Solved

how to set up linux so machines _by default_ access INTERnet thru socks

Posted on 2000-03-15
7
230 Views
Last Modified: 2010-03-18
I have 3 systems on my lab network:

A: linux box with 2 interfaces, connected to INTRAnet (8.37.198.22 mask 255.255.240.0) via token ring on tr0, connected to lab network (10.0.0.1 mask 255.255.255.0) via ethernet on eth0
B: windoze box, lab network (10.0.0.2 specified) on eth adapter
C: mac box, lab network (10.0.0.3 specified) on eth adapter

The mac and the windoze can access the INTRAnet and the INTERnet through ip forwarding and ip masquerading on the linux, the default INTRAnet gateway being 8.37.192.1, the DNS server at 8.37.0.55. In my environment a socks server is used to connect the INTRAnet with the INTERnet; it is at 8.37.3.60.

A socks client by Hummingbird (which allows all appz to use the socks server for INTERnet connections) is available for Windows 9x. It is installed and works fine through the linux box.

The Mac is an older model running system 7.6.1. As far as I know, no socks client is available for it.  Thus, appz which are not 'socks-aware' are not able to make INTERnet connections. I'm aware that the Mac versions of Netscape Navigator, Fetch 3.0 (ftp client), Anarchie (archie/ftp client), Microsoft Internet Explorer, etc. support socks--I want to enable EVERY network app on the Mac to use socks.  

How would I set up the linux box so that any machine on the lab network (windows, mac, etc.) would _by default_ access the INTERnet through the socks server at 8.37.3.60 without having to have a socks client installed?

If a solution allows the linux box itself (as a client of the socks server) to access the INTERnet, it would be great, but its not necessary. The main thing is to allow the Mac to have full INTERnet access through the socks server.


TIA

Jennifer
0
Comment
Question by:valdese
  • 4
  • 2
7 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 2621649
Actually I think you might be able to find some clients for the Mac that support SOCKS. The SOCKS FAQ (http://www.socks.nec.com/socksfaq.html#q7) says:

"Netscape's Navigator, NCSA's Mosaic, Fetch 3.0 (ftp client), Anarchie (archie/ftp client), Microsoft's Internet Explorer, and PointCast's client support SOCKS"
~
0
 

Author Comment

by:valdese
ID: 2621705
Edited text of question.
0
 

Author Comment

by:valdese
ID: 2621708
Edited text of question.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 40

Expert Comment

by:jlevie
ID: 2621754
I don't think there's anything that would "un-socks" the network. Basically it would have to be a "socks to raw gateway", and I've never heard of anything like that.
0
 

Author Comment

by:valdese
ID: 2624410
Adjusted points from 85 to 170
0
 

Author Comment

by:valdese
ID: 2637285
Adjusted points from 170 to 200
0
 

Accepted Solution

by:
hoax earned 200 total points
ID: 2709612
Assuming the Linux box is running a 2.2.x kernel with ipchains and transparent proxy support:
1. Run a small TCP proxy. The proxy should listen on _SOMEPORT_.
Socksify the proxy using the Linux socksification method you normally use (you might not have to do anything if you simply replace libraries).
2. Using ipchains redirect all TCP traffic originating from 10.0.0.3 to _SOMEPORT_. The appropriate command is:
"ipchains -I input -s 10.0.0.3 -p tcp -d ! 8.37.0.0/16 -j REDIRECT _SOMEPORT_".
I'm assuming all 8.37.* addresses are on the INTRAnet and should not be accessed through the SOCKS proxy.
If you want the mac to be able to access the linux box directly under its 10.0.0.1 address, you'll need to add a few ipchains commands - you can always access it through the 8.37.198.22 address, however.
3. Setup the mac to route through the Linux box.

This should allow TCP connections from the mac to be transparently redirected through the SOCKS server. It will not allow the mac to run any local server (e.g. FTP must be in passive mode). It also won't allow ICMP (i.e. ping won't work). It could probably be enhanced to work with UDP if you're using SOCKS v5 by using a UDP proxy similar to the TCP proxy and redirecting UDP traffic to it.

I recommend using tcpxd (http://quozl.us.netrek.org/tcpxd/tcpxd-0.4.tar.gz) as the proxy. You'll need to modify the code slightly - the proxy is currently built to redirect all incoming connections to a single host:port combination. Find out where it makes the "connect" call, and instead use the address returned by "getsockname". On redirected connections, "getsockname" will return the original destination instead of the local one.

Hope this helps,

*Hoax*
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now