Question List (Last updated Sept 29, 1997): 1. What is SOCKS? 2. How is SOCKS V5 different from SOCKS V4? 3. Is SOCKS V5 interoperable with SOCKS V4? 4. Where can I get SOCKS? 5. Are there any SOCKS related mailing lists? 6. Can I use SOCKS with Windows? 7. Can I use SOCKS with a Mac? 8. What do I have to do to modify programs to use SOCKS? 9. Does SOCKS handle UDP? 10. How does SOCKS interact with DNS? 11. What is a single-homed and multi-homed firewall? 12. Is there an RFC for SOCKS? 13. What does SOCKS stand for? 14. Why does the password echo when I run rftp? 15. How do you traverse multiple firewalls (socksified SOCKS server?) 16. Why do I see "inetd[]: socks/tcp server failing (looping)" in my logs? 17. Can I use SOCKS with a OS/2? 18. What causes the log message "incompatible version number: 71"? 19. Can I put my application server behind my SOCKS Server? 20. What causes the log message "Bind failed ... Address already in use"? -------------------------------------------------------- 1. What is SOCKS? SOCKS is a networking proxy protocol that enables hosts on one side of SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP reachability. SOCKS redirects connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes the requests, establishes a proxy connection, and relays data. SOCKS is commonly used as a network firewall that enables hosts behind a SOCKS server to gain full access to the Internet, while preventing unauthorized access from the Internet to the internal hosts. There are two major versions of SOCKS: SOCKS V4 and SOCKS V5. David Koblas is the original author. Refer to http://www.socks.nec.com/ for more information. 2. How is SOCKS V5 different from SOCKS V4? The main differences between SOCKS V5 and SOCKS V4 are: o SOCKS V4 does not support authentication. SOCKS V5 supports a variety of authentication methods. o SOCKS V4 does not support UDP proxy. SOCKS V5 does. Refer to Introduction to SOCKS for additional information. 3. Does SOCKS V5 work with SOCKS V4? The SOCKS V5 protocol does not include a provision to support SOCKS V4 protocol. NEC's socks5 implementation supports the SOCKS V4 protocol. The server supports SOCKS V5 and SOCKS V4 clients, and can communicate with other version 5 and 4 servers. 4. Where can I get SOCKS? A SOCKS V4 implementation is available through anonymous ftp from ftp://ftp.nec.com:/pub/socks/. NEC's implementation of SOCKS V5 (socks5) is available through http at http://www.socks.nec.com/. Both packages include clients for telnet, ftp, finger, and whois. NEC's SOCKS5 implementation includes archie, ping, and traceroute. Several other clients are available in the same ftp.nec.com directory and at http://www.socks.nec.com/. Hewlett Packard provides an internal implementation of SOCKS, available at ftp://ftp.cup.hp.com/dist/socks/socks.tar.gz Many commercial products also include built-in SOCKS protocol support. 5. Are there any SOCKS-related mailing lists? Yes, there are three SOCKS related mailing lists: socks, socks5, and sockscap. To join the SOCKS mailing list, send an E-mail message to: majordomo@socks.nec.com with no subject line and a one line body: subscribe Correspond with members of the list by sending E-mail to: @socks.nec.com All three mailing lists are archived at http://www.socks.nec.com/ 6. Can I use SOCKS with Windows? Yes, NEC provides a Windows NT version of socks5 server, available at http://www.socks.nec.com/. A number of WinSock DLL extensions enable WinSock-based applications to use SOCKS: o SocksCap from NEC o AutoSOCKS from Aventail o Hummingbird's SOCKS Client from Hummingbird There are also socksified WinSock Stacks, such as Peter Tattam's Trumpet WinSock at http://www.trumpet.com.au/wsk/winsock.htm. Many commercial WinSock applications support SOCKS protocol. 7. Can I use SOCKS with a Mac? Netscape's Navigator, NCSA's Mosaic, Fetch 3.0 (ftp client), Anarchie (archie/ftp client), Microsoft's Internet Explorer, and PointCast's client support SOCKS. 