From owner-freebsd-net Tue May 25 5:46:33 1999 Delivered-To: freebsd-net@freebsd.org Received: from web4-1.ability.net (web4-1.ability.net [216.32.69.9]) by hub.freebsd.org (Postfix) with ESMTP id 86C1B14EE6 for ; Tue, 25 May 1999 05:46:29 -0700 (PDT) (envelope-from rich@f2sys.net) Received: from ppp-rich.ari.net (ppp-rich.ari.net [198.69.193.148]) by web4-1.ability.net (8.9.1/8.9.1/Pub) with ESMTP id IAA15431 for ; Tue, 25 May 1999 08:34:31 -0400 (EDT) Date: Tue, 25 May 1999 08:53:12 -0400 (EDT) From: Rich Fox X-Sender: rich@ppp-rich.ari.net To: freebsd-net@FreeBSD.ORG Subject: socks5 problems (auth) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi, I have sent this through the freebsd-questions channel, and received helpful, but not definitive, information. I have socks5 running (v1.0r9) on a freeBSD 3.1 box. The problem I am having is that I have never been able to configure it to accept a connection without requiring authorization from the client, (alas, I have never been able to configure it to accept a connection and actually act as a proxy--authroization or not!). I understand the risk of leaving the proxy wide open, but I can't get anything to work anyways. In any case here is my *.conf file... # Authentication entries auth - - - # Access entries permit - - 0.0.0.0/0.0.0.0 - - # route entries route 192.168.1. - 192.168.1.1 route - - 123.456.789.123 This is a multi-homed host (IP aliasing), I simply want to allow a connection from 192.168.1.n to a server on the other side. The other side's interface is at 123.456.789.123 and obviously 192.168.1.n's interface is at 192.168.1.1. The system is running ip aliasing and IPFW, however, IPFW has been wide open for these tests. Following is a copy of the perpetual errors that I receive with this... ppp-rich# socks5 -d 3 -s ppp-rich# 44235: Socks5 starting at Tue May 25 08:26:54 1999 in normal mode 44399: TCP Connection Request: Connect (192.168.1.2:2057 to 160.43.252.59:554) f or user 44399: TCP Setup: Authorization failed 44399: TCP Connection Terminated: Abnormal (192.168.1.2:2057 to 160.43.252.59:55 4) for user : 0 bytes out, 0 bytes in 44576: TCP Connection Request: Connect (192.168.1.2:2059 to 160.43.252.59:554) f or user 44576: TCP Setup: Authorization failed 44576: TCP Connection Terminated: Abnormal (192.168.1.2:2059 to 160.43.252.59:55 4) for user : 0 bytes out, 0 bytes in The client app, Quicktime Player (For qt pro) provides no means for authorization, but that shouldn't matter since I am trying to tell socks5 to forget authentication and just do *something*! In this case, I am talking about the client as a Mac, on the other hand, I get roughly similar results from Socksified Win32 (The socksifier log however, contains some interesting info, particularly that it requests the connection, auth is accepted then sends a proxy command and the auth is suddenly rejected.) (On a side note, Quicktime Streaming Media is using RTP-RTSP. If so, then why does streaming media from RealNetworks, which also uses RTSP, work just fine through NAT, whereas, Quicktime doesn't?) Clues would be most helpful... Thanks, Rich. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message