Socks Ports
SOCKS – Wikipedia
SOCKS is an Internet protocol that exchanges network packets between a client and server through a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides a means for UDP packets to be forwarded.
SOCKS performs at Layer 5 of the OSI model (the session layer, an intermediate layer between the presentation layer and the transport layer). A SOCKS server accepts incoming client connection on TCP port 1080, as defined in RFC 1928. [1]
History[edit]
The protocol was originally developed/designed by David Koblas, a system administrator of MIPS Computer Systems. After MIPS was taken over by Silicon Graphics in 1992, Koblas presented a paper on SOCKS at that year’s Usenix Security Symposium, [2] making SOCKS publicly available. [3] The protocol was extended to version 4 by Ying-Da Lee of NEC.
The SOCKS reference architecture and client are owned by Permeo Technologies, [4] a spin-off from NEC. (Blue Coat Systems bought out Permeo Technologies. )
The SOCKS5 protocol was originally a security protocol that made firewalls and other security products easier to administer. It was approved by the IETF in 1996 as RFC 1928 (authored by: M. Leech, M. Ganis, Y. Lee, R. Kuris, D. Koblas, and L. Jones). The protocol was developed in collaboration with Aventail Corporation, which markets the technology outside of Asia. [5]
Usage[edit]
SOCKS is a de facto standard for circuit-level gateways (level 5 gateways). [6]
The circuit/session level nature of SOCKS make it a versatile tool in forwarding any TCP (or UDP since SOCKS5) traffic, creating a good interface for all types of routing tools. It can be used as:
A circumvention tool, allowing traffic to bypass Internet filtering to access content otherwise blocked, e. g., by governments, workplaces, schools, and country-specific web services. [7] Since SOCKS is very detectable, a common approach is to present a SOCKS interface for more sophisticated protocols:
The Tor onion proxy software presents a SOCKS interface to its clients. [8]
Providing similar functionality to a virtual private network, allowing connections to be forwarded to a server’s “local” network:
Some SSH suites, such as OpenSSH, support dynamic port forwarding that allows the user to create a local SOCKS proxy. [9] This can free the user from the limitations of connecting only to a predefined remote port and server.
Protocol[edit]
SOCKS4[edit]
A typical SOCKS4 connection request looks like this:
First packet to server
VER
CMD
DSTPORT
DSTIP
ID
Byte Count
1
2
4
Variable
SOCKS version number, 0x04 for this version
command code:
0x01 = establish a TCP/IP stream connection
0x02 = establish a TCP/IP port binding
2-byte port number (in network byte order)
DESTIP
IPv4 Address, 4 bytes (in network byte order)
the user ID string, variable length, null-terminated.
Response packet from server
VN
REP
reply version, null byte
reply code
Byte
Meaning
0x5A
Request granted
0x5B
Request rejected or failed
0x5C
Request failed because client is not running identd (or not reachable from server)
0x5D
Request failed because client’s identd could not confirm the user ID in the request
destination port, meaningful if granted in BIND, otherwise ignore
destination IP, as above – the ip:port the client should bind to
For example, this a SOCKS4 request to connect Fred to 66. 102. 7. 99:80, the server replies with an “OK”:
Client: 0x04 | 0x01 | 0x00 0x50 | 0x42 0x66 0x07 0x63 | 0x46 0x72 0x65 0x64 0x00
The last field is “Fred” in ASCII, followed by a null byte.
Server: 0x00 | 0x5A | 0xXX 0xXX | 0xXX 0xXX 0xXX 0xXX
0xXX can be any byte value. The SOCKS4 protocol specifies that the values of these bytes should be ignored.
From this point onwards, any data sent from the SOCKS client to the SOCKS server is relayed to 66. 99, and vice versa.
The command field may be 0x01 for “connect” or 0x02 for “bind”; the “bind” command allows incoming connections for protocols such as active FTP.