8. What do I have to do to modify programs to use SOCKS? Refer to http://www.socks.nec.com/how2socksify.html for specific socksification details. You need to recompile the sources with pre-processor directives to intercept some calls such as bind(). The socks5 library can socksify TCP and UDP applications and the SOCKS V4 library can socksify TCP-based programs. NEC's socks5 package includes some UNIX socks5 client shared libraries that can dynamically socksify programs without modifying or recompiling them. Refer to http://www.socks.nec.com/. See also Question 6. 9. Does SOCKS handle UDP? socks5 does, SOCKS4 does not. NEC's socks5 package includes a socksified archie client program that is a UDP application. The RealAudio Player works with runsocks (UNIX) and SocksCap (Windows). 10. How does SOCKS interact with DNS? For SOCKS version 4.2 and earlier, SOCKS V4 clients MUST resolve local and internet host IP addresses. Configure DNS so that the SOCKS clients' resolver can resolve the addresses. Multiple DNS servers require special arrangements. For the extended SOCKS version 4.3, SOCKS V4 clients can pass the unresolved addresses to the SOCKS V4 extended servers for resolution. For SOCKS V5, the clients can pass unresolved host names to SOCKS V5 servers to resolve. SOCKS will work if the SOCKS V5 client or SOCKS V5 servers can resolve a host. 11. What is a single-homed and multi-homed firewall? A multi-homed firewall has multiple network interfaces and does not forward packets. Single-homed firewalls have one network interface card. Use a single-homed firewall with a choke router that filters packets not originating from the SOCKS server. 12. Is there an RFC for SOCKS? There is no official RFC for Version 4 of the protocol. There are two documents describing Version 4: SOCKS V4 protocol and extension to SOCKS V4 protocol. There are three RFCs for SOCKS V5 related protocols: o RFC1928 - Describes SOCKS Version 5 protocol, also known as Authenticated Firewall Traversal (AFT). o RFC1929 - Describes Username/Password authentication for SOCKS V5. o RFC1961 - Describes GSS-API authentication for SOCKS V5 13. What does SOCKS stand for? SOCK-et-S - an internal development names that remained after release 14. Why does the password echo when I run rftp? The password only echoes for anonymous ftp. This is considered a feature. 15. How do you traverse multiple firewalls (socksified SOCKS server?) Using the socksified SOCKS V4 server, rsockd, included in the socks 4.3 beta release. See the README file in the release. NEC's socks5 package includes support to traverse multiple SOCKS servers. Refer to http://www.socks.nec.com/ for additional details. 16. Why do I see "inetd[]: socks/tcp server failing (looping)" in my logs? When the socks server running from inetd receives too many connection requests, it displays this message. Run the socks server as a standalone daemon to solve the problem. 17. Can I use SOCKS with a OS/2? Warp 4.0 has SOCKS V4 support integrated in the TCP/IP stack. 18. What causes the log message "incompatible version number: 71"? socks displays this log message when someone tries to use the SOCKS server as an HTTP proxy. Ascii code 71 is the letter "G", the first letter of an HTTP/1.0 request. 19. Can I put my application server behind my SOCKS Server? Yes and No. Yes. All internal clients can directly access the application server behind the SOCKS server. External clients that know about your SOCKS server may access the application server. No. Public Internet web servers cannot be accessed by external clients that do not know about your SOCKS server. 20. What causes the log message "Bind failed ... Address already in use"? This log message occurs when the SOCKS server tries to bind to a port that another process is using. Typically, another SOCKS daemon is already running or inetd is listening to the port. Use the "ps" command to find and kill the other process or check /etc/inetd.conf for a conflicting entry. -------------------------------------------------------- Contributors: * rk@Unify.Com - Ron Kuris, Unify Corporation * steve@syl.dl.nec.com - Steven Lass, NEC USA * wlu@syl.dl.nec.com - Wei Lu, NEC USA