Subject: Socks FAQ 08-29-94

 Frequently Asked Questions about Socks
 (Last updated 08-29-94)
 Updates/Additions/Suggestions to Ron Kuris <rk@unify.com>
 
|Changes since 06-30-94 highlighted with | symbols at the
|beginning of the line
 
 ---------------------------------------------------------
 
 In this posting:
 
 Q1.  What is SOCKS?
 Q2.  How can I get it?
 Q3.  How do I join the SOCKS mailing list?
 Q4.  Are there SOCKS mailing list archives available?
 Q5.  Are there binaries available?
 Q6.  How about Windows?  Can they use SOCKS?
 Q7.  How about the Mac?
 Q8.  What do I have to do to modify programs to use SOCKS?
 Q9.  What about UDP?  Archie?  Does SOCKS handle this?
 Q10. I have two name-servers and SOCKS clients can resolve only local
      (or only remote) hosts.  What's wrong?
 Q11. What is a single-homed and multi-homed firewall?
 Q12. Is there an RFC for SOCKS?
 Q13. What does SOCKS stand for?
 Q14. Why does the password echo when I run rftp from SOCKS?
|Q15. How do you traverse multiple firewalls (socksify sockd?)
 
 ---------------------------------------------------------
 
 Q1.  What is SOCKS?
 
 A1.  SOCKS is a package that allows hosts behind a firewall to gain
      full access to the internet without requiring direct IP
      reachability.  It works by redirecting requests to talk to
      internet sites to a server, who authorizes the connection and
      passes data back and forth.  David Koblas is the original
      author.
 
 Q2.  How can I get it?
 
 A2.  Current sources are available via anonymous ftp at
|     ftp://ftp.nec.com/pub/security/socks.cstc/socks.cstc.4.2beta.  This
      includes basic clients for telnet, ftp, finger, and whois.
 
      The standard NCSA distribution of X Mosaic comes with SOCKS
      support as an enableable option (available from ftp.ncsa.uiuc.edu
      in /Mosaic).
  
      Several other clients are available in the same directory at
      ftp.nec.com: rftptool-4.5.tar.gz, rirc-2.2.9.tar.gz,
      rxgopher.1.3.1.tar.gz, and others.
 
 Q3.  How do I join the SOCKS mailing list?
 
 A3.  To join the SOCKS mailing list, send email to
 	majordomo@syl.dl.nec.com
 	    with
 	subscribe socks your@email.address
 	    in the body.
 
      If you just want FAQ updates, send mail to Ron Kuris
      <rk@unify.com> and indicate that you would like future
      updates mailed to you.  This is not necessary if you
      are already on the SOCKS mailing list; the FAQ will
      always be posted there at the same time as this shorter
      mailing list.  The latest FAQ usually also seems to appear
      on ftp.nec.com:/pub/security/socks.cstc/FAQ shortly after
      posting.
 
 Q4.  Are there SOCKS mailing list archives available?
 
 A4.  The SOCKS mailing list archives are available via anonymous ftp at
      ftp.nec.com: /pub/security/socks.cstc/mail-archive.
 
      The archives go back to Sep 23, 1993.  There might be some missing
      or non-sequential articles up until Feb 19, 1994 and after that
      they should all be there--no guarantees of course.
 
 Q5.  Are there binaries available?
 
 A5.  Typically not.  Most installations will need to modify some
      configuration information that is hard-coded into the library for
      additional security.  There ARE some binaries for some clients for
      Windows (see next question).
 
 Q6.  How about Windows?  Can they use SOCKS?
 
 A6.  Yes.  There are SOCKSified clients known as the PC SOCKS Pack
      available via anonymous FTP at
      ftp.nec.com:/pub/security/socks.cstc/PC_Socks_Pack
 
      Unmodified Windows Mosaic clients can also use SOCKS by working via
      a proxy CERN httpd daemon that has SOCKS enabled.  The standard httpd
      distribution in info.cern.ch:/pub/www/src contains SOCKS hooks.
  
      Another options is Peter Tattam's SOCKSified Trumpet Winsock is in
      beta.  Interested people should contact
      <John.Miezitis@its.utas.edu.au>.
 
 Q7.  How about the Mac?
 
 A7.  Version 2.0alpha2 has SOCKS support.
      [does anyone have a location?]
 
 Q8.  What do I have to do to modify programs to use SOCKS?
 
 A8.  The specific details are mentioned in the file "How_To_SOCKSify"
      in the sources.  Basically, you simply need to recompile the
      sources with a few pre-processor directives to intercept the
      regular calls to things like bind().  Most programs can be
      SOCKSified as long as they use TCP.
 
 Q9.  What about UDP?  Archie?  Does SOCKS handle this?
 
 A9.  No.  SOCKS does not deal with UDP.  There is, however, a UDP
      relayer which is to UDP what SOCKS is to TCP, and you may want to
      look into it.  It is written by Tom Fitzgerald <fitz@wang.com> and
|     is available from ftp:://ftp.wang.com/pub/fitz/udprelay-0.2.tar.Z.
|     This works particularly well with Archie.
 
 Q10. I have two name-servers and SOCKS clients can resolve only local
      (or only remote) hosts.  What's wrong?
 
 A10. If you're hiding information about internet hosts, then you'll
      probably need to add Rgethostbyname (and Rgethostbyaddr?)
      functions to the socks libraries.  Try
|     ftp:://ftp.nec.com/pub/security/socks.cstc/Rgethostbyname.c
 
 Q11. What is a single-homed and multi-homed firewall?
 
 A11. Multi-homed means that the firewall has multiple network
      interfaces and that the firewall does not forward packets.  This
      is highly recommended.  Single-homed firewalls either forward
      packets or only have one network interface card.  This can be
      useful if a choke (like a router) can filter packets not coming
      from the firewall, since SOCKS will cause the connections to
      appear as though they are coming from the firewall.
 
 Q12. Is there an RFC for SOCKS?
 
|A12. Although there is no 'official' RFC, an RFC has been written and
|     submitted by Marcus Leech <mleech@bnr.ca>.  You can obtain a copy
|     from ftp://ftp.unify.com/ietf/socks/doc/socks-v4-rfc.ms.rfc
 
 Q13. What does SOCKS stand for?
 
 A13. SOCK-et-S; it was one of those "development names" that never left.
 
 Q14. Why does the password echo when I run "rftp" from SOCKS?
 
 A14. The password only echoes for the username anonymous.  Since this
      really isn't a password anyways, this is considered a feature.

|Q15. How do you traverse multiple firewalls (socksify sockd?)
|
|A15. The 'standard' sockd has not been socksified.  An older (v3)
|     sockd is available for HP-UX as-is, on:
|     ftp://ftp.cup.hp.com/dist/socks/socks.tar.gz

-- 
$ pic picture | troff | wc -w	| Ron Kuris
1000				| Unify Corporation
$ exit				| rk@unify.com
NO CARRIER			| (916) 928-6239

