Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  SRELAY (8)


srelay - socks protocol server.


     Listening Port
     Authentication method
See Also


srelay [options]


The srelay is socks version 5 server, including version 4 support.
The srelay has following features.
- socks version 5 connect/bind operation for TCP relaying.
- socks version 4 connect/bind operation, including FQDN extensions.
- series of multiple socks servers relaying with both version 4 and 5 servers.
- support username/password authentication.
- connection control with tcp_wrappers(libwrap).
- support IPv6 as well as IPv4 (hopefully).
- You can build IPv4 <-> IPv6 gateway with the srelay.
- nicely cope(relay) with NEC’s SOCKSv5 reference implementation servers.
- Free to use/distribute.


The options are as follows:
-c file configuration file.
-i i/f Interface, or listening port. See Listening Port.
-m num Maximum child process for non-threading daemon. Or, number of thread for threading daemon.
-o minutes Idle transfer timeout in minutes. 0(zero) means no timeout(default.)
-p file PID file; stores main process or main thread process ID.
-u file srelay password file used in intermediate SOCKS5 server.
-a [n|p] authentication method.
n No Authentication.
p Username/Password authentication.
Authentication methods are evaluated in its placing order. If this option is not present, ’No Authentication’ method is taken.
-f Run foreground. (not tested well :-p)
-r Try resolve client ip to name on logging.
-s Logging to syslog, even if running foreground.
-t Disable threading. (valid in thread-enabled configuration)
-b Avoid BIND port restriction.
-g Use the same interface for outbound as inbound.
-v Show version info.
-h -? Show help.

    Listening Port

Specifing the server listening ports are in following format.
  Single IP spec. If no port number is specified, defaults to 1080/tcp. Server socket will be port 1080.
  Single IP with port. Server socket will be port 9999.
  Hostname is also accepted.
-i :1234 No host IP or hostname is specified. Server socket will be INADDR_ANY port 1234.
-i ’[2003:268:1234:4321:250:8bff:fea8:1234]:1234’
  IPv6 address must be surrounded by ’[’ and ’]’. In most of the cases, you have to escape ’[’ and ’]’ characters against your shell.
-i options can be appear multiple times if you’d like to have a lot of holes.

If no -i option is specified, default port is INADDR_ANY/INADDR6_ANY port 1080 .

    Authentication method

The socks version 5 authentication is mechanism for authenticate the server user. The srelay only supports ’No Authentication’ and ’Username/Password Authentication’. On the Username/Password authentication, the srelay using the server host’s account information. For instance, using UNIX host’s password database. This is deprecated if you are in the network with full of sniffers :) Why ? er, plain text password is launched by the client every time at connecting the server. I recommend not to use -ap option.

When the srelay is working as the intermediate of socks servers chain, it is some time required to use socks authentication to connect to next-hop socks server. In this case, you can specify the username and password for the next-hop socks by using srelay.passwd file. This is done whether you are specifing -a option or not.


Configuration file format.
# this line is comment.
# destination                   port range      next [next-p x-next x-next-p]
# subnet length                any   
# subnet mask in doted format   higher port is 65535   512-   11080
#                               lower port is 1                -511  
# IPv6 destinations go through Gateway
::                              -     
# IPv4 destinations go through another Gateway                         -     
# (IPv6 to IPv4 destinations)                         -       3002::1:4321:250:8bff:ffa8:1234
# no next-hop means connect direct.                         -

If a next-p (next-hop socks port) is ommitted, is defaulted to 1080, as you can guess. A next-hop socks port can be like, 8080/H or 8080/S, where H, S means HTTP, SOCKS, respectively. this also defaults to SOCKS.
HTTP relaying method is experimental, and supports minimized spec of HTTP Proxying.

You can be on your network environment like this.
[Client]-->(socks)[srelay]-->(http)[FireWall] -->(socks)[Socks_Island]-->[Dest]

srelay.conf setting could have the third Host, [FilreWall] like this.

# dest dest-port proxy proxy-p proxy2 proxy2-p
Dest any Socks-Island 1080 FireWall 8080/H

The listing order of proxy and proxy2 is farthest first order.


Username/Password information for connecting next-hop socks server.
# this line is comment.
# next-hop server       username        password             hogehoga        xyz$12#              opopop          tutut555


  default configuration file.
  username/password information using in connecting to the next-hop socks v5 server.
  default PID file.
/etc/hosts.allow /etc/hosts.deny
  (if supported in compile time,) tcp_wrappers configuration. TAG name is ’srelay’.


The following signals are meaningful:
SIGHUP reload srelay.conf.


RFC 1928 SOCKS Protocol Version 5,
RFC 1929 Username/Password Authentication for SOCKS V5,


Tomo.M <>
Search for    or go to Top of page |  Section 8 |  Main Index

--> SRELAY (8) 27 Mar 2003

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.