main page>linux infopages>socks5 proxy mini-howto>configuring socks5

Part 3
Part 1
Contents

Configuring SOCKS5

We've got SOCKS5 installed, now we have to configure it before using it.

Background

Before we create the configuration file, let's talk about what we want to do with the proxy server. I'll tell you what I wanted to accomplish, your situation may be similar.

My Linux box is my firewall/gateway for my other computers. Since I only have 1 real IP address, I use IP masquerading for my other computers to get access. It works great, but ICQ is a pain in the butt because I've had to use ipautofw to forward ports. This works okay for one other computer that wants to use ICQ, but when there are more it becomes a problem. So I looked into using a proxy server. Okay, this is getting a little boring, so let's cut to the chase:

  • need SOCKS5 proxy server on Linux box
  • only want to proxy for computers on my LAN
  • don't need any user/password authentication

 

/etc/socks5.conf

I'll show a sample of my /etc/socks5.conf file, it should be sufficient for you purposes:

# /etc/socks5.conf
set SOCKS5_MAXCHILD 3
set SOCKS5_NOIDENT
set SOCKS5_TIMEOUT 5

interface 192.168.0. - eth1
auth 192.168.0. - -
permit - - 192.168.0. - - - -
deny - - - - - - -
# end of file

Pretty simple huh? As with all things, lines preceeded by '#' are comments. The '-' symbol is a wildcard. Let's go through this file line by line:

set SOCKS5_MAXCHILD 3
Specify the maximum number of child processes to fork. The default is 64, which is overkill for what I need, so I use 3.
 
set SOCKS5_NOIDENT
Tells socks not to do IDENT checks on clients, this speeds things up.
 
set SOCKS5_TIMEOUT 5
Sets the timeout to 5 minutes of inactivity. When a connection timeouts, it gets closed.
 
interface 192.168.0. - eth1
Allow all connections from the hosts 192.168.0.* (which are my internal lan ip's) to connect from any port on interface eth1. This interface is the one where incoming proxy requests come in from.
 
auth 192.168.0. - -
Allows all proxy requests from hosts 192.168.0.*, on any port for any user.
 
permit - - 192.168.0.* - - - -
Allow any user from any host 192.168.0.* to send any type of command from any port, ie. UDP, ping, etc., to any destination:port combination.
 
deny - - - - - - -
Deny everyone else that's not explicitly permitted.

You consult the socks5.conf man pages 'man socks5.conf' for more details about the options. There are also a lot of example configurations in the examples\ directory, so you might want to take a look there as well.

 

Starting socks5 daemon

Okay, let's test whether it works:

/usr/local/bin/socks5 -f -s

This starts up socks5 in the foreground with all messages going to std err (your screen in this case). You should see something like:

18210: Socks5 starting at Mon Dec 14 18:23:45 1998 in normal mode

If you did, then great! It's working. Okay, let's stop it and start it up properly:

killall socks5
/usr/local/bin/socks5 -t -s 2> /var/log/socks5

Okay it's running. If you want the socks5 daemon to start up with your system, you should add the second line to your rc.local (in /etc/rc.d/rc.local for Redhat 5.1 distributions).

 

Next Section

All the hard work is done!! In the next section, we will configuring client software such as ICQ.

Top of Page