SOCKS4a[edit]
SOCKS4a extends the SOCKS4 protocol to allow a client to specify a destination domain name rather than an IP address; this is useful when the client itself cannot resolve the destination host’s domain name to an IP address. It was proposed by Ying-Da Lee, the author of SOCKS4. [10]
The client should set the first three bytes of DSTIP to NULL and the last byte to a non-zero value. (This corresponds to IP address 0. 0. x, with x nonzero, an inadmissible destination address and thus should never occur if the client can resolve the domain name. ) Following the NULL byte terminating USERID, the client must send the destination domain name and terminate it with another NULL byte. This is used for both “connect” and “bind” requests.
Client to SOCKS server:
SOCKS4_C
DOMAIN
8+variable
variable
SOCKS4 client handshake packet (above)
the domain name of the host to contact, variable length, null (0x00) terminated
Server to SOCKS client: (Same as SOCKS4)
A server using protocol SOCKS4a must check the DSTIP in the request packet. If it represents address 0. x with nonzero x, the server must read in the domain name that the client sends in the packet. The server should resolve the domain name and make connection to the destination host if it can.
SOCKS5[edit]
The SOCKS5 protocol is defined in RFC 1928. It is an incompatible extension of the SOCKS4 protocol; it offers more choices for authentication and adds support for IPv6 and UDP, the latter of which can be used for DNS lookups. The initial handshake consists of the following:
Client connects and sends a greeting, which includes a list of authentication methods supported.
Server chooses one of the methods (or sends a failure response if none of them are acceptable).
Several messages may now pass between the client and the server, depending on the authentication method chosen.
Client sends a connection request similar to SOCKS4.
Server responds similar to SOCKS4.
The initial greeting from the client is:
Client greeting
NAUTH
AUTH
Byte count
SOCKS version (0x05)
Number of authentication methods supported, uint8
Authentication methods, 1 byte per method supported
The authentication methods supported are numbered as follows:
0x00: No authentication
0x01: GSSAPI (RFC 1961
0x02: Username/password (RFC 1929)
0x03–0x7F: methods assigned by IANA[11]
0x03: Challenge-Handshake Authentication Protocol
0x04: Unassigned
0x05: Challenge-Response Authentication Method
0x06: Secure Sockets Layer
0x07: NDS Authentication
0x08: Multi-Authentication Framework
0x09: JSON Parameter Block
0x0A–0x7F: Unassigned
0x80–0xFE: methods reserved for private use
Server choice
CAUTH
chosen authentication method, or 0xFF if no acceptable methods were offered
The subsequent authentication is method-dependent. Username and password authentication (method 0x02) is described in RFC 1929:
Client authentication request, 0x02
IDLEN
PWLEN
PW
(1-255)
0x01 for current version of username/password authentication
IDLEN, ID
Username length, uint8; username as bytestring
PWLEN, PW
Password length, uint8; password as bytestring
Server response, 0x02
STATUS
0x00 success, otherwise failure, connection must be closed
After authentication the connection can proceed. We first define an address datatype as:
SOCKS5 address
TYPE
ADDR
type of the address. One of:
0x01: IPv4 address
0x03: Domain name
0x04: IPv6 address
the address data that follows. Depending on type:
4 bytes for IPv4 address
1 byte of name length followed by 1–255 bytes for the domain name
16 bytes for IPv6 address
Client connection request
RSV
DSTADDR
0x01: establish a TCP/IP stream connection
0x02: establish a TCP/IP port binding
0x03: associate a UDP port
reserved, must be 0x00
destination address, see the address structure above.
port number in a network byte order
BNDADDR
BNDPORT
status code:
0x00: request granted
0x01: general failure
0x02: connection not allowed by ruleset
0x03: network unreachable
0x04: host unreachable
0x05: connection refused by destination host
0x06: TTL expired
0x07: command not supported / protocol error
0x08: address type not supported
server bound address (defined in RFC 1928) in the “SOCKS5 address” format specified above
server bound port number in a network byte order
Since clients are allowed to use either resolved addresses or domain names, a convention from cURL exists to label the domain name variant of SOCKS5 “socks5h”, and the other simply “socks5”. A similar convention exists between SOCKS4a and SOCKS4. [12]
Software[edit]
Servers[edit]
SOCKS proxy server implementations[edit]
Sun Java System Web Proxy Server is a caching proxy server running on Solaris, Linux and Windows servers that support HTTPS, NSAPI I/O filters, dynamic reconfiguration, SOCKSv5 and reverse proxy.
