046 psk: yourpsk # version: 2 # obfs-opts: # mode: http # or tls # host: bing.com # Trojan - name: "trojan" type: trojan server: server port: 443 password: yourpsk # udp: true # sni: example.com # aka server name # alpn: # - h2 # - http/1.1 # skip-cert-verify: true - name: trojan-grpc server: server port: 443 type: trojan password: "example" network: grpc sni: example.com # skip-cert-verify: true udp: true grpc-opts: grpc-service-name: "example" - name: trojan-ws server: server port: 443 type: trojan password: "example" network: ws sni: example.com # skip-cert-verify: true udp: true # ws-opts: # path: /path # headers: # Host: example.com # ShadowsocksR # The supported ciphers (encryption methods): all stream ciphers in ss # The supported obfses: # plain http_simple http_post # random_head tls1.2_ticket_auth tls1.2_ticket_fastauth # The supported supported protocols: # origin auth_sha1_v4 auth_aes128_md5 # auth_aes128_sha1 auth_chain_a auth_chain_b - name: "ssr" type: ssr server: server port: 443 cipher: chacha20-ietf password: "password" obfs: tls1.2_ticket_auth protocol: auth_sha1_v4 # obfs-param: domain.tld # protocol-param: "#" # udp: true proxy-groups: # relay chains the proxies. proxies shall not contain a relay. No UDP support. # Traffic: clash http vmess ss1 ss2 Internet - name: "relay" type: relay proxies: - http - vmess - ss1 - ss2 # url-test select which proxy will be used by benchmarking speed to a URL. - name: "auto" type: url-test proxies: - ss1 - ss2 - vmess1 # tolerance: 150 # lazy: true url: 'http://www.gstatic.com/generate_204 ' interval: 300 # fallback selects an available policy by priority. The availability is tested by accessing an URL, just like an auto url-test group. - name: "fallback-auto" type: fallback proxies: - ss1 - ss2 - vmess1 url: 'http://www.gstatic.com/generate_204 ' interval: 300 # load-balance: The request of the same eTLD+1 will be dial to the same proxy. - name: "load-balance" type: load-balance proxies: - ss1 - ss2 - vmess1 url: 'http://www.gstatic.com/generate_204 ' interval: 300 # strategy: consistent-hashing # or round-robin # select is used for selecting proxy or proxy group # you can use RESTful API to switch proxy is recommended for use in GUI. - name: Proxy type: select # disable-udp: true # filter: 'someregex' proxies: - ss1 - ss2 - vmess1 - auto # direct to another interfacename or fwmark, also supported on proxy - name: en1 type: select interface-name: en1 routing-mark: 6667 proxies: - DIRECT - name: UseProvider type: select use: - provider1 proxies: - Proxy - DIRECT proxy-providers: provider1: type: http url: "https://node.freev2raynode.com/uploads/2025/08/1-20250807.yaml " interval: 3600 path: ./provider1.yaml health-check: enable: true interval: 600 # lazy: true url: http://www.gstatic.com/generate_204 test: type: file path: /test.yaml health-check: enable: true interval: 36000 url: http://www.gstatic.com/generate_204 tunnels: # one line config - tcp/udp,127.0.0.1:6553,114.114.114.114:53,proxy - tcp,127.0.0.1:6666,rds.mysql.com:3306,vpn # full yaml config - network: [tcp, udp] address: 127.0.0.1:7777 target: target.com proxy: proxy rules: - DOMAIN-SUFFIX,google.com,auto - DOMAIN-KEYWORD,google,auto - DOMAIN,google.com,auto - DOMAIN-SUFFIX,ad.com,REJECT - SRC-IP-CIDR,192.168.1.201/32,DIRECT # optional param "no-resolve" for IP rules (GEOIP, IP-CIDR, IP-CIDR6) - IP-CIDR,127.0.0.0/8,DIRECT - GEOIP,CN,DIRECT - DST-PORT,80,DIRECT - SRC-PORT,7777,DIRECT - RULE-SET,apple,REJECT # Premium only - MATCH,auto

