A SOCKS5 proxy is between my source and target servers. The source server can be accessed only from my local server. I tried connecting through proxy option and SSH tunneling option in Winscp but the problem is as below: The SOCKS5 proxy is used only for my source server(tunneled one) instead, I would like to use it for my target server. Please let me know how I can achieve this. Flow: Local system -> Source server -> SOCKS5 proxy -> Target server

Say if I have a process that I want to redirect all the traffic to a proxy while not affecting other processes (let's say if I run multiple node applications and I only want one of them to go through a proxy). Is it possible? How?

I am routing a Linux machine through a SOCKS5 proxy. The internet works as expected and I am presented with the proxy's IP when viewing http://whatismyip.com . However, some sites are reporting that I am experiencing a MITM attack: > Software is Preventing Firefox From Safely Connecting to This Site > > www.mozilla.org is most likely a safe site, but a secure connection > could not be established. This issue is caused by DigiCert Global Root > CA, which is either software on your computer or your network. > > What can you do about it? > > www.mozilla.org has a security policy called HTTP Strict Transport > Security (HSTS), which means that Firefox can only connect to it > securely. You can’t add an exception to visit this site. > > If your antivirus software includes a feature that scans encrypted connections (often called “web scanning” or “https scanning”), you can > disable that feature. If that doesn’t work, you can remove and > reinstall the antivirus software. > * If you are on a corporate network, you can contact your IT department. > * If you are not familiar with DigiCert Global Root CA, then this could be an attack, and there is nothing you can do to access the > site. https://www.mozilla.org/firefox/new/?utm_medium=referral&utm_source=support.mozilla.org Your connection is being intercepted by a TLS proxy. Uninstall it if possible or configure your device to trust its root certificate. HTTP Strict Transport Security: true HTTP Public Key Pinning: false Certificate chain: -----BEGIN CERTIFICATE----- MIIGRjCCBS6gAwIBAgIQDJduPkI49CDWPd+G7+u6kDANBgkqhkiG9w0BAQsFADBN MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMTgxMTA1MDAwMDAwWhcN MTkxMTEzMTIwMDAwWjCBgzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3Ju aWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxHDAaBgNVBAoTE01vemlsbGEgQ29y cG9yYXRpb24xDzANBgNVBAsTBldlYk9wczEYMBYGA1UEAxMPd3d3Lm1vemlsbGEu b3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKruymkkmkqCJh7Q jmXlUOBcLFRyw5LG/vUUWVrsxC2gsbR8WJq+cYoYBpoNVStKrO4U2rBh1GEbccvT 6qKOQI+pjjDxx9cmRdubGTGp8L0MF1ohVvhIvYLumOEoRDDPU4PvGJjGhek/ojve dPWe8dhciHkxOC2qPFZvVFMwg1/o/b80147BwZQmzB18mnHsmcyKlpsCN8pxw86u ao9Iun8gZQrsllW64rTZlRR56pHdAcuGAoZjYZxwS9Z+lvrSjEgrddemWyGGalqy Fp1rXlVM1Tf4/IYWAQXTgTUN303u3xMjss7QK7eUDsACRxiWPLW9XQDd1c+yvaYJ KzgJ2wIDAQABo4IC6TCCAuUwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG 