Date: Thu, 11 Feb 1999 12:00:28 +0300 From: Alla Bezroutchko <alla@sovlink.ru> To: Drew Derbyshire <software@kew.com> Cc: security@FreeBSD.ORG Subject: Re: firewall with SOCKS5, UDP, ICQ Message-ID: <36C29C2C.EDEEDB05@sovlink.ru> References: <36C19674.F553CB64@kew.com> <36C1AAF4.AE320A97@sovlink.ru> <36C24D39.8D29C578@kew.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Drew Derbyshire wrote: > Whoops. I left off the one real error, and didn't show the pattern, which is what I get for being in a > hurry this morning: > Thr recv failing is the error, although of course '0' isn't. The pattern is the server restarting every > ten minutes or so, even though the timeout is set much higher. I suppose it should restart. When a user connects to port 1080 inetd starts a new copy of socks5 to handle this request. When socks5 finishes processing the request, it dies. And inetd keeps starting new socks5 processes for every user request. Do you run socks5 from inetd with -i option? Do you have nowait set for it? Check if there are too many socks5 processes hanging around. I don't know if there is some other way of running socks5 from inetd, but this works for me. I have no idea about "recv failed" error. > Hmmm. My behavior is more like what others reported. The suggestion to go to 99a may be desirable. Are > you at that level? There is a user running 98beta quite happily. I don't think that is the issue. There is a strange thing I noticed in your logs: > Feb 10 21:09:55 pandora Socks5[11227]: Socks5 starting at Wed Feb 10 21:09:55 1999 from inetd > Feb 10 21:09:55 pandora Socks5[11227]: UDP Proxy Request: (minerva.hh.kew.com:1108) for user ahd > Feb 10 21:09:55 pandora Socks5[11227]: UDP Proxy Established: (dogbert.hh.kew.com:1109) for user hobbit > Feb 10 21:17:36 pandora Socks5[11227]: S5IOCheck: recv failed: Undefined error: 0 > Feb 10 21:17:36 pandora Socks5[11227]: UDP Proxy Termination: (dogbert.hh.kew.com:1109) for user hobbit; > 1467 bytes out 600 bytes in UDP proxy was requested for user ahd and established for user hobbit by the same socks5 process. Why so? And I still don't get one thing: does ICQ work at all through you socks5 (even being slow and timing out sometimes) or it doesn't? -- Alla Bezroutchko Sovlink LLC Systems Administrator Moscow, Russia To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36C29C2C.EDEEDB05>