WinGate is a multi-protocol proxy server and SOCKS server for Microsoft Windows which supports SOCKS4, SOCKS4a and SOCKS5 (including UDP-ASSOCIATE and GSSAPI auth). It also supports handing over SOCKS connections to the HTTP proxy, so can cache and scan HTTP over SOCKS.
Socksgate5 SocksGate5 is an application-SOCKS firewall with inspection feature on Layer 7 of the OSI model, the Application Layer. Because packets are inspected at 7 OSI Level the application-SOCKS firewall may search for protocol non-compliance and blocking specified content.
Dante is a circuit-level SOCKS server that can be used to provide convenient and secure network connectivity, requiring only the host Dante runs on to have external network connectivity. [13]
Other programs providing SOCKS server interface[edit]
OpenSSH allows dynamic creation of tunnels, specified via a subset of the SOCKS protocol, supporting the CONNECT command.
PuTTY is a Win32 SSH client that supports local creation of SOCKS (dynamic) tunnels through remote SSH servers.
ShimmerCat[14] is a web server that uses SOCKS5 to simulate an internal network, allowing web developers to test their local sites without modifying their /etc/hosts file.
Tor is a system intended to enable online anonymity. Tor offers a TCP-only SOCKS server interface to its clients.
Shadowsocks is a circumvent censorship tool. It provides a SOCKS5 interface.
Clients[edit]
Client software must have native SOCKS support in order to connect through SOCKS. There are programs that allow users to circumvent such limitations:
Socksifiers[edit]
Socksifiers allow applications to access the networks to use a proxy without needing to support any proxy protocols. The most common way is to set up a virtual network adapter and appropriate routing tables to send traffic through the adapter.
Win2Socks, which enables applications to access the network through SOCKS5, HTTPS or Shadowsocks.
tun2socks, an open source tool that creates virtual TCP TUN adapters from a SOCKS proxy. Works on Linux and Windows, [15] has a macOS port and a UDP-capable reimplementation in Golang.
proxychains, a Unix program that forces TCP traffic through SOCKS or HTTP proxies on (dynamically-linked) programs it launches. Works on various Unix-like systems. [16]
Translating proxies[edit]
Polipo, a forwarding and caching HTTP/1. 1 proxy server with IPv4 support. Open Source running on Linux, OpenWrt, Windows, Mac OS X, and FreeBSD. Almost any Web browser can use it.
Privoxy, a non-caching SOCKS-to-HTTP proxy.
Docker based[edit]
multsocks, [17] an approach based on Docker which would run on any platform that runs Docker, using client, server, or both to translate proxies.
Security[edit]
Due to lack of request and packets exchange encryption it makes SOCKS practically vulnerable to man-in-the-middle attacks and IP addresses eavesdropping which in consequence clears a way to censorship by governments.
References[edit]
^ “Service Name and Transport Protocol Port Number Registry”. Internet Assigned Numbers Authority. 19 May 2017. Retrieved 23 May 2017.
^ Koblas, David; Koblas, Michelle R. SOCKS (PDF). USENIX UNIX Security Symposium III. Retrieved 16 November 2019.
^ Darmohray, Tina. “Firewalls and fairy tales”. ;LOGIN:. Vol 30, no. 1.
^ Archive index at the Wayback Machine
^ CNET: Cyberspace from outer space
^ Oppliger, Rolf (2003). “Circuit-level gateways”. Security technologies for the World Wide Web (2nd ed. ). Artech House. ISBN 1580533485. Retrieved 21 January 2020.
^ “2010 Circumvention Tool Usage Report” (PDF). The Berkman Center for Internet & Society at Harvard University. October 2010.
^ “Tor FAQ”.
^ “OpenSSH FAQ”. Archived from the original on 2002-02-01.
^ Ying-Da Lee. “SOCKS 4A: A Simple Extension to SOCKS 4 Protocol”. OpenSSH. Retrieved 2013-04-03.