2eIwHQYDVR0OBBYEFNpSvSGcN2VT/B9TdQ8eXwebo60/MCcGA1UdEQQgMB6CD3d3 dy5tb3ppbGxhLm9yZ4ILbW96aWxsYS5vcmcwDgYDVR0PAQH/BAQDAgWgMB0GA1Ud JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjBrBgNVHR8EZDBiMC+gLaArhilodHRw Oi8vY3JsMy5kaWdpY2VydC5jb20vc3NjYS1zaGEyLWc2LmNybDAvoC2gK4YpaHR0 cDovL2NybDQuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwTAYDVR0gBEUw QzA3BglghkgBhv1sAQEwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNl cnQuY29tL0NQUzAIBgZngQwBAgIwfAYIKwYBBQUHAQEEcDBuMCQGCCsGAQUFBzAB hhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wRgYIKwYBBQUHMAKGOmh0dHA6Ly9j YWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJDQS5j cnQwDAYDVR0TAQH/BAIwADCCAQIGCisGAQQB1nkCBAIEgfMEgfAA7gB1AKS5CZC0 GFgUh7sTosxncAo8NZgE+RvfuON3zQ7IDdwQAAABZuYWiHwAAAQDAEYwRAIgZnMS H1JdG6NASHWTwD0mlP/zbr0hzP263c02Ym0DU64CIEe4QHJDP47j0b6oTFu6RrZz 1NQ9cq8Az1KnMKRuaFAlAHUAh3W/51l8+IxDmV+9827/Vo1HVjb/SrVgwbTq/16g gw8AAAFm5haJAgAABAMARjBEAiAxGLXkUaOAkZhXNeNR3pWyahZeKmSaMXadgu18 SfK1ZAIgKtwu5eGxK76rgaszLCZ9edBIjuU0DKorzPUuxUXFY0QwDQYJKoZIhvcN AQELBQADggEBAKLJAFO3wuaP5MM/ed1lhk5Uc2aDokhcM7XyvdhEKSHbgPhcgMoT 9YIVoPa70gNC6KHcwoXu0g8wt7X6Vm1ql/68G5q844kFuC6JPl4LVT9mciD+VW6b HUSXD9xifL9DqdJ0Ic0SllTlM+oq5aAeOxUQGXhXIqj6fSQv9fQN6mXxQIoc/gjx teskq/Vl8YmY1FIZP9Bh7g27kxZ9GAAGQtjTL03RzKAuSg6yeImYVdQWasc7UPnB XlRAzZ8+OJThUbzK16a2CI3Rg4agKSJk+uA47h1/ImmngpFLRb/MvRX6H1oWcUuy H6O7PZdl0YpwTpw1THIuqCGl/wpPgyQgcTM= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD QTAeFw0xMzAzMDgxMjAwMDBaFw0yMzAzMDgxMjAwMDBaME0xCzAJBgNVBAYTAlVT MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxJzAlBgNVBAMTHkRpZ2lDZXJ0IFNIQTIg U2VjdXJlIFNlcnZlciBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB ANyuWJBNwcQwFZA1W248ghX1LFy949v/cUP6ZCWA1O4Yok3wZtAKc24RmDYXZK83 nf36QYSvx6+M/hpzTc8zl5CilodTgyu5pnVILR1WN3vaMTIa16yrBvSqXUu3R0bd KpPDkC55gIDvEwRqFDu1m5K+wgdlTvza/P96rtxcflUxDOg5B6TXvi/TC2rSsd9f /ld0Uzs1gN2ujkSYs58O09rg1/RrKatEp0tYhG2SS4HD2nOLEpdIkARFdRrdNzGX kujNVA075ME/OV4uuPNcfhCOhkEAjUVmR7ChZc6gqikJTvOX6+guqw9ypzAO+sf0 /RR3w6RbKFfCs/mC/bdFWJsCAwEAAaOCAVowggFWMBIGA1UdEwEB/wQIMAYBAf8C AQAwDgYDVR0PAQH/BAQDAgGGMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY aHR0cDovL29jc3AuZGlnaWNlcnQuY29tMHsGA1UdHwR0MHIwN6A1oDOGMWh0dHA6 Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwN6A1 oDOGMWh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RD QS5jcmwwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8v d3d3LmRpZ2ljZXJ0LmNvbS9DUFMwHQYDVR0OBBYEFA+AYRyCMWHVLyjnjUY4tCzh xtniMB8GA1UdIwQYMBaAFAPeUDVW0Uy7ZvCj4hsbw5eyPdFVMA0GCSqGSIb3DQEB CwUAA4IBAQAjPt9L0jFCpbZ+QlwaRMxp0Wi0XUvgBCFsS+JtzLHgl4+mUwnNqipl 5TlPHoOlblyYoiQm5vuh7ZPHLgLGTUq/sELfeNqzqPlt/yGFUzZgTHbO7Djc1lGA 8MXW5dRNJ2Srm8c+cftIl7gzbckTB+6WohsYFfZcTEDts8Ls/3HB40f/1LkAtDdC 2iDJ6m6K7hQGrn2iWZiIqBtvLfTyyRRfJs8sjX7tN8Cp1Tm5gr8ZDOo0rwAhaPit c+LJMto4JQtV05od8GiG7S5BNO98pVAdvzr508EIDObtHopYJeS4d60tbvVS3bR0 j6tJLp07kzQoH3jOlOrHvdPJbRzeXDLz -----END CERTIFICATE----- How do I alleviate this error so that I can access these sites? Do I need to accept some certificate on my local machine or on the proxy?