I am trying to use my SOCKS5 proxy with username and password authentication in Google Chromium. I have tried almost every possible proxy switcher addon available in the chrome extensions store. All of them have neglected to add support for authentication, except for "Proxy Helper", which does not work. I am confident my proxy server is configured correctly, as it works in other applications. The proxy settings button in the Chromium settings tab is "grayed out"/disabled, however this would only load the DE-specific proxy settings panel. I do not wish to use this proxy system wide, so this is not an option anyway. I have determined that it is possible to specify a proxy for chromium using command-line flags. The documentation on the Chromium site has no mention of username/password authentication at all. So I feel as if I have exhausted all possible options. Who would have thought such a seemingly-simple configuration would be so difficult. If anyone knows if a simple "per-application" proxy configuration tool exists, similar to "Proxifier" on Windows, please let me know. I am using Arch Linux.

I'm currently trying to update and install packages and other things on a FreeBSD server, but I’m blocked by my proxy. I'm in an university, and there are a few proxies before to go on the internet. To allow us ty bypass the proxy on our main PC (Debian 7) we need to enter the path of a config file in the networks settings (auto mode in proxy menu) But I can't manage to do this to my FreeBSD server. What can I get this to work?

I need to export proxy on RHEL 7 with the current logged user credentials. I am able to achieve this by adding manually in **.bashrc or .bash_profile.**: export http_proxy=http://username:password@proxy.example.com:6080 export https_proxy=http://username:password@proxy.example.com:6080 The above method works fine. But I don't want this method, since we are hard-coding the username and password and also it's not secure. Is it possible to use the existing **/etc/shadow** file as password for exporting the proxy?

Generally accepted is the use of HTTP_PROXY/HTTPS_PROXY environment variables to specify the use of a proxy server. Authentication can be included in this URL, e.g. HTTP_PROXY=http://user:pass@myproxy.mydomain.tld:3128/ . However, I am using Kerberos SSO to authenticate with the proxy. How do I configure that? So, suppose a Squid proxy server configuration as described here: https://wiki.squid-cache.org/ConfigExamples/Authenticate/Kerberos . It describes how Windows clients can use proxy authentication with negotiation, but there's no information how I can configure Linux/Unix clients. For cURL, the use of --proxy-negotiate -u : does the trick, e.g.: HTTPS_PROXY=http://myproxy.mydomain.tld:3128/ curl --proxy-negotiate -u : https://www.google.com How do I tell non-cURL applications to use this mechanism? E.g. Debian/Ubuntu APT with Acquire::http::Proxy "http://myproxy.mydomain.tld:3128/ ";? I found [cntlm](http://manpages.ubuntu.com/manpages/xenial/man1/cntlm.1.html) which acts as another locally running proxy in the middle, facilitating unauthenticated connections from localhost. However, this only works with NTLM, where I need Kerberos. Would Squid be able to connect as a client using Kerberos perhaps? It seems notoriously hard to find authentication capabilities on the *outgoing* connection of proxy servers. All seem to focus on authentication features on the *listening socket* instead.

How to use nmap and dns resolution of nmap over proxy? I tried proxychains, but for dns resolution it doesn't work, it's known bug as I read on some forums. It works well without dns_proxy feature in proxychains config. But I need to proxy dns resolution requests. sudo proxychains nmap -T4 -sV -Pn -A --reason -v scanme.nmap.org I tried proxychains4 (or proxychains-ng), but with nmap it does scanning and send all the packets synchronously, so for example for scan of one host it's needed to wait for 30 min or ever longer. So it's not the option, but it works well. sudo proxychains4 nmap -T4 -sV -Pn -A --reason -v scanme.nmap.org I tried just like this with inside nmap proxy function: sudo nmap --proxy socks4://127.0.0.1:9050 -T4 -sV -Pn -A --reason -v scanme.nmap.org But does it dns resolution requests over the tor proxy 127.0.0.1:9050 or only scan? It seems it doesn't. What is the solution?

