![]() | |
Sun Java System Web Proxy Server User Interface |
The SOCKS Tab
The SOCKS tab contains the following pages:
The Start/Stop SOCKS Server PageThe Start/Stop SOCKS Server page displays the current status of the SOCKS server and enables you to start and stop the server.
The following elements are displayed:
On. Click this button to start the SOCKS server.
Off. Click this button to stop the SOCKS server.
The Configure SOCKS v5 PageThe Configure SOCKS v5 page is used to configure your SOCKS server. The following elements are displayed:
SOCKS Port. Enter the port number on which the SOCKS server will listen. The default is 1080.
SOCKS Options. Specify the desired SOCKS options. Choices are:
- Disable Reverse DNS Lookup. Disables reverse DNS lookup for your SOCKS server. Reverse DNS translates IP addresses into host names. Disabling this feature can conserve network resources.
- Use Client-specific Bind Port. Allows the client to specify the port in a BIND request. With this option disabled, SOCKS ignores the client’s requested port and assigns a random port.
- Allow Wildcard As Bind IP Address. Allows the client to specify an IP address of all zeros (0.0.0.0) in a BIND request. An IP address of all zeros means that any IP address can connect. With this option disabled, the client must specify the IP address that will be connecting to the bind port and the SOCKS server rejects requests to bind to 0.0.0.0.
- Quench Updates. Disables the automatic logging of general SOCKS statistics once every hour.
SOCKS Logging. Specify logging settings:
RFC 1413 Ident Response. Ident allows the SOCKS server to determine the user name for a client. Generally, this feature only works when the client is running UNIX. The following options are available:
- Don’t Ask. Never use Ident to determine the user name for a client. This is the recommended setting.
- Ask But Don’t Require. Ask for the user name of all clients, but do not require it. This option uses Ident for logging purposes only.
- Require. Ask for the user name of all clients and only permit access to those with valid responses.
SOCKS Tuning. Specify the number of worker and accept threads your SOCKS server should use. These numbers influence performance of the SOCKS server. Specify the following:
- Number of Worker Threads. The default is 40. If the SOCKS server is too slow, increase the number of worker threads. If it is unstable, decrease the number. When changing this number, start with the default and increase or decrease as necessary. The typical number of worker threads is between 10 and 150. The absolute maximum is 512, but having more than 150 tends to be wasteful and unstable.
- Number of Posted Accepts. The default is 1. If the SOCKS server is dropping connections, increase the number of accept threads. If it is unstable, decrease the number. When changing this number, start with the default and increase or decrease as necessary. The typical number of accept threads is between 1 and 10. The absolute maximum is 512, but having more than 60 tends to be wasteful and unstable.
For more information about performance issues, see "Tuning Server Performance" in the Proxy Server Administration Guide.
OK. Saves your entries.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Set SOCKS v5 Authentication PageThe Set SOCKS v5 Authentication page is used to create, edit, remove, and manage SOCKS authentication entries. The pages provides information about existing authentication entries.
The following elements are displayed:
Authentication Details. This table provides details about authentication entries.
Add. Click this button to create a SOCKS authentication entry. The SOCKS v5 Authentication Entry Page displays.
Edit. After selecting an entry in the table, click this button to edit its settings on The SOCKS v5 Authentication Entry Page.
Delete. After selecting an entry in the table, click this button to delete it.
Move. After selecting an entry in the table, click this button to change its position in the socks5.conf file. The SOCKS v5 Move Entry Page displays.
The SOCKS v5 Authentication Entry PageThe SOCKS v5 Authentication Entry page is used to add and edit SOCKS authentication entries. The following elements are displayed:
Host mask. Enter the IP addresses or host names of the hosts the SOCKS server will authenticate. If you enter an IP address, follow the address with a forward slash and the mask to be applied to the incoming IP address. The SOCKS server will apply this mask to the IP address to determine if it is a valid host. Do not use spaces in the Host mask entry. If you do not enter a host mask, the authentication entry will apply to all hosts.
For example, you can enter 155.25.0.0/255.255.0.0 in the Host mask field. If the host’s IP address is 155.25.3.5, the SOCKS server will apply the mask to the IP address and determine that the host’s IP address matches the IP address for which the authentication record applies (155.25.0.0).
Port range. Enter the ports on the host machines that the SOCKS server will authenticate. Do not use spaces in your port range. If you do not enter a port range, the authentication entry will apply to all ports.
You can use brackets [ ] to include the ports at each end of the range, or parentheses ( ) to exclude them. For example, [1000-1010] means all port numbers between and including 1000 and 1010, while (1000-1010) means all port numbers between, but not including, 1000 and 1010. You can also mix brackets and parentheses. For instance, (1000-1010] means all numbers between 1000 and 1010, excluding 1000, but including 1010.