My scenario: I have two machines: 1. 192.168.1.1 2. 192.168.1.2 Machine 2 has a ssh server and I created a tunnel in machine 1 such as: ssh -CfND 7777 mohsen@192.168.1.2 -4 I ran above command in machine 1
It works fine.I tested via firefox
Now I want to send any traffic to 127.0.0.1:7777 Not a one application, All of my traffic.
Then my tunnel send my packets to 192.168.1.1 My algorithm is: IF DST PORT IS NOT 7777 THEN ROUTE MY TRAFFIC TO 127.0.0.1:7777 ELSE DO NOT ROUTE TO 127.0.0.1:7777 I used the following rule, but it didn't work: iptables -t nat -A PREROUTING -i enp0s31f6 -p udp ! --dport 7777 -j REDIRECT --to-ports 7777 How can I implement it?

When using curl with socks5 proxy, seems that my IPv4 addressing is gone: $ env ALL_PROXY=socks5h://localhost:8001 curl -4 ipconfig.io 2607:xxxxxxxx:681f $ curl -4 ipconfig.io 97.xx.xx.116 What is the problem and how to ensure curl still uses IPv4 when using socks5 proxy?

I wanted to open a web page via socks proxy. My scenario is I have two jump servers. 1 Jump server to get connected and second jump server to access the webpages. ssh user@192.168.1.2 -D 10100 -tt ssh user1@192.168.2.2 -D 10101 I also tried this. ssh user@192.168.1.2 -D 10100 then on the second jump server user1@192.168.2.2 -D 10101. In both the cases I still cannot access my webpage who have direct readability from second jump server which is 192.168.2.2. How can I open the webpage from my localhost?

I have a situation where we are trying to get data from one network to another - specifically access to a private maven repo on a different network. Network 1 contains a maven repo. And network is protected by a couple SSH hops where port forwarding is disabled on sshd. - [Laptop], running a Docker Container with VPN into other network laptop - Docker Container vpn - [Jumpbox] jumpbox.vpn.network.org - [Server] server.vpn.network.org We have successfully run vscode-server on **server** and connect via:

socat tcp-listen:8080,fork EXEC:"ssh server.vpn.network.org nc localhost 8081"

This lets laptop hit localhost:8080 and it tunnels traffic into our server.vpn which then goes into netcat and sends the traffic into vscode server I figure it should be possible to do the opposite I'm just getting stuck. The goal would be to run a Socks5 proxy on laptop via something like

ssh -f -N -D 54321 localhost

And then make a socat call into server.vpn.network.org and then using the socks env vars I could run maven and have it proxy back through the connection etc. The approach I took was trying this:

socat -v TCP:localhost:54321 EXEC:"ssh server.vpn.network.org nc -lkv localhost 54321"

It was "sort" of working but kept dropping connection. I then tried a combo of fork and reuseaddr and they didn't seem to solve the issue. My next approach was to consider unix sockets or something funky - but I'm wondering if somebody knows how to make this work. Thanks.

I have a pair of CentOS7 servers in a production environment where the server on the internal network opens up an ssh SOCKS proxy tunnel to the server on the edge network to allow the internal server to reach external endpoint. This setup was working for a while, but now it seems it's not. The edge server has the following /etc/ssh/sshd_config file:

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
AuthorizedKeysFile      .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials no
UsePAM yes

AllowAgentForwarding yes
AllowTcpForwarding yes
X11Forwarding yes

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem       sftp    /usr/libexec/openssh/sftp-server
Protocol 2
HostbasedAuthentication no
IgnoreRhosts yes

Ciphers aes256-ctr,aes128-ctr
MACs umac-64@openssh.com,hmac-sha2-256,hmac-ripemd160,hmac-sha1
KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1

Match User update
   ChrootDirectory /opt/download
   X11Forwarding no
   ForceCommand internal-sftp
   AllowTcpForwarding no
Match User proxy
   X11Forwarding yes
   ForceCommand /sbin/nologin
   AllowTcpForwarding yes
   GatewayPorts yes
   PermitOpen any