The **link** talks about TCP over TCP when http is used over SOCKS via SSH. I am trying to browse from Firefox (on Ubuntu 14.04) after setting up the SOCKS5 proxy option via localhost. I created a SOCKS5 connection using SSH (created using SSH -D) to another host (which then takes the packets and routes them out). The **link** says that SSH can be made to work in a none encryption mode, but after applying the small patch suggested there to OpenSSH's cipher.c, I see encrypted packets in wireshark even though it says (encryption:none mac:umac-64@openssh.com compression:none) SSH Protocol SSH Version 2 (encryption:none mac:umac-64-etm@openssh.com compression:none) Packet Length: 48 Encrypted Packet: 0932000000076d696e696e65740000000e7373682d636f6e... MAC: 1a7bf2cfa15def0f I would like to verify if this is actually a TCP over TCP connection. Edit: does it matter that I get prompted for a password when I start the SSH -D (ssh user@host2 -D 8080). Somehow, I am unable to get host2 to not prompt me for a password (even though I added host1's key into host2).

this is causing headache for a long time now. Situation: i have a virtual machine that sits behind a proxy that shields it off the internet. The Proxy seems to work fine. I want to use cURL to transfer (-T) a ZIP file to a FTP on the internet. The FTP Server requires FTPS i.e. SSL/TLS to be used. From my Windows machine i can use the same Proxy (and same proxy credentials) within TotalCommander to succesfully establish a FTPS session to the FTP Server i want to use. So i think FTP server as well as Proxy Server are configured OKAY for the purpose. What i try: Basically i try variations of the follow commandline: curl -vvv --ssl -T /path/to/my/file.zip ftp://my.ftpserver.com:21 --user USER:PASSWORD -x https://proxyuser:proxypass@local.proxyserver.mycompany.com:3128 I see in the verbose output, that cURL can authenticate against the proxy and tries to connect to the FTP Server. However, it keeps getting an error from SQUID (the proxy) that Squid sent the following FTP command: USER myftp user The server responded with: You must issue the AUTH command to change to an encrypted session before you can attempt to login. 550-This server requires encryption When i change the destination **to use ftps:// instead of ftp://** it keeps telling me curl: (35) gnutls_handshake() failed: An unexpected TLS packet was received. When i look into the log of the Totalcommander FTP session, i see that it authenticates against the Proxy. Then connects to the FTP Server and then changes to secure mode for Authentication. 220-Welcome to Company-FTP 220 Company-FTP Server ready! AUTH TLS 234 Changing to secure mode... (cert stuff) USER myftpuser 331 Username OK. Need password. PASS ********** 230 Password oK. Connected. logged in .... What could i possibly do wrong here? I researched this a bit and found a post in the curl mailing list that "--tlsv1" option should send "AUTH TLS" first before "AUTH SSL", however i do not think it is done, because even if i use the --tlsv1 switch, Squid will comeback with the same error message saying that it send "USER myftpuser" and got that 550 error back. Is there a way to force cURL to send this "AUTH TLS" that Totalcommander seems to send and then auths succesfully? Thanks a lot aslmx

Say if I have a process that I want to redirect all the traffic to a proxy while not affecting other processes (let's say if I run multiple node applications and I only want one of them to go through a proxy). Is it possible? How?

I installed caddy with "sudo apt install caddy" and have everything setup and working, but I also want to run caddy automatically from boot. When I use

sudo systemctl enable caddy

and reboot, I get a 403 error from my website. To fix this I kill caddy and use

cd /home/user/Desktop/websida

then

sudo caddy run

, then it's fixed, no errors but I have to do this every time I boot, hence why I want it to run as a service but in another directory: /home/user/Desktop/websida

I am unable to update or install any packages through sudo apt-get Following works: ping google.com wget google.com However, apt-get commands fail with an error like:

