荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: Rog (明朗人生), 信区: Linux
标 题: socks5详细的英文资料(转寄)
发信站: BBS 荔园晨风站 (Sun Oct 3 22:03:38 1999), 转信
【 以下文字转载自 Rog 的信箱 】
【 原文由 rog.bbs@bbs.net.tsinghua.edu.cn 所发表 】
发信人: expert (jamy), 信区: Linux
标 题: socks5详细的英文资料(转寄)
发信站: BBS 水木清华站 (Thu Mar 18 09:57:52 1999)
socks5.conf(5) Headers, Tables, and Macros socks5.conf(5)
NAME
socks5.conf - Configuration file for the socks5 daemon
SYNOPSIS
The socks5 daemon usually reads the configuration file in
/etc/socks5.conf. When you configure and build socks5 with
the
--with-srvconffile=filename
option, you can change the directory. Under FreeBSD's UNIX
port, the configuration file resides in
/usr/local/etc/socks5.conf.
DESCRIPTION
The socks5 daemon reads the configuration file when it
starts and each time it receives an HUP signal. The confi-
guration file contains the information the server needs to
determine:
- the interface to use to reach an address
- when the server should connect directly to an address
- when the server should use another proxy server
- the necessary requirements to make a proxy connection
The configuration file contains six sections:
- ban host
- authentication
- interfaces
- variables and flags
- proxies
- access control
In each section, the socks5 daemon sequentially reads each
line until it encounters a matching line for that section.
The order of sections and the order of lines within a sec-
tion are crucial to achieving the desired result. Every
entry in a line must match.
BAN HOST ENTRIES
Ban host entries identify hosts from which the socks5 daemon
should not accept connections and use the syntax:
ban source-host source-port
ban Indicates not to attempt authentication
source-host Must be a valid hostpattern
source-port Must be a valid portpattern
SunOS 5.5.1 Last change: 02 May 1997 1
socks5.conf(5) Headers, Tables, and Macros socks5.conf(5)
The socks5 daemon refuses connections originating from
clients on source-port at source-host.
AUTHENTICATION ENTRIES
Authentication entries identify the types of authentication
the socks5 daemon can use. Authentication lines use the syn-
tax:
auth source-host source-port auth-methods
auth Identifies the ,u
the server requests Username/Password authentication for
socks5 clients. Since SOCKS4 clients can not use
Username/Password or Kerberos authentication, the server
does not require authentication for SOCKS4 clients.
commandpattern
Specify commands in a commandpattern as a comma separated
list of letters, with no white space. socks5.conf recognizes
these commands:
c connect
b bind
u UDP
p ping
t traceroute
- all commands
userpattern
Specify multiple users in a userpattern as a comma separated
list of individual users, with no white space and no wild
card patterns.
The user type must match the authentication method. For
example, when you specify Username/Password authentication,
the socks5 daemon expects socks5 users. When you specify
Kerberos authentication, the socks5 daemon expects Kerberos
users. A dash, -, matches all users. When you specify u and
k in the authpattern, userpattern can contain valid Kerberos
and socks5 users.
proxypattern
Specify socks5 daemons in a proxypattern as a comma
separated list of server-entries, with no white space.
SunOS 5.5.1 Last change: 02 May 1997 7
socks5.conf(5) Headers, Tables, and Macros socks5.conf(5)
Specify servers in order of preference. The client attempts
to connect to servers in the order in which they are listed
in the proxypattern. It only attempts connections to a
server when the preceeding server is not available.
server-entries
A server entry is a hostname or IP address, optionally fol-
lowed by a colon and the port number, with no white space.
When you omit the port number, socks5 uses the default port.
host hostname, default port
host:port hostname, specified port
EXAMPLES
Refer to the examples directory for more complete examples.
auth - - k
permit k - 111.111.111. - - -
Only kerberos authenticated users from the class C network
111.111.111.0 can use the server.
socks5 - - s5srv1,s5srv2
permit - - .mydomain.com - - -
All socks5 requests connect through s5srv1. If s5srv1 is not
available, all socks5 requests connect through s5srv2. Only
clients from .mydomain.com can use the server.
auth otherserver - k
noproxy .internal.net.com -
socks5 - - otherserver
permit - - .internal.net.com - - -
permit k - otherserver - - -
Clients from .internal.net.com can use the server without
kerberos authentication. The socks5 server will connect
directly to .internal.net.com hosts and proxy through
another socks5 server, otherserver, for other hosts. For
the other socks5 server, otherserver, to proxy through this
socks5 server, it must authenticate with kerberos.
POOR CONFIGURATIONS
As with any software that has security issues, proper confi-
guration is a must. The line
permit - - - - - -
should never be used. With this configuration, malicious
users could use the socks5 server to hide their attack of
other systems. Always try to restrict based on source or
SunOS 5.5.1 Last change: 02 May 1997 8
socks5.conf(5) Headers, Tables, and Macros socks5.conf(5)
destination host.
SEE ALSO
socks5(1), libsocks5.conf(5), sockd4_to_5.pl(1)
AUTHORS
NWSL SOCKS5 Development Team
Send comments to socks5-comments@socks.nec.com
SunOS 5.5.1 Last change: 02 May 1997 9
--
※ 来源:·BBS 水木清华站 bbs.net.tsinghua.edu.cn·[FROM: 202.117.116.25]
--
※ 转载:.BBS 荔园晨风站 bbs.szu.edu.cn.[FROM: 192.168.1.92]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店