Free Knowledge Resources


Linux Manual Pages


Free Software * Books

Source Code

Free Media

Linux

sockd(8)


NAME

   sockd - Internet firewall secure socket server (proxy server)

SYNOPSIS

   sockd [ -ver | -i | -I ]

DESCRIPTION

   sockd   is  an  internet  secure  socket server, often referred to as a
   proxy server. It was designed  primarily  to  provide  hosts  within  a
   firewall access to resources outside of the firewall.

   Normally,  hosts  inside  a  firewall  has  no  IP-accessibility to the
   network outside of  the  firewall.  This  reduces  the  risk  of  being
   intruded  by  unauthorized  people  from  the  Internet. Unfortunately,
   without IP-accessibility users on the inside hosts can  no  longer  use
   many  of the important tools such as telnet, ftp, xgopher, Mosaic, etc.
   to access the tremendous resources available in the Internet.

   With sockd installed on a server host, users on the other inside  hosts
   can  gain  back  the  lost  functionalities  by  using clients programs
   designed to work with sockd proxy server,  e.g,  rtelnet  in  place  of
   telnet,  rftp  in  place of ftp, rfinger in place of finger, etc. Since
   these client programs  work  like  their  normal  counterparts  without
   requiring  direct  IP-connectivity  to the Internet, convenience to the
   users is accomplished without breaching the security. The  server  host
   that  runs sockd does have to be open to the Internet, and it therefore
   requires special attention to make sure that it is secure.

   A configuration file /etc/sockd.fc  (or  /etc/sockd.conf)  is  used  to
   control  access  to  sockd and its services. Permission and denial of a
   service request can be decided based on  various  combinations  of  the
   requesting host, the destination host, the type of service (destination
   port number), as well as the requesting user.  (See  sockd.conf(5)  and
   sockd.fc(5).)

   If  the  server host is multi-homed, i.e., having more than one network
   interface and with its IP_FORWARDING turned off, and the server support
   RBIND operation, then it must run a multi-homed version of sockd, which
   requires another control file /etc/sockd.fr  (or  /etc/sockd.route)  to
   decide  which  interface to use for connection to any given destination
   host. See sockd.route(5) and sockd.fr(5). A multi-homed  sockd  can  be
   run  on  a single-homed host as well if necessary; you just have to set
   up /etc/sockd.route to direct all traffic through the  host's  one  and
   only network interface.

   sockd  uses  syslog  with  facility  daemon and level notice to log its
   activities and errors. Typical lines look like

    Apr 11 08:51:29 eon sockd[636]: connected -- Connect from don(don)@abc.edu to wxy.com (telnet)
    Apr 11 09:24:59 eon sockd[636]: terminated -- Connect from don(don)@abc.edu to wxy.com (telnet)
    Apr 11 09:24:59 eon sockd[636]: 1048 bytes from abc.edu, 285143 bytes from wxy.com
    Jun 22 18:24:54 eon sockd[884]: refused -- Connect from sam(unknown)@big.com to small.com (ftp)

   In these lines, the first user-id is the one  reported  by  the  client
   program, the second one (within the parentheses) is what is reported by
   identd on the client host.  These log  lines  usually  appear  in  file
   /var/adm/messages   though   that   can   be   changed   by   modifying
   /etc/syslog.conf. (See syslogd(8) and syslog.conf(5).)

   If you allow access to infosystems such as Gopher or WWW, you should be
   aware  that  they  by nature would tend to get connections to hosts all
   over the world and would use not only Gopher and WWW ports but possibly
   also  ports  for  finger,  telnet,  ftp,  nntp,  etc.  as  well as non-
   privileged ports ( > 1023).

   For  a  stand-alone  sockd,  /etc/sockd.fc  (or  /etc/sockd.conf)   and
   /etc/sockd.fr  (or  /etc/sockd.route),  if  required, are only read and
   parsed once at the beginning of program execution. If  you  change  the
   contents  of either file and want to make the running sockd use the new
   contents, you must send a SIGHUP signal to the running  sockd  process.
   Sending  a  running  stand-alone  sockd  a  SIGUSR1 signal causes it to
   record  on  the  systems's  log  file   the   effective   contents   of
   configuration and route files that it is currently using.  You can find
   the process id of the stand-alone sockd in /etc/sockd.pid.

   Rather than using plain-text  configuration  file  /etc/sockd.conf  and
   route  file  /etc/sockd.route,  sockd  now  looks for the corresponding
   frozen files /etc/sockd.fc  and  /etc/sockd.fr  first.  The  plain-text
   files  are  used  only if the corresponding frozen files are not found.
   Use commands make_sockdfc and make_sockdfr to produce the frosen files.
   Use  commands  dump_sockdfc and dump_sockdfr to examine the contents of
   frozen files. (See make_sockdfc(8),  make_sockdfr(8),  dump_sockdfc(8),
   and  dump_sockdfr(8).)  Using  frozen configuration and route files can
   save a lot of overhead at start-up of sockd.

OPTIONS

   The options are mutually exclusive and thus may only be used one  at  a
   time.

   -ver   With  this  option,  sockd  prints  its  own version number, the
          version number of the SOCKS protocol, whether it is  SOCKSified,
          whether  it  is  a standalone daemon or must be run under inetd,
          whether it support RBIND, and whether a route file is required.

   -I     Use identd (RFC 1413) to verify the  requester's  user-id.  Deny
          access  if  connection to client's identd fails or if the result
          does not match the  user-id  reported  by  the  client  program.
          Client hosts without a properly installed identd daemon will not
          be served. User verification is done before and in  addition  to
          the  normal  access  control.  This  can  be  overridden  in the
          sockd.conf file on a line by line basis.

   -i     Similar to -I  but  more  lenient.  Access  is  denied  only  if
          client's identd reports a user-id that's different from what the
          client program claims. This can be overridden in the  sockd.conf
          file on a line by line basis.

   Log entries similar to the following are produced upon failure of user-
   id verification:

    Apr 15 14:42:51 eon sockd[729]: cannot connect to identd on big.edu
    Apr 15 14:42:51 eon sockd[729]: refused -- Connect from bob(unknown)@big.edu to xyz.com (ftp)
    Jul 15 12:23:06 eon sockd[832]: *Alert*: real user is sam, not jim
    Jul 15 12:23:06 eon sockd[832]: refused -- Connect from jim(sam)@abc.org to bad.place.com (WWW)

FILES

   /etc/sockd.fc,   /etc/sockd.conf,   /etc/sockd.fr,    /etc/sockd.route,
   /etc/inetd.conf, /etc/services, /var/adm/messages, /etc/syslog.conf

SEE ALSO

   socks_clients(1),    sockd.conf(5),    sockd.route(5),   socks.conf(5),
   make_sockdfc(8), make_sockdfr(8), dump_sockdfc(8), dump_sockdfr(8)

AUTHOR

   David Koblas, koblas@sgi.com
   Ying-Da Lee, ylee@syl.dl.nec.com
   David Mischel, dm@kansas.gene.com

                             June 6, 1996                         SOCKD(8)



Opportunity


Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.

Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.



Free Software


Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.

Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.



Free Books


The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.

Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.



Education


Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.

Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.


birds banner