Hi. I have a difficulty in understanding SOCKS5. By the time I am writing this mail, the SOCKS5 at NEC website seems not responding. The question: If shorewall is used, is there any benefit of using SOCKS5 at all? What I understand from a book about SOCKS5, it relays communication (just as what shorewall does). Or there''s more to it? Thank you. Lito Kusnadi
> The question: If shorewall is used, is there any benefit of usingSOCKS5> at all?Shorewall is not a SOCKS-proxy.>What I understand from a book about SOCKS5, it relays > communicationEssentially, yes.>(just as what shorewall does).Shorewall is a script to handle packet filtering, it is in no way a "proxy" in the same way as Dante or the NEC proxy is.>Or there''s more to it?Yes, but what do you need/want to do? ########################################### This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
Lito Kusnadi (26.1.2004 10:24):>The question: If shorewall is used, is there any benefit of using SOCKS5 >at all? What I understand from a book about SOCKS5, it relays >communication (just as what shorewall does). Or there''s more to it?Socks5 is something like Squid (HTTP Proxy) ... huuuh it''s very general :-) Squid (HTTP Proxy) works only with HTTP/S and FTP (get) protocol (application layer). Socks5 proxy can work with any TCP or UDP protocol (transport layer). For example your shorewall policy for loc -> net is REJECT/DROP, but you want to allow some users with specific login/password to access some internet services (not only websites) ... then socks5 is the best for you. TL
Thanks for Johannson''s and Timelord''s replies. So, in essence, SOCKS 5 provides additional authentication layer for any type of communication. Heard that there''s some applications out there that support SOCKS5 (i.e. ICQ)? Question: Does it mean if an application has no SOCKS option, then we can''t use it behind SOCKS 5 proxy? How transparent SOCKS5 proxy is to the client PCs? Many thanks. -----Original Message----- From: shorewall-users-bounces@lists.shorewall.net [mailto:shorewall-users-bounces@lists.shorewall.net] On Behalf Of SHOREWALL TimeLord Sent: Monday, 26 January 2004 8:47 PM To: Mailing List for Experienced Shorewall Users Subject: Re:[Shorewall-users] SOCKS5 and Shorewall Lito Kusnadi (26.1.2004 10:24):>The question: If shorewall is used, is there any benefit of usingSOCKS5>at all? What I understand from a book about SOCKS5, it relays >communication (just as what shorewall does). Or there''s more to it?Socks5 is something like Squid (HTTP Proxy) ... huuuh it''s very general :-) Squid (HTTP Proxy) works only with HTTP/S and FTP (get) protocol (application layer). Socks5 proxy can work with any TCP or UDP protocol (transport layer). For example your shorewall policy for loc -> net is REJECT/DROP, but you want to allow some users with specific login/password to access some internet services (not only websites) ... then socks5 is the best for you. TL _______________________________________________ Shorewall-users mailing list Post: Shorewall-users@lists.shorewall.net Subscribe/Unsubscribe: https://lists.shorewall.net/mailman/listinfo/shorewall-users Support: http://www.shorewall.net/support.htm FAQ: http://www.shorewall.net/FAQ.htm
Lito Kusnadi (26.1.2004 21:05):>So, in essence, SOCKS 5 provides additional authentication layer for any >type of communication.Well.... yes> Heard that there''s some applications out there >that support SOCKS5 (i.e. ICQ)?A lot of apps have support for socks (4 or 5). ICQ is one of them. There are also FTP clients (FlashFXP, Total Commander, ...), SSH clients (SecureCRT, SecureFX, ...) or web browsers (IE, ...) ...>Question: Does it mean if an application >has no SOCKS option, then we can''t use it behind SOCKS 5 proxy?We can :-) There is runsocks for Linux/Unix or SocksCap for Windows. Runsocks and SocskCap are something like socks wrappers. Here is some info about SocksCap, but runsocks is the same: "SocksCap automatically enables Windows-based TCP and UDP networking client applications to traverse a SOCKS server. SocksCap intercepts the networking calls from WinSock applications and redirects them through the SOCKS server without modification to the orginal applications or to the operating system software or drivers.">How transparent SOCKS5 proxy is to the client PCs?With "socks wrapper" it''s very transparent :-) I like Shorewall with Squid and Socks5/Dante. TL