E: Failed to fetch http://archive.ubuntu.com/ubuntu/pool/universe/m/mesa-demos/mesa-utils_8.4.0-1build1_amd64.deb 
Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4002:1::103). - connect (101: Network is unreachable)
Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::19). - connect (101: Network is unreachable)
Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4002:1::102). - connect (101: Network is unreachable)
Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4002:1::101). - connect (101: Network is unreachable)
Cannot initiate the connection to archive.ubuntu.com:80 (2620:2d:4000:1::16). - connect (101: Network is unreachable)
Could not connect to archive.ubuntu.com:80 (91.189.91.81), connection timed out
Could not connect to archive.ubuntu.com:80 (91.189.91.82), connection timed out
Could not connect to archive.ubuntu.com:80 (185.125.190.39), connection timed out
Could not connect to archive.ubuntu.com:80 (185.125.190.36), connection timed out
Could not connect to archive.ubuntu.com:80 (91.189.91.83), connection timed out

However, I have already tried common solutions like:

sudo apt-get -o Acquire::ForceIPv4=true update

But this also doesn't work. **Note: I am behind a proxy**, with following environment variables sourced:

export HTTPS_PROXY="http://proxy.xxx.ac.in:3128 "
export HTTP_PROXY="http://proxy.xxx.ac.in:3128 "
export https_proxy="http://proxy.xxx.ac.in:3128 "
export http_proxy="http://proxy.xxx.ac.in:3128 "

Please suggest how to resolve this issue. Thank you.

I have a local machine with CentOS 7. There is a Socks V5 proxy server on the local subnet that provides this machine with access to the internet. I am able to download files with,

curl  -x --proxy  socks5://ipaddress:1080 -u username:password www.google.com

On my local machine I am currently running Artifactory and Jenkins webapps in Tomcat. The systems do not natively provide socks proxy setup; and require access to the internet. I tried tsocks, however remote DNS requests are not resolved. How to I get this working?

I have a simple SSH jump host sitting at a remote site. I could connect without issue for the first two weeks. But now initiating a session seems to fail *unless I use a proxy*. jump host ------- ISP A -------------------------- ISP B ---------- my workstation Port 55555 is properly forwarded through ISP A. The connection simply times out.

ssh -vvv -p 55555 XX.XX.XX.XX
OpenSSH_9.2p1 Debian-2+deb12u3, OpenSSL 3.0.15 3 Sep 2024
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files
debug1: /etc/ssh/ssh_config line 21: Applying options for *
debug2: resolve_canonicalize: hostname XX.XX.XX.XX is address
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/mansomean/.ssh/known_hosts'
debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/mansomean/.ssh/known_hosts2'
debug3: ssh_connect_direct: entering
debug1: Connecting to XX.XX.XX.XX [XX.XX.XX.XX] port 55555.
debug3: set_sock_tos: set socket 3 IP_TOS 0x10
debug1: connect to address XX.XX.XX.XX port 55555: Connection timed out
ssh: connect to host XX.XX.XX.XX port 55555: Connection timed out

If I push it over a VPN, for example, the connection is immediately accepted. It is only accepted so long as does *not* originate from my public IP at ISP B. Is there a way I can determine whether ISP B (or A) is blocking this traffic? And why were there no connectivity issues in the first two weeks?

Let's say, I have dynamic_chain set and have two proxies in the chain list:

[ProxyList]
socks4  127.0.0.1 9999
socks4  127.0.0.1 8888

Both proxies can reach the server aa.bb.cc.dd. When I run the following command:

proxychains ssh aa.bb.cc.dd

How will be the route to reach aa.bb.cc.dd? Will it pass by 127.0.0.1:9999 and then by 127.0.0.1:8888 and finally to aa.bb.cc.dd? Or it will go directly from 127.0.0.1:9999 to aa.bb.cc.dd? Or it will go directly from 127.0.0.1:8888 to aa.bb.cc.dd? I am much confused about this. Can any friend show me what the actual case it is? Many thanks!

