From owner-freebsd-security Thu Feb 11 01:19:51 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA17199 for freebsd-security-outgoing; Thu, 11 Feb 1999 01:19:51 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from wind.freenet.am ([194.151.101.35]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id BAA17153 for ; Thu, 11 Feb 1999 01:19:05 -0800 (PST) (envelope-from casper@acc.am) Received: from lemming.acc.am ([209.58.5.202]) by wind.freenet.am (8.9.1/8.9.1) with ESMTP id NAA20928; Thu, 11 Feb 1999 13:16:44 +0400 (GMT) Received: from acc.am (nightmar.acc.am [192.168.100.108]) by lemming.acc.am (8.9.1a/8.9.1) with ESMTP id NAA20514; Thu, 11 Feb 1999 13:17:18 +0400 (AMT) Message-ID: <36C29F76.BA759A5F@acc.am> Date: Thu, 11 Feb 1999 13:14:30 +0400 From: Casper Organization: Armenian Computer Center X-Mailer: Mozilla 4.5 [en] (Win95; I) X-Accept-Language: ru,en MIME-Version: 1.0 To: Alla Bezroutchko CC: Drew Derbyshire , security@FreeBSD.ORG Subject: Re: firewall with SOCKS5, UDP, ICQ References: <36C19674.F553CB64@kew.com> <36C1AAF4.AE320A97@sovlink.ru> <36C24D39.8D29C578@kew.com> <36C29C2C.EDEEDB05@sovlink.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What about running Socks5 daemon as stand-alone daemon (use multithreading mode on FBSD3.0), it decreases CPU load (compared with inetd variant) and works just fine for me .... I'm able to use all ICQ feautures including Chat , may be except hosts , that use the same proxy . Alla Bezroutchko wrote: > > Drew Derbyshire wrote: > > > Whoops. I left off the one real error, and didn't show the pattern, which is what I get for being in a > > hurry this morning: > > Thr recv failing is the error, although of course '0' isn't. The pattern is the server restarting every > > ten minutes or so, even though the timeout is set much higher. > > I suppose it should restart. When a user connects to port 1080 inetd > starts a new copy of socks5 > to handle this request. When socks5 finishes processing the request, it > dies. And inetd keeps starting > new socks5 processes for every user request. Do you run socks5 from > inetd with -i option? Do you have > nowait set for it? Check if there are too many socks5 processes hanging > around. > > I don't know if there is some other way of running socks5 from inetd, > but this works for me. > > I have no idea about "recv failed" error. > > > Hmmm. My behavior is more like what others reported. The suggestion to go to 99a may be desirable. Are > > you at that level? > > There is a user running 98beta quite happily. I don't think that is the > issue. > > There is a strange thing I noticed in your logs: > > Feb 10 21:09:55 pandora Socks5[11227]: Socks5 starting at Wed Feb 10 21:09:55 1999 from inetd > > Feb 10 21:09:55 pandora Socks5[11227]: UDP Proxy Request: (minerva.hh.kew.com:1108) for user ahd > > Feb 10 21:09:55 pandora Socks5[11227]: UDP Proxy Established: (dogbert.hh.kew.com:1109) for user hobbit > > Feb 10 21:17:36 pandora Socks5[11227]: S5IOCheck: recv failed: Undefined error: 0 > > Feb 10 21:17:36 pandora Socks5[11227]: UDP Proxy Termination: (dogbert.hh.kew.com:1109) for user hobbit; > > 1467 bytes out 600 bytes in > > UDP proxy was requested for user ahd and established for user hobbit by > the same socks5 process. Why so? > > And I still don't get one thing: does ICQ work at all through you socks5 > (even being slow and timing > out sometimes) or it doesn't? > > -- > Alla Bezroutchko Sovlink LLC > Systems Administrator Moscow, Russia > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message