NAME¶
rsockd - SOCKSified SOCKS server
SYNOPSIS¶
rsockd [ -ver | -i | -I ]
DESCRIPTION¶
rsockd is the SOCKSified version of the SOCKS server
sockd.
Functionally
rsockd is identical to
sockd except that it may
(though not necessarily has to) make use of other SOCKS servers to reach some
destinations. A number of
rsockd's can be strung together or organized
in a cascade or other more complicated structures to serve the needs of a
particular network configuration and restrictions. Obviously this complicates
the issues and make the setup and maintenance of the firewall more difficult.
So use
sockd instead whenever you can.
This document only describes the features of
rsockd that are different
from
sockd. You should read
sockd(5) carefully to gain a basic
understanding of of how the SOCKS server works.
When
rsockd receives a request, it checks the request again its
configuration (in exactly the same way that
sockd does) to decider
whether the request is to be accepted. The primary difference between
sockd and
rsockd is in how they establish connection to the
destination host of a accepted request.
sockd assumes that it can
connect directly to the destination host and proceeds to do so.
rsockd
makes no such assumption. Instead, it consults another configuration file to
decide whether it can connect directly to the particular destination host or
whether it has to use a proxy connection through another SOCKS server. In
other words, it behaves just like a versatile SOCKS client in this regard.
Therefore
rsockd requires not only the SOCKS server configuration file
/etc/sockd.fc or
/etc/sockd.conf to decide whether to accept or
reject a request, but also the client configuration file
/etc/socks.fc
or
/etc/socks.conf to decide how to reach the destination host. If it
is a multi-homed version
and supports RBIND, it also needs the route
file
/etc/sockd.fr or
/etc/sockd.fr to decide which network
interface to use for a connection.
Look at it in a different way, you can think of
sockd as a special case
of
rsockd, one which can connect directly to all destination hosts. In
fact, an
rsockd using the client configuration consisting of only this
line
direct ALL 0.0.0.0
is functinally identical to the regular
sockd.
Anther thing to mention is related to the use of
identd. Only the SOCKS
server which the requesting host directly connects to can find out the
identity of the real user. Suppose user x on host C connects to
rsockd
on server B which in turn connects to
sockd on server A in order to
reach destination z. Host B can query
identd on host C to find out
whether the user is indeed x. To host A, the request appears to originate from
user x on host B. An
identd query from Host A to host B returns the
userid that owns the
rsockd process on host B, not the real user x.
OPTIONS¶
See
sockd(8).
EXAMPLES¶
The follwoing is an example of the client configuration file. See related man
pages for examples on server configuration and route files.
# /etc/socks.conf for rsockd of domain rnd.xyz.com
#
# Use proxy connection through SOCKS server on socks.market.xyz.com
# to reach hosts within market.xyz.com
sockd @=socks.market.xyz.com .market.xyz.com 0.0.0.0
#
# Use direct connect to all other hosts within xyz.com
direct .xyz.com 0.0.0.0
#
# Use proxy connection through SOCKS server on gateway.xyz.com
# to reach all others
sockd @=gateway.xyz.com ALL 0.0.0.0
FILES¶
/etc/sockd.fc,
/etc/sockd.conf,
/etc/sockd.fr,
/etc/sockd.route,
/etc/socks.fc,
/etc/socks.conf,
/etc/inetd.conf,
/etc/services,
/var/adm/messages,
/etc/syslog.conf
SEE ALSO¶
sockd(8),
socks_clients(1),
sockd.conf(5),
sockd.route(5),
socks.conf(5),
make_sockdfc(8),
make_sockdfr(8),
dump_sockdfc(8),
dump_sockdfr(8)
AUTHOR¶
Ying-Da Lee, ylee@syl.dl.nec.com