GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  SRELAY (8)

NAME

srelay - socks protocol server.

CONTENTS

Synopsis
Description
Options
     Listening Port
     Authentication method
Files
Signals
See Also
Author

SYNOPSIS

srelay [options]

DESCRIPTION

The srelay is socks version 5 server, including version 4 support.
The srelay has following features.
- socks version 5 connect/bind operation for TCP relaying.
- socks version 4 connect/bind operation, including FQDN extensions.
- series of multiple socks servers relaying with both version 4 and 5 servers.
- support username/password authentication.
- connection control with tcp_wrappers(libwrap).
- support IPv6 as well as IPv4 (hopefully).
- You can build IPv4 <-> IPv6 gateway with the srelay.
- nicely cope(relay) with NEC’s SOCKSv5 reference implementation servers.
- Free to use/distribute.

OPTIONS

The options are as follows:
-c file configuration file.
-i i/f Interface, or listening port. See Listening Port.
-m num Maximum child process for non-threading daemon. Or, number of thread for threading daemon.
-o minutes Idle transfer timeout in minutes. 0(zero) means no timeout(default.)
-p file PID file; stores main process or main thread process ID.
-u file srelay password file used in intermediate SOCKS5 server.
-a [n|p] authentication method.
n No Authentication.
p Username/Password authentication.
Authentication methods are evaluated in its placing order. If this option is not present, ’No Authentication’ method is taken.
-f Run foreground. (not tested well :-p)
-r Try resolve client ip to name on logging.
-s Logging to syslog, even if running foreground.
-t Disable threading. (valid in thread-enabled configuration)
-b Avoid BIND port restriction.
-g Use the same interface for outbound as inbound.
-v Show version info.
-h -? Show help.

    Listening Port

Specifing the server listening ports are in following format.
-i 192.168.1.5
  Single IP spec. If no port number is specified, defaults to 1080/tcp. Server socket will be 192.168.1.5 port 1080.
-i 192.168.1.5:9999
  Single IP with port. Server socket will be 192.168.1.5 port 9999.
-i my.socks.host:5432
  Hostname is also accepted.
-i :1234 No host IP or hostname is specified. Server socket will be INADDR_ANY port 1234.
-i ’[2003:268:1234:4321:250:8bff:fea8:1234]:1234’
  IPv6 address must be surrounded by ’[’ and ’]’. In most of the cases, you have to escape ’[’ and ’]’ characters against your shell.
-i options can be appear multiple times if you’d like to have a lot of holes.

If no -i option is specified, default port is INADDR_ANY/INADDR6_ANY port 1080 .

    Authentication method

The socks version 5 authentication is mechanism for authenticate the server user. The srelay only supports ’No Authentication’ and ’Username/Password Authentication’. On the Username/Password authentication, the srelay using the server host’s account information. For instance, using UNIX host’s password database. This is deprecated if you are in the network with full of sniffers :) Why ? er, plain text password is launched by the client every time at connecting the server. I recommend not to use -ap option.

When the srelay is working as the intermediate of socks servers chain, it is some time required to use socks authentication to connect to next-hop socks server. In this case, you can specify the username and password for the next-hop socks by using srelay.passwd file. This is done whether you are specifing -a option or not.

    srelay.conf

Configuration file format.
# this line is comment.
# destination                   port range      next [next-p x-next x-next-p]
# subnet length
123.123.131.0/24                any             10.10.10.1
# subnet mask in doted format   higher port is 65535
223.224.2.128/255.255.255.128   512-            10.11.22.1 11080
#                               lower port is 1
223.224.2.128/25                -511            10.11.22.2
# IPv6 destinations go through Gateway
::                              -               100.200.1.1
# IPv4 destinations go through another Gateway
0.0.0.0                         -               100.200.1.2
# (IPv6 to IPv4 destinations)
0.0.0.0                         -       3002::1:4321:250:8bff:ffa8:1234
# no next-hop means connect direct.
1.2.3.4                         -
#---

If a next-p (next-hop socks port) is ommitted, is defaulted to 1080, as you can guess. A next-hop socks port can be like, 8080/H or 8080/S, where H, S means HTTP, SOCKS, respectively. this also defaults to SOCKS.
HTTP relaying method is experimental, and supports minimized spec of HTTP Proxying.

You can be on your network environment like this.
[Client]-->(socks)[srelay]-->(http)[FireWall] -->(socks)[Socks_Island]-->[Dest]

srelay.conf setting could have the third Host, [FilreWall] like this.

# dest dest-port proxy proxy-p proxy2 proxy2-p
Dest any Socks-Island 1080 FireWall 8080/H

The listing order of proxy and proxy2 is farthest first order.

    srelay.passwd

Username/Password information for connecting next-hop socks server.
# this line is comment.
# next-hop server       username        password
123.234.0.1             hogehoga        xyz$12#
10.11.22.1              opopop          tutut555

FILES

/usr/local/etc/srelay.conf
  default configuration file.
/usr/local/etc/srelay.passwd
  username/password information using in connecting to the next-hop socks v5 server.
/var/run/srelay.pid
  default PID file.
/etc/hosts.allow /etc/hosts.deny
  (if supported in compile time,) tcp_wrappers configuration. TAG name is ’srelay’.

SIGNALS

The following signals are meaningful:
SIGHUP reload srelay.conf.
SIGTERM
  Exit.

SEE ALSO

hosts_access(5),
RFC 1928 SOCKS Protocol Version 5,
RFC 1929 Username/Password Authentication for SOCKS V5,
http://www.socks.nec.com/socksproto.html

AUTHOR

Tomo.M <tomoyuki@pobox.com>
Search for    or go to Top of page |  Section 8 |  Main Index


--> SRELAY (8) 27 Mar 2003

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.