Each application will need at least a little messing with, regardless of how it handles a proxy server. You can use a proxy server under Netscape by entering the server's address (192.168.1.1 in our case) in the SOCKs field under Proxies. You must tell SOCKS about each of these via the include/socks.h file.Ĭertain programs will handle routing and sockifying itself. "Finger" becomes "finger.orig", "telnet" becomes "telnet.orig", etc. Because of this, we want to rename all the programs on our protected network and replace them with the SOCKified programs. If you use the SOCKified version to go somewhere direct, SOCKS will automatically switch over to the direct version for you. SOCKS comes with instructions on how to SOCKify a program, as well as a couple pre-SOCKified programs. You will need two different telnets, one for direct communication, one for communication via the proxy server. To have your applications work with the proxy server, they need to be "sockified". ![]() Then, set each machine behind the firewall to use this DNS. You need merely to set up the DNS on the firewalling machine. Setting up Domain Name service from behind a firewall is a relatively simple task. You specify which addresses go where through these. The IP address and modifier fields work just like in the other examples. But, you can have many to allow a greater load and for redundancy in case of failure. In our example, we only use one proxy server. This allows you to set the IP addresses of a list of proxy servers. The sockd entry tells the computer which host has the socks server daemon on it. Thus going direct for any on our protected network. Again we have the three fields, identifier, address and modifier. These are all the addresses that can be reached without the proxy server. The direct entry tells which addresses to not use socks for. If you want to preclude yourself from calling any place, you can do it here. Generally, since this is also handled by nf, the access file, the modifier field is set to 0.0.0.0. This entry has the same three fields as in nf, identifier, address and modifier. There are three entries:ĭeny tells SOCKS when to reject a request. Of course you do not need SOCKS to talk to yourself. It defines 127.0.0.1, the loopback, automatically. It has a direct connection in via Ethernet. For instance, in our network, 192.168.1.3 will not need to use socks to talk with 192.168.1.1, firewall. The routing file is there to tell the SOCKS clients when to use socks and when not to. I say "poorly named" because it is so close to the name of the access file that it is easy to get the two confused. The routing file in SOCKS is poorly named "nf". Not all systems support ident, including Trumpet Winsock, so I will not go into it here. Specific users can also be granted or denied access. All 0's is the norm because it is easy to type. With a modifier of 0.0.0.0, the IP address field does not matter. Notice the first "0.0.0.0" in the deny line. To allow everyone in the domain 192.168.1.xxx, the lines: So, first permit every address you want to permit, and then deny the rest. One should not have the line:Īs this will permit every address, regardless. Will permit every number within group 192.168.1.0 through 192.168.1.255, the whole C Class domain. It will permit only the IP address that matches every bit in 192.168.1.23, eg, only 192.168.1.3. If the bit is a 1, the corresponding bit of the address that it is checking must match the corresponding bit in the IP address field. Envision this number to be 32 bits (1s or 0s). The address modifier is also a typical IP address four byte number. ![]() The IP address holds a four byte address in typical IP dot notation. You should have both a permit and a deny line. With socks4.2 Beta, the access file is called "nf".It should contain 2 lines, a permit and a deny line. The DOS and, presumably, Macintosh computers will do their own routing. The routing file should be housed on every UNIX machine. The access file should be housed on the server. One to tell the access allowed, and one to route the requests to the appropriate proxy server. The SOCKS program needs two separate configuration files. To tell the server to run when requested. Socks stream tcp nowait nobody /usr/local/etc/sockd sockd One important thing to note is that the proxy server needs to be added to /etc/nf. Make sure that your Makefiles are correct. Uncompressed and untar the files into a directory on your system, and follow the instructions on how to make it. Firewall and Proxy Server HOWTO: The SOCKS Proxy Server Next Previous Contents
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |