11.1 Setting up the Proxy Server

The SOCKS proxy server available from http://www.socks.nec.com/.

Uncompressed and untar the files into a directory on your system, and follow the instructions on how to make it. I had a couple problems when I made it. Make sure that your Makefiles are correct.

One important thing to note is that the proxy server needs to be added to /etc/inetd.conf. You must add a line:

socks    stream   tcp   nowait    nobody    /usr/local/etc/sockd sockd

to tell the server to run when requested.

The /etc/services file

The SOCKS program needs two separate configuration files. One to tell the access allowed, and one to route the requests to the appropriate proxy server. The access file should be housed on the server. The routing file should be housed on every UNIX machine. The DOS and, presumably, Macintosh computers will do their own routing.

The Access File

With socks4.2 Beta, the access file is called "sockd.conf".It should contain 2 lines, a permit and a deny line. Each line will have three entries:

The Identifier (permit/deny)

The IP address

The address modifier

The identifier is either permit or deny. You should have both a permit and a deny line.

The IP address holds a four byte address in typical IP dot notation. I.E. 192.168.1.0.

The address modifier is also a typical IP address four byte number. It works like a netmask. Envision this number to be 32 bits (1s or 0s). If the bit is a 1, the corresponding bit of the address that it is checking must match the corresponding bit in the IP address field. For instance, if the line is:

permit  192.168.1.23 255.255.255.255

it will permit only the IP address that matches every bit in 192.168.1.23, eg, only 192.168.1.3. The line:

permit  192.168.1.0  2 55.255.255.0

will permit every number within group 192.168.1.0 through 192.168.1.255, the whole C Class domain. One should not have the line:

permit 192.168.1.0 0.0.0.0

as this will permit every address, regardless.

So, first permit every address you want to permit, and then deny the rest. To allow everyone in the domain 192.168.1.xxx, the lines:

permit  192.168.1.0  2 55.255.255.0 deny 0.0.0.0 0.0.0.0

will work nicely. Notice the first "0.0.0.0" in the deny line. With a modifier of 0.0.0.0, the IP address field does not matter. All 0's is the norm because it is easy to type.