And the internal server is creating the tunnel with the following command:

/usr/bin/ssh -NT -oServerAliveInterval=60 -oExitOnForwardFailure=yes -oUserKnownHostsFile=/dev/null -oStrictHostKeyChecking=no proxy@10.99.0.6 -D 0.0.0.0:1080

When the internal server tries to use this tunnel:

curl -k -v --proxy socks5h://localhost:1080 https://external.host.name 

The connection fails, and the /var/log/secure file prints an error stating "refused local port forward". By all accounts, this should be working and in fact was in the past. I also ran setenforce 0 on the production edge server to take SELinux out of the equation but that made no difference. I copied the /etc/ssh/sshd_config file to my lab server and was unable to reproduce the issue. Both the lab server and the production server on the edge network are up to date on OS packages. The authorized_keys file for the proxy user doesn't have any options/directives attached to it. Also, the tunnel does work if I use the root user. What could be causing this?

During testing and entering this command curl -x socks5://:@: ifconfig.co It returns an error message of Can't complete SOCKS5 connection to When we disable the ipv6, thats the time the curl testing works but thats not the right way. Tried to apply this tutorial but still got no luck http://www.inet.no/dante/doc/latest/config/ipv6.html ============================================================= dante.conf logoutput: /var/log/socks.log internal: enp0s3 port = 1080 external: enp0s3 clientmethod: none socksmethod: none user.privileged: root user.notprivileged: nobody client pass { from: 0.0.0.0/0 to: 0.0.0.0/0 log: error connect disconnect } client block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error } socks pass { from: 0.0.0.0/0 to: 0.0.0.0/0 log: error connect disconnect } socks block { from: 0.0.0.0/0 to: 0.0.0.0/0 log: connect error }

I need to use socks proxy in Firefox on my laptop, using ssh tunnel to server On my laptop, I set socks proxy in firefox, and connect to server: ssh server -D1234 When I visit any website in firefox, the proxy works, but I get these errors: on laptop (in the console where I started ssh) channel 15: open failed: connect failed: Address family for hostname not supported on server (in syslog): sshd: error: connect_to ff00::: unknown host (Address family for hostname not supported) this looks like firefox is trying to use IPv6. But I have no IPv6 support either on laptop or on server. And I have explicitly disabled IPv6 in firefox, by setting network.dns.disableIPv6 to true. As said, everything works. But I am just bothered by the flood of error messages. How can I prevent Firefox from even attempting to use IPv6, or if that is not possible, to get rid of the error messages on both laptop and server. The laptop is running Debian 12, and server is running Debian 10. Both have custom linux kernel, without IPv6 support.

Suppose I have UDP server that listen incoming message on 192.168.43.1:1234 and SOCKS5 proxy server that listen on 192.168.43.2:9999. How do I check whether SOCKS5 proxy server support UDP when accessed with a SOCKS5 client? I know that SOCKS5 support UDP, but I just want make sure if it's really supported. I expect UDP server receive message from client and client got reply from server with netcat or similiar tools.

I recently switched from Windows to Fedora, and I'm used to using "Proxifier" on Windows to connect to a proxy server effortlessly.
Now, I've got this socks5 IP, port, username, and password that I want to use system-wide.
I tried some tools, but they're either not working or too complicated for me. Can you suggest something or walk me through the steps?
Also, I'd like to know how to easily turn the proxy on or off. Thanks!

I have vps server, install softether on it , softether use tap device name tap_se with subnet 192.168.24.0/21 netmask 255.255.248.0 broadcast 192.168.31.259, clients connect with openvpn or l2tp to softether , and softether use local dhcp to assign ip in subnet 192,168.24.0/21 to them; i want to socksify outgoin traffic of softether to another server use tun2socks or alternative , and need to change routes table to do this , what must happen must be : tap_se ==> tun0 ==> eth0 some suggested routes are : # Bypass upstream socks5 server sudo ip route add SOCKS5_SERVER dev DEFAULT_IFACE metric 10 sudo ip -6 route add SOCKS5_SERVER dev DEFAULT_IFACE metric 10 # Route others sudo ip route add default dev tun0 metric 20 sudo ip -6 route add default dev tun0 metric 20 or : ip route del default ip route add default via 198.18.0.1 dev tun0 metric 1 ip route add default via 172.17.0.1 dev eth0 metric 10 and i create tun0 with these commands : ip tuntap add mode tun dev tun0 ip addr add 198.18.0.1/15 dev tun0 ip link set dev tun0 up but when do this , i lost my connection to server and need to reboot to routes restore to default, what is correct rules to do all outgoing traffic of tap_se goes through tun0 without lost connection to vps

