Sidebar: SOCKS

You can find the SOCKS package on many different ftp sites. We used the software from the following one:

ftp://ftp.sunet.se/pub/security/firewalls/software

Note that two versions are available, one for export and one for domestic-US use. Download the appropriate version for your location.

The SOCKS package consists of a number of components. The first component is the set of proxy daemons. Daemons are available for telnet, ftp, http, and generic network connections.

The second component contains the netacl programs. These programs are used to manipulate the netperm file, which contains the rules for the proxy daemons. The daemons read the rules from the netperm file to determine which IP packets must be blocked and which may be forwarded.

The last component consists of the documentation, which describes how to install and configure the SOCKS package.

Proxy daemons offer well-known services on an alternative port. If a user needs to make a connection to the outside world, he or she connects to this alternative port and is greeted by a prompt. From this prompt the user can connect to the outside service. So making a connection is a two-step process, first connecting to the proxy and then to the outside world.

For http connections, this two-step process is not appropriate, so the http proxy will allow a direct connection.

The layout of the netperm table is based on the services offered. Each service consists of a number of configuration lines which describe the different aspects as, for example:

ftp-gw: denial-msg    /usr/local/etc/ftp-deny.txt
ftp-gw: welcome-msg   /usr/local/etc/ftp-welcome.txt
ftp-gw:               timeout 3600
# uncomment the following line if you want internal users
# to be able to do FTP with the Internet
ftp-gw:  permit-hosts 127.0.0.1 192.34.56.1 192.34.56.2

This is a very simple example -- more elaborate ones are available in the documentation.