Authentication type. From the drop-down list, specify the authentication type. The following options are available:
- Require user-password. User name and password are required to access the SOCKS server.
- User-password, if available. If a user name and password are available, they should be used to access the SOCKS server but are not required for access.
- Ban. Banned from the SOCKS server.
- None. No authentication is required to access the SOCKS server.
Insert. From the drop-down list, choose the position of this authentication entry in the socks5.conf file. Because you can have multiple authentication methods, you must specify the order in which they are evaluated. Therefore, if the client does not support the first authentication method listed, the second method will be used instead. If the client does not support any of the authentication methods listed, the SOCKS server will disconnect without accepting a request.
OK. Saves your changes.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The SOCKS v5 Move Entry PageThe SOCKS v5 Move Entry page is used to change the position of SOCKS entries in the socks5.conf file. The following elements are displayed:
Entry. Specifies the entry.
Move. From the drop-down list, specify the new position for this entry.
OK. Saves your changes.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Set SOCKS v5 Connections PageThe Set SOCKS v5 Connections page is used to create and manage SOCKS connection entries. These entries specify whether the SOCKS daemon should permit or deny a request.
The following elements are displayed:
Connection Details. This table provides details about connection entries.
Add. Click this button to create a SOCKS connection entry. The SOCKS v5 Connection Entry Page displays.
Edit. After selecting an entry in the table, click this button to edit its settings on The SOCKS v5 Connection Entry Page.
Delete. After selecting an entry in the table, click this button to delete it.
Move. After selecting an entry in the table, click this button to change its position in the socks5.conf file. The SOCKS v5 Move Entry Page displays.
The SOCKS v5 Connection Entry PageThe SOCKS v5 Connection Entry page is used to add and edit SOCKS connection entries. The following elements are displayed:
Authentication type. From the drop-down list, select the authentication method for which this access control line applies. The following options are available:
- Require user-password. User name and password are required to access the SOCKS server.
- User-password, if available. If a user name and password are available, they should be used to access the SOCKS server but are not required for access.
- None. No authentication is required to access the SOCKS server.
Connection type. From the drop-down list, select the type of command the line matches. The following options are available:
Source host mask. Enter the IP address or host names of the hosts for which the connection control entry applies. If you enter an IP address, follow it with a forward slash and the mask to be applied to the source’s IP address. The SOCKS server will apply this mask to the source’s IP address to determine if it is a valid host. Do not use spaces in the host mask entry. If you do not enter a host mask, the connection entry will apply to all hosts.
For example, you can enter 155.25.0.0/255.255.0.0 in the host mask field. If the host’s IP address is 155.25.3.5, the SOCKS server will apply the mask to the IP address and determine that the host’s IP address matches the IP address for which the connection control entry applies (155.25.0.0).
Port range. Enter the ports on the source machines for which the connection control entry applies. Do not use spaces in your port range. If you do not specify a port range, the connection entry will apply to all ports.
You can use brackets [ ] to include the ports at each end of the range, or parentheses ( ) to exclude them. For example, [1000-1010] means all port numbers between and including 1000 and 1010, while (1000-1010) means all port numbers between, but not including, 1000 and 1010. You can also mix brackets and parentheses. For instance, (1000-1010] means all numbers between 1000 and 1010, excluding 1000, but including 1010.
Destination host mask. Enter the IP address or host name for which the connection entry applies. If you enter an IP address, follow it with a forward slash and the mask to be applied to the incoming IP address. The SOCKS server will apply this mask to the IP address of the destination machine to determine if it is a valid destination host. Do not use spaces in the host mask entry. If you do not enter a destination host mask, the connection entry applies to all hosts.
For example, you can enter 155.25.0.0/255.255.0.0 in the destination host mask field. If the destination host’s IP address is 155.25.3.5, the SOCKS server will apply the mask to the IP address and determine that the destination host’s IP address matches the IP address for which the proxy entry applies (155.25.0.0).
Port range. Enter the ports on the destination host machines for which the connection control entry applies. Do not use spaces in your port range. If you do not enter a port range, the connection entry applies to all ports.
Note
Most SOCKS applications will request port 0 for bind requests, meaning they have no port preference. Therefore, the destination port range for bind should always include port 0.
You can use brackets [ ] to include the ports at each end of the range, or parentheses ( ) to exclude them. For example, [1000-1010] means all port numbers between and including 1000 and 1010, while (1000-1010) means all port numbers between, but not including, 1000 and 1010. You can also mix brackets and parentheses. For instance, (1000-1010] means all numbers between 1000 and 1010, excluding 1000, but including 1010.
User group. Enter the group to which to deny or permit access. If you do not specify a group, the connection entry will apply to all users.
Action. From the drop-down list, choose to permit or deny access for the connection you are creating.
Insert. From the drop-down list, choose the position of this connection entry in the socks5.conf file. Because you can have multiple connection directives, you must specify the order in which they are evaluated.