^
^ “CURLOPT_PROXY”. Retrieved 20 January 2020.
^ “Products developed by Inferno Nettverk A/S”.. Retrieved 2021-03-20.
^ “Easy Net with SOCKS5”. ShimmerCat. Archived from the original on 2018-09-13. Retrieved 20 April 2016.
^ Bizjak, Ambroz (20 January 2020). “ambrop72/badvpn: NCD scripting language, tun2socks proxifier, P2P VPN”. GitHub. Retrieved 20 January 2020.
^ Hamsik, Adam (20 January 2020). “proxychains: a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy”. Retrieved 20 January 2020.
^ Momm, Gregorio (2020-08-24), gregoriomomm/docker-multsocks, retrieved 2020-08-29
External links[edit]
RFC 1928: SOCKS Protocol Version 5
RFC 1929: Username/Password Authentication for SOCKS V5
RFC 1961: GSS-API Authentication Method for SOCKS Version 5
RFC 3089: A SOCKS-based IPv6/IPv4 Gateway Mechanism
Draft-ietf-aft-socks-chap, Challenge-Handshake Authentication Protocol for SOCKS V5
SOCKS: A protocol for TCP proxy across firewalls, SOCKS Protocol Version 4 (NEC)
What are the benefits of SOCKS5 proxy? | NordVPN
ContentsWhat is SOCKS5 proxy? SOCKS5 proxy servers benefits1. Gets you around internet blocks2. Faster and more reliable connection3. Fewer errors and improved overall performance4. Better performance on P2P platformsSOCKS5 vs HTTP proxyShould you use SOCKS5 with a VPN? Should you use a free proxy? What is SOCKS5 proxy? SOCKS5 is the latest and most up-to-date SOCKS protocol. It is an improved version of SOCKS, an internet protocol that routes packets between a server and a client using a proxy server. SOCKS5 has enhanced security and offers three types of authentication methods: Null authentication – No authentication required to connect to a proxy;Username/password authentication – You need to provide login details to connect to a proxy;GSS-API authentication – Both you and the server use authentication methods at the operating system level to verify your does it work? Your traffic is routed through a proxy server that generates an arbitrary IP address before you reach your destination. Technically speaking, SOCKS5 (the latest version) uses proxy servers to form User Datagram Protocol (UDP) or Transmission Control Protocol (TCP) connections through arbitrary IP your IP is 1. 1. 1 and your traffic is routed through a SOCKS Proxy with the IP 2. 2. 2, the destination server (the website) will think that the request came from the latter. The website cannot see your original IP address. This helps you hide your location, but it doesn’t mean that your traffic is secure. Contrary to Virtual Private Networks (VPNs), proxies do not encrypt your traffic – it’s still out in the open and anyone can snoop on what you are is no such thing as an 100% anonymous SOCKS5 proxy server, because it’s impossible to be truly anonymous online. You can get close to it by being aware of what you do online, what services and security tools you use and how it all impacts your privacy. But no single proxy, VPN, or encrypted messaging app will make you ’s little chance you’ll be able to use streaming services that are not available in your country by connecting through a proxy. However, if you only want to change your virtual location and bypass simple geo-blocks, you can find a SOCKS5 proxy list online and try your luck. Check our brief video about SOCKS5 a SOCKS5 proxy better than a VPN? SOCKS5 is not as secure or as fast as a VPN. It’s easy to confuse a SOCKS5 proxy with a VPN, but there are curcial differences. Like most proxies, SOCKS5 won’t encrypt your data, and will lower internet speed and reover, SOCKS is quite detectable, so it most likely won’t get you around national firewalls. Due to this fact you need to enhance its security with a VPN. A good VPN, on the other hand, will encrypt your data as it travels from your device to the VPN server, ensuring that nobody can view it at any point on its journey. With a service like NordVPN, you can still get around internet restrictions and protect your IP address, but you’ll do so with genuine privacy and lightning fast internet speeds. Upgrade your privacy with high-quality VPN CKS5 proxy servers benefitsHere are 4 strong reasons to use SOCKS proxies:1. Gets you around internet blocksSince proxy servers act as relays between your device and the internet, they can easily help you bypass internet blocks. For example, if your IP was blacklisted by a certain website (or you use a VPN and its servers IPs were blacklisted) you can route your traffic through a SOCKS5 proxy and so bypass this block. However, it won’t help you to circumvent national firewalls in the way that a VPN will, as most of them use deep packet inspection (DPI). This means that your