Differences between revisions 1 and 2
Revision 1 as of 2013-11-06 16:24:19
Size: 4342
Editor: ?jeka
Comment:
Revision 2 as of 2017-08-30 21:25:46
Size: 4341
Editor: Diego Alonso
Comment: changed from "#language en" to "ru"
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
#language en #language ru
Line 8: Line 8:
## If your page gets really long, uncomment this Table of Contents  ## If your page gets really long, uncomment this Table of Contents

SOCKS is an Internet protocol that facilitates the routing of network packets between client–server applications via a proxy server. SOCKS performs at Layer 5 of the OSI model—the session layer (an intermediate layer between the presentation layer and the transport layer). Port 1080 is the registered port designated for the SOCKS server.

The SOCKS5 protocol was originally a security protocol that made firewalls and other security products easier to administer. (source: Wikipedia: SOCKS)

SOCKS servers

Debian provides some SOCKS5 compatible server... search SOCKS in your prefered packages manager, like: apt-cache search SOCKS At the time of writting, DebianTesting has:

Also, many people uses openssh to act as a SOCKS5 server, see http://www.debian-administration.org/article/SSH_dynamic_port_forwarding_with_SOCKS

SOCKS clients

Some applications can be instructed to use the SOCKS proxy in various ways:

  • Gnome compatible applications should use the system settings (in Menu >> System >> Preferences >> Network Proxy). KDE may have similar setting.

  • Some applications can be explicitely configured to use a SOCKS server, like iceweasel web browser, filezilla FTP client, putty SSH client, sim Instant messaging, etc.

  • Most applications can use some kind of helper, which encapsulate/proxy the application's connection(s) through the specified server (more below)

SOCKS helpers & wrappers

Some helpers:

  • connect-proxy - Establish TCP connection using SOCKS4/5 or HTTP tunnel

  • socat - multipurpose relay for bidirectional data transfer

  • tsocks - transparent network access through a SOCKS 4 or 5 proxy

  • proxychains - proxy chains - redirect connections through proxy servers

  • dante-client - SOCKS wrapper for users behind a firewall

  • redsocks - Redirect any TCP connection to a SOCKS or HTTPS proxy server

(If you wonder which one is the most poular, check: popcon )

tsocks

See http://www.debian-administration.org/article/SSH_dynamic_port_forwarding_with_SOCKS

Application specific instructions

Using SSH client

(If your gateway doesn't have a SOCKS helper, there are some alternatives, using netcat http://benno.id.au/blog/2006/06/08/ssh_proxy_command , or even this one [which doesn't work in Debian because of 146464] http://www.rschulz.eu/2008/09/ssh-proxycommand-without-netcat.html )

tsocks can be used too.

SSH and connect-proxy

Assuming your SOCKS server is running on your localhost, listening on port 20000, you could run one of the following commands:

  1. ssh root@mysshserver -o ProxyCommand='connect-proxy -S localhost:20000 %h %p'

  2. Configure your ~/.ssh/config:

    host mysshserver
      User root
      ProxyCommand connect-proxy -S localhost:20000 %h %p

    then simply run: ssh mysshserver

  3. Define an environement variable and an alias in ~/.bashrc :

    export SOCKS5_SERVER=localhost:20000
    alias ssh_socks="ssh -o ProxyCommand='connect-proxy -s  %h %p'"

    which makes it easy to ssh through your SOCKS proxy when you need it, by simply running: ssh_socks root@mysshserver

See also