I am trying to use the cURL utility to fetch a web page through a NordVPN SOCKS5 proxy, but not having any luck. I would expect the following command line to work.

curl -v -x "socks5://:@se.socks.nordhold.net:1080" -4 http://google.com 

However, this returns the following.

*   Trying 185.236.42.56:1080...
* SOCKS5 connect to IPv6 2a00:1450:4009:815::200e:80 (locally resolved)
* Can't complete SOCKS5 connection to google.com. (4)
* Closing connection 0
curl: (97) Can't complete SOCKS5 connection to google.com. (4)

Is there some special configuration I need for cURL to connect to a SOCKS5 proxy operated by NordVPN? The customer support were able to tell me that > We’ve changed the way for users to connect to socks5 to reduce the chances for socks5 from being used for malicious purposes such as web scans/proxying/credential stuffing attacks. ... but they could not offer any suggestions on how to use cURL. All I can say is that some other software seems to be able to use NordVPN SOCKS5 proxies without issue.

I used to have a successful configuration in my local computer to access a remote host's web server via SSH SOCKS proxy, by typing in Firefox localhost:5000 for example. I created a rule in the server's firewall to only allow local access to this application. I haven't used it for a while and in the meantime I updated my local computer to Ubuntu 18.10. And now that setup is not working anymore. 127.0.0.1:5000 doesn't work either. The SOCKS setup is actually working - I can see the browser detecting the local IP to be the remote server's and I can browse the Internet normally through the SOCKS proxy. I can in fact access the remote web server by pointing Firefox to the server's external_ip:5000 (let's say http://180.129.54.204:5000) . At the same time, using the same external_ip:5000 from a different browser program (Chromium) that is configured to connect directly, the result is a connection error, as expected. When establishing the SSH connection with the -vvv flag, I see activity every time I open a webpage, but when trying to open localhost:5000 nothing happens, as if the request is not even reaching the SSH connection. If I set the port wrong and point the browser to access external_ip:5000, I get the error page 'The proxy server is refusing connections'. On the other hand, when trying to access localhost:5000 whatever the config I only see 'Unable to connect'. I checked several times, in Firefox's network configuration the field for 'No proxy for' is empty. I also tried to configure Chromium to use the SOCKS proxy instead of Firefox, but the result is the same. Also double checked 'no proxy for' to be empty in this case. My local /etc/hosts 127.0.0.1 localhost 127.0.1.1 My_computer_name # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters I don't know what changed in my system. Is anyone able to point out the problem or at least indicate log files I should be monitoring and where to look for clues?

I'd like to use SSH on my Windows box to setup a SOCKS5 proxy to my multi-interface pfSense box and want the proxied traffic to be routed over a specific interface on the pfSense box. The -b option binds the SSH client to a specific interface, is there a similar option/command to bind the server?

I am trying to setup a unix socks socket for tor usage instead of port 9050 in the hopes to gain a tiny bit of performance. However I am getting the below error: Oct 21 11:53:54 HOSTNAME Tor: Permissions on directory /var/lib/tor-shared are too permissive. Oct 21 11:53:54 HOSTNAME Tor: Before Tor can create a SOCKS socket in "/var/lib/tor-shared/socks5.socket", the directory "/var/lib/tor-shared" needs to exist, and to be accessible only by the user account that is running Tor. (On some Unix systems, anybody who can list a socket can connect to it, so Tor is being careful.) Isn't the whole point of a SOCKS socket is to allow other apps to connect to it? What is the best way to allow an app to use tor via unix domain socket? I don't think the application itself should run as User 'tor' or root. I tried setfacl, but tor is smart to not allow that too.

