Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
srelay(8)		    System Manager's Manual		     srelay(8)

       srelay -	socks protocol server.

       srelay [options]

       The srelay is socks version 5 server, including version 4 support.
       The srelay has following	features.
       - socks version 5 connect/bind operation	for TCP	relaying.
       - socks version 4 connect/bind operation, including FQDN	extensions.
       -  series  of multiple socks servers relaying with both version 4 and 5
       - support username/password authentication.
       - connection control with tcp_wrappers(libwrap).
       - support IPv6 as well as IPv4 (hopefully).
       - You can build IPv4 <->	IPv6 gateway with the srelay.
       -  nicely  cope(relay)  with  NEC's  SOCKSv5  reference	implementation
       - Free to use/distribute.

       The options are as follows:

       -c  file	 configuration file.

       -i  i/f	 Interface, or listening port. See Listening Port.

       -m  num	 Maximum  child	 process for non-threading daemon.  Or,	number
		 of thread for threading daemon.

       -o  minutes
		 Idle transfer timeout in  minutes.  0(zero)  means  no	 time-

       -p  file	 PID file; stores main process or main thread process ID.

       -u  file	 srelay	password file used in intermediate SOCKS5 server.

       -a [n|p]	 authentication	method.

		 n	No Authentication.

		 p	Username/Password authentication.

		 Authentication	methods	are evaluated in its placing order. If
		 this option is	not present,  'No  Authentication'  method  is

       -f	 Run foreground. (not tested well :-p)

       -r	 Try resolve client ip to name on logging.

       -s	 Logging to syslog, even if running foreground.

       -t	 Disable threading. (valid in thread-enabled configuration)

       -b	 Avoid BIND port restriction.

       -g	 Use the same interface	for outbound as	inbound.

       -v	 Show version info.

       -h -?	 Show help.

   Listening Port
       Specifing the server listening ports are	in following format.

	      Single  IP  spec.	 If  no	 port number is	specified, defaults to
	      1080/tcp.	Server socket will be port 1080.

	      Single IP	with port. Server  socket  will	 be  port

	      Hostname is also accepted.

       -i  :1234
	      No  host	IP or hostname is specified. Server socket will	be IN-
	      ADDR_ANY port 1234.

       -i  '[2003:268:1234:4321:250:8bff:fea8:1234]:1234'
	      IPv6 address must	be surrounded by '[' and ']'. In most  of  the
	      cases,  you  have	 to escape '[' and ']' characters against your

	-i  options can	be appear multiple times if you'd like to have	a  lot
       of holes.

       If no  -i  option is specified, default port is	INADDR_ANY/INADDR6_ANY
       port 1080 .

   Authentication method
       The socks version 5 authentication is mechanism	for  authenticate  the
       server  user.   The srelay only supports	'No Authentication' and	'User-
       name/Password Authentication'.  On  the	Username/Password  authentica-
       tion,  the  srelay using	the server host's account information. For in-
       stance, using UNIX host's password database. This is deprecated if  you
       are  in the network with	full of	sniffers :) Why	? er, plain text pass-
       word is launched	by the client every time at connecting the server.   I
       recommend not to	use -ap	option.

       When  the srelay	is working as the intermediate of socks	servers	chain,
       it is some time required	to use	socks  authentication  to  connect  to
       next-hop	 socks	server.	In this	case, you can specify the username and
       password	for the	next-hop socks by using	srelay.passwd file.   This  is
       done whether you	are specifing -a option	or not.

       Configuration file format.
       # this line is comment.
       # destination		port range     next [next-p x-next x-next-p]
       # subnet	length		any
       # subnet	mask in	doted format higher port is 65535 512- 11080
       #		   lower port is 1		-511
       # IPv6 destinations go through Gateway
       ::		   -
       # IPv4 destinations go through another Gateway			-
       # (IPv6 to IPv4 destinations)			-    3002::1:4321:250:8bff:ffa8:1234
       # no next-hop means connect direct.			-

       If a next-p (next-hop socks port) is ommitted, is defaulted to 1080, as
       you can guess.  A next-hop socks	port can be like,  8080/H  or  8080/S,
       where  H,  S  means  HTTP,  SOCKS,  respectively. this also defaults to
       HTTP relaying method is experimental, and supports  minimized  spec  of
       HTTP Proxying.

       You can be on your network environment like this.
       [Client]-->(socks)[srelay]-->(http)[FireWall]	  -->(socks)[Socks_Is-

       srelay.conf setting could have the third	Host, [FilreWall] like this.

       # dest  dest-port proxy	      proxy-p	proxy2	  proxy2-p
       Dest    any	 Socks-Island 1080	FireWall  8080/H

       The listing order of proxy and proxy2 is	farthest first order.

       Username/Password information for connecting next-hop socks server.
       # this line is comment.
       # next-hop server   username  password	   hogehoga  xyz$12#	   opopop	  tutut555

	      default configuration file.

	      username/password	information using in connecting	to  the	 next-
	      hop socks	v5 server.

	      default PID file.

       /etc/hosts.allow	/etc/hosts.deny
	      (if  supported in	compile	time,) tcp_wrappers configuration. TAG
	      name is 'srelay'.

       The following signals are meaningful:

       SIGHUP reload srelay.conf.


       RFC 1928	SOCKS Protocol Version 5,
       RFC 1929	Username/Password Authentication for SOCKS V5,

       Tomo.M <>

				  27 Mar 2003			     srelay(8)


Want to link to this manual page? Use this URL:

home | help