OK. Saves your changes.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The Set SOCKS v5 Routing PageThe Set SOCKS v5 Routing page is used to create and manage SOCKS routing entries. The following elements are displayed:
Server Chaining
SOCKS servers can be chained together in the same manner as proxy servers (that is, a SOCKS server can route through another SOCKS server). SOCKS server chaining is configured in the Server Chaining section. Specify the following:
Routing Details
- Routing. This table provides details about routing entries.
- Add. Click this button to add a SOCKS v5 routing entry. The SOCKS v5 Routing Entry Page displays.
- Edit. After selecting an entry in the table, click this button to edit its settings on The SOCKS v5 Routing Entry Page.
- Delete. After selecting an entry in the table, click this button to delete it.
- Move. After selecting an entry in the table, click this button to change its position in the socks5.conf file. The SOCKS v5 Move Entry Page displays.
Proxy Routing Details
- Proxy Routing. This table provides details about proxy routing entries.
- Add. Click this button to add a SOCKS v5 proxy routing entry. The SOCKS v5 Proxy Routing Entry Page displays.
- Edit. After selecting an entry in the table, click this button to edit its settings on The SOCKS v5 Proxy Routing Entry Page.
- Delete. After selecting an entry in the table, click this button to delete it.
- Move. After selecting an entry in the table, click this button to change its position in the socks5.conf file. The SOCKS v5 Move Entry Page displays.
The SOCKS v5 Routing Entry PageThe SOCKS v5 Routing Entry page is used to add and edit routing entries. The following elements are displayed:
Host mask. Enter the IP address or host name for which incoming and outgoing connections must go through the specified interface. If you enter an IP address, follow it with a forward slash and the mask to be applied to the incoming IP address. The SOCKS server will apply this mask to the IP address to determine if it is a valid host. Do not use spaces in the host mask entry. If you do not enter a host mask, the SOCKS v5 entry applies to all hosts.
For example, you can enter 155.25.0.0/255.255.0.0 in the host mask field. If the host’s IP address is 155.25.3.5, the SOCKS server will apply the mask to the IP address and determine that the host’s IP address matches the IP address for which the routing entry applies (155.25.0.0).
Port range. Enter the ports for which incoming and outgoing connections must go through the specified interface. Do not use spaces in the port range. If you do not specify a port range, the SOCKS v5 entry applies to all ports.
You can use brackets [ ] to include the ports at each end of the range, or parentheses ( ) to exclude them. For example, [1000-1010] means all port numbers between and including 1000 and 1010, while (1000-1010) means all port numbers between, but not including, 1000 and 1010. You can also mix brackets and parentheses. For instance, (1000-1010] means all numbers between 1000 and 1010, excluding 1000, but including 1010.
Interface/address. Enter the IP address or name of the interface through which incoming and outgoing connections must pass.
Insert. From the drop-down list, choose the position of this SOCKS v5 routing entry in the socks5.conf file. Because you can have multiple routing methods, you must specify the order in which they are evaluated.
OK. Saves your changes.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.
The SOCKS v5 Proxy Routing Entry PageThe SOCKS v5 Proxy Routing Entry page is used to add and edit proxy routing entries. The following elements are displayed:
Proxy type. From the drop-down list, choose the type of proxy server through which you will be routing.
Destination host mask. Enter the IP address or host name for which the connection entry applies. If you enter an IP address, follow it with a forward slash and the mask to be applied to the incoming IP address. The SOCKS server will apply this mask to the IP address of the destination machine to determine if it is a valid destination host. Do not use spaces in the host mask entry. If you do not enter a destination host mask, the connection entry applies to all hosts.
For example, you can enter 155.25.0.0/255.255.0.0 in the destination host mask field. If the destination host’s IP address is 155.25.3.5, the SOCKS server will apply the mask to the IP address and determine that the destination host’s IP address matches the IP address for which the proxy entry applies (155.25.0.0).
Destination Port range. Enter the ports on the destination host for which the proxy entry applies. Do not use spaces in the port range. If you do not specify a port range, the proxy entry applies to all ports.
You can use brackets [ ] to include the ports at each end of the range, or parentheses ( ) to exclude them. For example, [1000-1010] means all port numbers between and including 1000 and 1010, while (1000-1010) means all port numbers between, but not including, 1000 and 1010. You can also mix brackets and parentheses. For instance, (1000-1010] means all numbers between 1000 and 1010, excluding 1000, but including 1010.
Destination Proxy address. Enter the host name or IP address of the proxy server.
Destination Proxy port. Specify the port for the proxy server.
Insert. From the drop-down list, choose the position of this routing entry in the socks5.conf file. Because you can have multiple routing methods, you must specify the order in which they are evaluated.
OK. Saves your changes.
Reset. Erases your changes and resets the elements in the page to the values that they contained before your changes.