traffic is blocked by your ISP and before it reaches the website. Faster and more reliable connectionUnlike its predecessors, which only used TCP protocol, SOCKS5 proxy servers can use UDP protocol, ensuring a reliable connection and efficient TCP internet protocol forms a connection between a client and a server, making sure that all the packets arrive from one side to the other. It requires fitting the content into a fixed format so that it can be transferred easily. UDP, on the other hand, doesn’t focus on whether all packets from the client or server reach the other side and whether they are transferred in the same order. UDP doesn’t waste time converting data packets into a stream of fixed packets. Therefore, with these UDP at hand, SOCKS5 can offer faster speeds and a reliable connection. 3. Fewer errors and improved overall performanceMany other proxies rewrite data packet headers. Because of this, there’s a high chance of misrouting or mislabelling that data. SOCKS5 proxy servers do not rewrite data packet headers, so there is a lower chance for errors. Since there are far fewer errors, the performance automatically improves. However, this comes at a cost of your privacy and security as packet headers contain your personal information and can be easily identified. 4. Better performance on P2P platformsSOCKS5 is faster than other proxies because it transfers smaller data packets. Therefore, it offers faster download speeds, which is why many users use it to connect to P2P sharing websites and CKS5 vs HTTP proxyUnlike HTTP proxies, which can only interpret and work with HTTP and HTTPS webpages, SOCKS5 proxies can work with any proxies are high-level proxies usually designed for a specific protocol. While this means you get better connection speeds, they’re not nearly as flexible and secure as SOCKS proxies. SOCKS proxies are low-level proxies that can handle any program or protocol and any traffic without you use SOCKS5 with a VPN? The main difference between proxies and VPNs is that VPNs encrypt your traffic and proxies don’t. VPNs provide more stable connections while proxy connections drop more are few reasons to use both together, so your best bet is to choose the right tool for the job. Fortunately, NordVPN’s servers also support SOCKS5 connections. For full instructions on how to use SOCKS5 proxy on different platforms, visit our tutorial page. Should you use a free proxy? Because of their low overhead, proxy services aren’t expensive to run, but they still come with costs. Therefore, free proxies, like free VPNs, should be avoided. Here’s why:Poor performance. Free proxies will have less support personnel and may have less configuration options or slower infrastructure. All of this can make them slower and less secure. They might also reduce their speeds or turn off features in an effort to make you a paying ivacy issues. If you’re not paying for the service, you aren’t the customer. Free proxies can monitor user traffic and sell that data to third parties or serve ads. This means replacing ads on websites you love (thereby cutting into their revenue) or introducing new ads that weren’t there best bet is a premium proxy service, which will offer the best speeds, support, and security. Fortunately, when you buy NordVPN, you can also use some of our servers as SOCKS5 proxies. With all of our other features, you can easily switch between maximum security, maximum speed, or the best of both secure and flexible service offers tons of options, including SOCKS5. Try it with our risk-free money-back guarantee for 30 days!
Emily Green
Verified author
Emily Green is a content writer who loves to investigate the latest internet privacy and security news. She thrives on looking for solutions to problems and sharing her knowledge with NordVPN readers and customers.
SOCKS Proxy Primer: What Is SOCKs5 and Why Should You …
co-authored by Darshan S. Mulimath, Megha B. Sasidhar, and Ashiq Khader
In computer networks, a proxy or proxy server is a computer that sits between you and the server. It acts as a gateway between a local network and a large-scale network, such as the internet.
A proxy server works by intercepting connections between sender and receiver. All incoming data enters through one port and is forwarded to the rest of the network via another port.
Aside from traffic forwarding, proxy servers provide security by hiding the actual IP address of a server. They also have caching mechanisms that store requested resources to improve performance. A proxy server can encrypt your data so it is unreadable in transit and block access to certain webpages based on IP address.