I want to run socks5 proxy server on centos7 Dante is for Debian squid can not handle socks proxy ss5 is too slow(almost do not work) any good opensource socks5 proxy for centos7? can anyone help me please?

Good Day. I want to set up a socks5 proxy so I can feed requests through my server with a different IP. I am currently running Ubuntu 20.04 and this is done through DigitalOceans Droplets (VPSes) This has been working for years for me and just stopped working and I can’t figure out why. It worked about ~2 weeks ago and just stopped. On Droplet A (a.b.c.d) I will run the code once I’ve SSH’d in: ssh -f -N -D 0.0.0.0:5678 localhost Note: port 5678 was one chosen at random. On Droplet B (w.x.y.z) I will try and request a web resource via curl webpage through this proxy I've just created. curl -v -x socks5://a.b.c.d:5678 https://www.google.com Normally this is able to work and retrieve the request. Last 24 hours since I have been trying it doesn’t. It gets stuck hanging on the same results: * Trying a.b.c.d:5678... * TCP_NODELAY set Then it hangs and never finishes the requests. Both droplets can curl google without a proxy with success. B can both ping and ssh into A. I’ve tried rebooting, recreating droplets with new IPs, different ports same result every time. I’ve also tried playing with dante-server and same issue. I am not an expert in ubuntu so I don’t know what else to try or what could be the problem. Hoping someone can point me in the right direction. Merci

I am using Kali Linux 2020.2 and I have configured /etc/proxychains.conf like this:

# proxychains.conf  VER 3.1
#
#        HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.
#	

# The option below identifies how the ProxyList is treated.
# only one option should be uncommented at time,
# otherwise the last appearing option will be accepted
#
dynamic_chain
#
# Dynamic - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# at least one proxy must be online to play in chain
# (dead proxies are skipped)
# otherwise EINTR is returned to the app
#
#strict_chain
#
# Strict - Each connection will be done via chained proxies
# all proxies chained in the order as they appear in the list
# all proxies must be online to play in chain
# otherwise EINTR is returned to the app
#
#random_chain
#
# Random - Each connection will be done via random proxy
# (or proxy chain, see  chain_len) from the list.
# this option is good to test your IDS :)

# Make sense only if random_chain
#chain_len = 2

# Quiet mode (no output from library)
#quiet_mode

# Proxy DNS requests - no leak for DNS data
proxy_dns 

# Some timeouts in milliseconds
tcp_read_time_out 15000
tcp_connect_time_out 8000

# ProxyList format
#       type  host  port [user pass]
#       (values separated by 'tab' or 'blank')
#
#
#        Examples:
#
#            	socks5	192.168.67.78	1080	lamer	secret
#		http	192.168.89.3	8080	justu	hidden
#	 	socks4	192.168.1.49	1080
#	        http	192.168.39.93	8080	
#		
#
#       proxy types: http, socks4, socks5
#        ( auth types supported: "basic"-http  "user/pass"-socks )
#
[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks5	127.0.0.1	9050
socks4 	127.0.0.1	9050

I also had Tor installed and running while using proxychains. Here is the output of tor status:

root@kali:~# service tor status
● tor.service - Anonymizing overlay network for TCP (multi-instance-master)
     Loaded: loaded (/lib/systemd/system/tor.service; disabled; vendor preset: disabled)
     Active: active (exited) since Sat 2020-06-13 19:33:10 UTC; 3s ago
    Process: 13092 ExecStart=/bin/true (code=exited, status=0/SUCCESS)
   Main PID: 13092 (code=exited, status=0/SUCCESS)

Jun 13 19:33:10 kali systemd: Stopped Anonymizing overlay network for TCP (multi-instance-master).
Jun 13 19:33:10 kali systemd: Stopping Anonymizing overlay network for TCP (multi-instance-master)...
Jun 13 19:33:10 kali systemd: Starting Anonymizing overlay network for TCP (multi-instance-master)...
Jun 13 19:33:10 kali systemd: Finished Anonymizing overlay network for TCP (multi-instance-master).

However, if I type proxychains firefox www.whatismyip.com, I still get the same IP address again and this is the output of the command:

root@kali:~# proxychains firefox www.whatismyip.com
ProxyChains-3.1 (http://proxychains.sf.net) 
root@kali:~#

Any help is appreciated.