Sidebar: SOCKS
You can find the SOCKS package on many different ftp
sites. We used the
software from the following one:
ftp://ftp.sunet.se/pub/security/firewalls/software
Note that two versions are available, one for export
and one for
domestic-US use. Download the appropriate version for
your location.
The SOCKS package consists of a number of components.
The first
component is the set of proxy daemons. Daemons are available
for telnet,
ftp, http, and generic network connections.
The second component contains the netacl programs. These
programs are
used to manipulate the netperm file, which contains
the rules for the
proxy daemons. The daemons read the rules from the netperm
file to
determine which IP packets must be blocked and which
may be forwarded.
The last component consists of the documentation, which
describes how to
install and configure the SOCKS package.
Proxy daemons offer well-known services on an alternative
port. If a
user needs to make a connection to the outside world,
he or she connects
to this alternative port and is greeted by a prompt.
From this prompt
the user can connect to the outside service. So making
a connection is a
two-step process, first connecting to the proxy and
then to the outside
world.
For http connections, this two-step process is not appropriate,
so the
http proxy will allow a direct connection.
The layout of the netperm table is based on the services
offered. Each
service consists of a number of configuration lines
which describe the
different aspects as, for example:
ftp-gw: denial-msg /usr/local/etc/ftp-deny.txt
ftp-gw: welcome-msg /usr/local/etc/ftp-welcome.txt
ftp-gw: timeout 3600
# uncomment the following line if you want internal users
# to be able to do FTP with the Internet
ftp-gw: permit-hosts 127.0.0.1 192.34.56.1 192.34.56.2
This is a very simple example -- more elaborate ones
are available in the
documentation.
|