Now that we have a general sense of how a proxy works, let’s zoom in on a specific type of proxy — SOCKS — and, specifically, the SOCKs5 variant.
What Is a SOCKS Proxy?
SOCKS, which stands for Socket Secure, is a network protocol that facilitates communication with servers through a firewall by routing network traffic to the actual server on behalf of a client. SOCKS is designed to route any type of traffic generated by any protocol or program.
A SOCKS proxy server creates a Transmission Control Protocol (TCP) connection to another server behind the firewall on the client’s behalf, then exchanges network packets between the client and the actual server. The SOCKS proxy server doesn’t interpret the network traffic between client and server in any way; it is often used because clients are behind a firewall and are not permitted to establish TCP connections to outside servers unless they do it through the SOCKS proxy server. Therefore, a SOCKS proxy relays a user’s TCP and User Datagram Protocol (UDP) session over firewall.
SOCKS is a layer 5 protocol, and it doesn’t care about anything below that layer in the Open Systems Interconnection (OSI) model — meaning you can’t use it to tunnel protocols operating below layer 5. This includes things such as ping, Address Resolution Protocol (ARP), etc. From a security perspective, it won’t allow an attacker to perform scans using tools such as Nmap if they are scanning based on half-open connections because it works at layer 5.
Since SOCKS sits at layer 5, between SSL (layer 7) and TCP/UDP (layer 4), it can handle several request types, including HTTP, HTTPS, POP3, SMTP and FTP. As a result, SOCKS can be used for email, web browsing, peer-to-peer sharing, file transfers and more.
Other proxies built for specific protocols at layer 7, such as an HTTP proxy that is used to interpret and forward HTTP or HTTPS traffic between client and server, are often referred to as application proxies.
There are only two versions: SOCKS4 and SOCKs5. The main differences between SOCKs5 and SOCKS4 are:
SOCKS4 doesn’t support authentication, while SOCKs5 supports a variety of authentication methods; and
SOCKS4 doesn’t support UDP proxies, while SOCKs5 does.
A SOCKs5 proxy is more secure because it establishes a full TCP connection with authentication and uses the Secure Shell (SSH) encrypted tunneling method to relay the traffic.
Why You Should Adopt SOCKs5
Below are four key benefits to using a SOCKs5 proxy with SSH tunneling.
1. Access Back-End Services Behind a Firewall
Usually, a cluster is hosted in the cloud behind a firewall to minimize potential security vulnerabilities. There are two ways to access any backend services that are running inside a cluster, and each has its limitations:
Expose backend services to public (and accept the associated security risk); or
Whitelist the client or user’s IP to allow traffic to backend services (this is not the right solution for when a user’s IP changes, however).
A SOCKs5 proxy with dynamic port forwarding using SSH can be an alternative to the two undesirable options above. An administrator or developer could access any backend services within a cluster that is hosted in the cloud behind a firewall for debugging, monitoring and administrating from a public network without exposing the backend service ports or whitelisting specific IPs.
Let’s look at a use case. For security reasons, the administration or monitoring application APIs or web user interface (UI) ports for monitoring Hadoop cluster are closed by default when hosted on the cloud. To access these APIs or web UIs, you can use SSH dynamic port forwarding to master or edge a node cluster, since the master node will have a public IP and run SSH services by default, which is exposed so the user can connect from outside.
For another example, say you’re working with a virtual private cloud (VPC). You can deploy a bastion host to securely access remote instances within a VPC by limiting their access to the outside world. You can access the bastion host from the outside world, and only port 22 (SSH) is opened. Using SSH dynamic port forwarding (SOCKs5 proxy), you can access the remote instances that are running in the VPC.
2. No Special Setup Required
SOCKs5 doesn’t require special setup, as long as you have SSH access to either the Edge node or gateway of a cluster. Therefore, users such as administrators and developers can access back-end resources behind the firewall using an SSH tunnel without requiring a virtual private network (VPN).
3. No Third-Party Public or Free Proxy Server in Your Deployments
Since a SOCKs5 proxy routes all kinds of TCP and UDP traffic to their respective service through SSH tunneling, no layer 7 application-related special proxies are required for each service to route application requests.
