Oracle iPlanet Web Proxy Server 4.0.14 Administration Guide

Using the Bundled SOCKS v5 Server

Proxy Server includes its own SOCKS daemon that understands the standard socks5.conf file format used by other SOCKS daemons. This daemon can be used by the Proxy Server to route requests, or it can be run from the Proxy Server to provide additional capabilities for the network. For more information about configuring the Proxy Server to route requests through a SOCKS server, see Configuring Routing Entries.

The SOCKS daemon included with Proxy Server is disabled by default. You can enable the daemon from the SOCKS tab in the Server Manager interface, or from the command line. For more information, see Starting and Stopping the SOCKS v5 Server.


Note –

In Proxy Server 4 the name of the SOCKS daemon has been changed from ns-sockd to sockd.


The overall steps that must be taken to use the SOCKS server included with the Proxy Server are:

ProcedureTo use the SOCKS

  1. Configure the SOCKS server. See Configuring the SOCKS v5 Server.

  2. If the SOCKS server will be running on a computer with multiple interfaces, create SOCKS routing entries. See Configuring Routing Entries.

  3. Create authentication entries. See Configuring SOCKS v5 Authentication Entries.

  4. Create connection entries. See Configuring SOCKS v5 Connection Entries.

  5. Enable the SOCKS server. See Starting and Stopping the SOCKS v5 Server.

About socks5.conf

Proxy Server uses the socks5.conf file to control access to the SOCKS server and its services. Each entry defines what the Proxy Server does when a request is received that matches the entry. Choices made in the Server Manager are written to socks5.conf. The file can also be edited manually. The socks5.conf file is located in the installation root directory server-rootas follows:

server-root/proxy-serverid/config directory

This section provides general information about socks5.conf. For detailed information about the file and its directives and syntax, see the Proxy Server Configuration File Reference.

Authentication

The SOCKS daemon can be configured to require authentication to use its services. Authentication is based on the host name and port of the connecting client. If you choose to require a user name and password, the information is authenticated against a user name and password file referenced by the socks5.conf file. If the provided user name and password do not match a listing in the password file, access is denied. The format for user names and passwords in the password file is username password, where the user name and password are separated by a space. .

You can also ban users. To require user name and password authentication, the SOCKS5_PWDFILE directive must be added to socks5.conf. For more information about the directive and its syntax, see the socks5.conf section in the Proxy Server Configuration File Reference

User name and password authentication can also be performed against a configured LDAP server, and not just a file.

Access Control

Access control is performed using a set of ordered lines in the socks5.conf file. Each line contains a single directive that permits or denies access to a resource. Directives are processed in the order in which they appear in the configuration file. A request that does not match any of the permit directives is denied access.

Logging

The SOCKS daemon logs both error and access messages in the SOCKS log file. The log file location and type of logging can be specified in socks5.conf.

The SOCKS daemon also generates a stat entry each hour, which gives statistics for the daemon.

Tuning

You can use the socks5.conf file to determine the number of worker and accept threads used by the SOCKS server. These numbers influence the performance of the SOCKS server.

For more information about worker and accept thread settings and their impact on performance, see the relevant section in Configuring the SOCKS v5 Server.