Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
srelay(8)		    System Manager's Manual		     srelay(8)

NAME
       srelay -	socks protocol server.

SYNOPSIS
       srelay [options]

DESCRIPTION
       The srelay is socks version 5 server, including version 4 support.
       The srelay has following	features.
       - socks version 5 connect/bind operation	for TCP	relaying.
       - socks version 4 connect/bind operation, including FQDN	extensions.
       -  series  of multiple socks servers relaying with both version 4 and 5
       servers.
       - support username/password authentication.
       - connection control with tcp_wrappers(libwrap).
       - support IPv6 as well as IPv4 (hopefully).
       - You can build IPv4 <->	IPv6 gateway with the srelay.
       -  nicely  cope(relay)  with  NEC's  SOCKSv5  reference	implementation
       servers.
       - Free to use/distribute.

OPTIONS
       The options are as follows:

       -c  file	 configuration file.

       -i  i/f	 Interface, or listening port. See Listening Port.

       -m  num	 Maximum  child	 process for non-threading daemon.  Or,	number
		 of thread for threading daemon.

       -o  minutes
		 Idle transfer timeout in  minutes.  0(zero)  means  no	 time-
		 out(default.)

       -p  file	 PID file; stores main process or main thread process ID.

       -u  file	 srelay	password file used in intermediate SOCKS5 server.

       -a [n|p]	 authentication	method.

		 n	No Authentication.

		 p	Username/Password authentication.

		 Authentication	methods	are evaluated in its placing order. If
		 this option is	not present,  'No  Authentication'  method  is
		 taken.

       -f	 Run foreground. (not tested well :-p)

       -r	 Try resolve client ip to name on logging.

       -s	 Logging to syslog, even if running foreground.

       -t	 Disable threading. (valid in thread-enabled configuration)

       -b	 Avoid BIND port restriction.

       -g	 Use the same interface	for outbound as	inbound.

       -v	 Show version info.

       -h -?	 Show help.

   Listening Port
       Specifing the server listening ports are	in following format.

       -i  192.168.1.5
	      Single  IP  spec.	 If  no	 port number is	specified, defaults to
	      1080/tcp.	Server socket will be 192.168.1.5 port 1080.

       -i  192.168.1.5:9999
	      Single IP	with port. Server  socket  will	 be  192.168.1.5  port
	      9999.

       -i  my.socks.host:5432
	      Hostname is also accepted.

       -i  :1234
	      No  host	IP or hostname is specified. Server socket will	be IN-
	      ADDR_ANY port 1234.

       -i  '[2003:268:1234:4321:250:8bff:fea8:1234]:1234'
	      IPv6 address must	be surrounded by '[' and ']'. In most  of  the
	      cases,  you  have	 to escape '[' and ']' characters against your
	      shell.

	-i  options can	be appear multiple times if you'd like to have	a  lot
       of holes.

       If no  -i  option is specified, default port is	INADDR_ANY/INADDR6_ANY
       port 1080 .

   Authentication method
       The socks version 5 authentication is mechanism	for  authenticate  the
       server  user.   The srelay only supports	'No Authentication' and	'User-
       name/Password Authentication'.  On  the	Username/Password  authentica-
       tion,  the  srelay using	the server host's account information. For in-
       stance, using UNIX host's password database. This is deprecated if  you
       are  in the network with	full of	sniffers :) Why	? er, plain text pass-
       word is launched	by the client every time at connecting the server.   I
       recommend not to	use -ap	option.

       When  the srelay	is working as the intermediate of socks	servers	chain,
       it is some time required	to use	socks  authentication  to  connect  to
       next-hop	 socks	server.	In this	case, you can specify the username and
       password	for the	next-hop socks by using	srelay.passwd file.   This  is
       done whether you	are specifing -a option	or not.

   srelay.conf
       Configuration file format.
       # this line is comment.
       # destination		port range     next [next-p x-next x-next-p]
       # subnet	length
       123.123.131.0/24		any	  10.10.10.1
       # subnet	mask in	doted format higher port is 65535
       223.224.2.128/255.255.255.128 512-      10.11.22.1 11080
       #		   lower port is 1
       223.224.2.128/25		-511	  10.11.22.2
       # IPv6 destinations go through Gateway
       ::		   -	     100.200.1.1
       # IPv4 destinations go through another Gateway
       0.0.0.0			-	  100.200.1.2
       # (IPv6 to IPv4 destinations)
       0.0.0.0			-    3002::1:4321:250:8bff:ffa8:1234
       # no next-hop means connect direct.
       1.2.3.4			-
       #---

       If a next-p (next-hop socks port) is ommitted, is defaulted to 1080, as
       you can guess.  A next-hop socks	port can be like,  8080/H  or  8080/S,
       where  H,  S  means  HTTP,  SOCKS,  respectively. this also defaults to
       SOCKS.
       HTTP relaying method is experimental, and supports  minimized  spec  of
       HTTP Proxying.

       You can be on your network environment like this.
       [Client]-->(socks)[srelay]-->(http)[FireWall]	  -->(socks)[Socks_Is-
       land]-->[Dest]

       srelay.conf setting could have the third	Host, [FilreWall] like this.

       # dest  dest-port proxy	      proxy-p	proxy2	  proxy2-p
       Dest    any	 Socks-Island 1080	FireWall  8080/H

       The listing order of proxy and proxy2 is	farthest first order.

   srelay.passwd
       Username/Password information for connecting next-hop socks server.
       # this line is comment.
       # next-hop server   username  password
       123.234.0.1	   hogehoga  xyz$12#
       10.11.22.1	   opopop	  tutut555

FILES
       /usr/local/etc/srelay.conf
	      default configuration file.

       /usr/local/etc/srelay.passwd
	      username/password	information using in connecting	to  the	 next-
	      hop socks	v5 server.

       /var/run/srelay.pid
	      default PID file.

       /etc/hosts.allow	/etc/hosts.deny
	      (if  supported in	compile	time,) tcp_wrappers configuration. TAG
	      name is 'srelay'.

SIGNALS
       The following signals are meaningful:

       SIGHUP reload srelay.conf.

       SIGTERM
	      Exit.

SEE ALSO
       hosts_access(5),
       RFC 1928	SOCKS Protocol Version 5,
       RFC 1929	Username/Password Authentication for SOCKS V5,
       http://www.socks.nec.com/socksproto.html

AUTHOR
       Tomo.M <tomoyuki@pobox.com>

				  27 Mar 2003			     srelay(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | FILES | SIGNALS | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=srelay&sektion=8&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help