4. Fewer Errors, Better Performance
Unlike other application proxies, SOCKs5 does not rewrite data packets. It just relays the traffic between devices. Therefore, it is less prone to errors, and performance increases automatically.
How Does SOCKs5 Work in Practice?
Any CISO wouldn’t jump at the chance to embrace the benefits listed above. But what does a SOCKs5 proxy look like in the context of an enterprise security strategy? Where do security leaders begin when implementing SOCKs5 in their environment? Below are some key steps to help you get started.
Setting Up a SOCKs5 Proxy Connection
To SOCKSify an IT environment, the client application must have the capacity to support the SOCKs5 protocol. The syntax below is based on the SSH client on Linux; it shows how to create a SOCKs5 proxy server running on your local computer and then authenticate to the Edge node of a cluster or gateway hosted on cloud that routes traffic to the servers inside the cluster:
$ ssh -D 30001 [email protected] -C -f -N (password: xyz; or
$ ssh -i /path/to/private_key -D 30001 [email protected] -C -f -N
The above command starts the SOCKs5 server and binds to port 30001, then connects to Edge Node, Master Node or Gateway Node over the SSH tunnel hosted on the cloud.
The options used in the above command do the following:
D 30001 tells SSH to create a SOCKs5 server on port 30001 on the client computer.
C compresses data before sending.
N means “Do not execute a remote command. ” This is useful for simply forwarding ports (protocol version 2 only).
F requests SSH to go to the background just before command execution.
Accessing the Endpoints Using the SOCKs5 Protocol
Once a SOCKs5 proxy is created, configure your clients to access the internal services of the cluster. To keep it simple, we use a command line URL (cURL) that supports the SOCKs5 protocol. Other methods such as using a web browser require some additional setup and configurations.
The below cURL command shows how to access one of the HTTPS application endpoints listening on port 8000 behind a firewall using the SOCKs5 proxy over the SSH tunnel created above:
curl -x socks5hlocalhost:30001 -v -k -X GET EdgeNodeSSHserverIP:8000
The above cURL tool connects to port 30001 on localhost. Upon receiving a HTTP GET request on port 30001 from the cURL, the SSH client sends the same request via SSH tunnel to the SSH server.
The remote SSH server handles the request and passes the request to a back-end service listening at port 8000. The response is sent back to the client over the same SSH tunnel to the client’s SOCKs5 proxy. The proxy relays the response to the cURL, which displays the response.
Once you have created a SOCKs5 proxy using the SSH dynamic port forwarding method, you can also use the netcat utility to test the TCP connection. As shown below, a TCP connection test is made for back-end services listening at port 8443 with the SOCKs5 proxy:
ncat –proxy 127. 0. 1:30001 –proxy-type socks5 EdgeNodeSSHserverIP 8443 -nv
In Summary
A SOCKs5 proxy is a lightweight, general-purpose proxy that sits at layer 5 of the OSI model and uses a tunneling method. It supports various types of traffic generated by protocols, such as HTTP, SMTP and FTP. SOCKs5 is faster than a VPN and easy to use. Since the proxy uses a tunneling method, public cloud users can access resources behind the firewall using SOCKs5 over a secured tunnel such as SSH.
Frequently Asked Questions about socks ports
What port does SOCKS use?
Usually a socks server listens at one port which is by default port 1080. This is used by all socksified applications. To look only for one port facilitates management and monitoring of network traffic. control is limited to ip address, port number and user authentication.
What is a SOCKS firewall?
SOCKS is commonly used as a network firewall, allowing hosts behind a SOCKS server to gain full access to the Internet while preventing unauthorized access from the Internet to hosts inside the firewall. … In a SOCKS configuration, instead of accessing the origin server directly, the proxy goes through a SOCKS server.
Is SOCKS5 UDP or TCP?
Unlike its predecessors, which only used TCP protocol, SOCKS5 proxy servers can use UDP protocol, ensuring a reliable connection and efficient performance. The TCP internet protocol forms a connection between a client and a server, making sure that all the packets arrive from one side to the other.