I am able to access internet only behind a proxy 172.16.24.4:3128. When I run proxychains with proxy given by Tor, then my proxychains works fine, but when I run proxychains with the proxy through which I access the Internet (i.e. 172.16.24.4:3128), the proxychains don't work. Here's the sorts of errors I get: proxychains apt-get update ProxyChains-3.1 (http://proxychains.sf.net) Err http://dl.google.com stable InRelease Err http://dl.google.com stable Release.gpg Could not resolve 'dl.google.com' Err http://security.kali.org sana/updates InRelease Err http://dl.bintray.com jessie InRelease Err http://security.kali.org sana/updates Release.gpg Could not resolve 'security.kali.org' Err http://dl.bintray.com jessie Release.gpg Could not resolve 'dl.bintray.com' Please help. I am having this issue for a year and I couldn't find a solution. I think the problem is with DNS lookup behind a proxy. I don't know I have tried everything. Nothing works. One more thing. If I set http_proxy variable to 172.16.24.4:3128, then also some of my applications work, so there's nothing work with the proxy.

How is tails system wide proxy configured in tails? Tails have non-null variables SOCKS5_SERVER, SOCKS_SERVER set to 127.0.0.1:9050 but I guess this is not enough to force all connections to be proxied.

I am setting up Squid proxy with mac address acl. I have recompiled squid 3.5 rpm with --enable-arp, acl. But after configuring Squid.conf with mac address acl its unable to block access for unwanted mac address. Is it possible to create iptable rule and allow some mac addresses to permit web access? if yes how to do that? --- **Edit**: Added as follows: acl mac arp 00:E1:34:CD:C0:22 http_access allow mac http_access deny all

Is there any reliable way to set proxy settings **user-wide** for **all traffic** on Ubuntu? As far I'm using {http|https|ftp}_proxy variables in /home/$USER/.bashrc which is nice but there's some issues: - Many applications don't respect those settings, especially custom scripts - Restart is required to apply changes. - Doesn't work with scripts where commands are not executed in bash I need **all traffic** to go through proxy and it have to be user-wide which means I have to be able to setup different proxies for each system user profile. What comes to my mind is iptables or network-interfaces configuration but I'm not sure and I don't know how :)

I've been trying to use a SOCKS Proxy which I have been using with success from an Ubuntu 11.4 box with GNOME on my Debian box with KDE.The socks server is bound to the local port 1080 through the following ssh command: ssh -p222 -D 1080 @socks_server_domain_name Following the advice I found here: http://emilsedgh.info/blog/index.php?/archives/14-SOCKS-proxy-on-KDE.html I edited my ~/.kde/share/config/kioslaverc file and now it looks like this: jason@debian-laptop:~$ cat ~/.kde/share/config/kioslaverc PersistentProxyConnection=true [$Version] socksProxy=socks://localhost:1080 update_info=kioslave.upd:kde2.2/r1,kioslave.upd:kde2.2/r2,kioslave.upd:kde2.2/r3 However, once I use System Settings->Network Settings->Proxy, I click on "Manually specify the proxy settings", but the dialog won't let me hit "apply" without prompting me to fill in information in the "setup" dialog: which is not helpful at all, because there is no "SOCKS" protocol option in the "setup" dialog. I'd also like to add that, when switching to GNOME in the same box, I am able to run the SOCKS proxy by specifying "localhost" and "1080" in System->Preferences->Network Proxy, in exact the same way I did it in my Ubuntu box.

I run Linux on a laptop that is sometimes on a corporate network which uses an NTLM proxy server, and thus I have cntlmd running on the laptop as a child proxy to connect to the parent (corporate) proxy server. Everything running on the laptop is configured to use localhost:3128 (the CNTLM proxy address) and then cntlmd handles the non-standard authentication with the NTLM proxy server. When I take the laptop off the corporate network, there are maybe a dozen different places things are configured to use localhost:3128, and it is a pain to disable and then later re-enable them. It is apparently not possible to configure cntlmd to not use a proxy when the one it is configured to use is unavailable. One option is to write a script that will automate all these changes for me, but it seems that it might be simpler to have a second child proxy that I can (automatically) start up when cntlm startup fails (it fails if it can't find the parent proxy). The second child proxy would just connect directly to the network, and so if it also listened on 3128 everything configured to hit 3128 could keep its configuration the same. What I can use to do this with? (Or is there a better way?)