socks5(1)socks5(1)NAMEsocks5 - A daemon that implements the SOCKS v5 protocol to
execute proxy requests for a client
SYNOPSISsocks5 [options]
DESCRIPTIONsocks5 is a proxy server that implements the SOCKS v5 pro
tocol. As a proxy server, socks5 authenticates, autho
rizes, and processes network requests for clients. It
establishes connections to application hosts for client
applications. When the client attempts to access the net
work, the client connects to the socks5 daemon instead of
the application host.
Following authentication, clients request that socks5 per
form network activities for the client. The activities
might include bind, connect, sendto, ping, or traceroute.
The socks5 protocol is independent of application proto
cols, and can assist with different networking services,
including telnet, ftp, finger, whois, gopher, and WWW
access.
The socks5 daemon supports two authentication methods:
Username/Password - Refer to socks5.passwd(5) for
additional information.
Kerberos 5 - Requires that you build socks5 with the
Kerberos libraries. For additional infor
mation about using Kerberos 5 (GSS-API)
authentication, please refer to the Ker
beros man page.
socks5 can run:
standalone - the default
preforking - include the -p option
threaded - if your operating system supports POSIX
threads and you configure socks5 with the
--with-threads option. Include the -t
option to run socks5 in threaded mode.
All operating systems impose limits on
the number of threads and open file
descriptors per process.
through inetd - include the -i option
You can control some aspects of how the socks5 daemon
works through the configuration file, environment vari
ables, and options. Refer to the socks5.conf(5) documenta
tion for additional information about the socks5 configu
ration file. The settings in the configuration file take
precedence over the environment variable and option set
tings. The environment variable settings take precedence
over the option settings.
OPTIONS
Separate multiple options with white space.
-b [host:port]| --bindintfc [host:port]
host:port specifies the host and the port number on
that host on which socks5 runs, instead of the
default port. When you omit host, socks5 uses
0.0.0.0 as the host value.
-d [val] |--debug [val]
Turn on debug mode and optionally set the debug
level to val. If you omit val, socks5 sends only
warning messages. Valid values for val are 1, 2,
and 3. If you specify other values, socks5 assumes
3. Valid values and their meanings are:
1 LOG_NOTICE Reports non-error conditions that
may require special handling
2 LOG_INFO Reports informational messages
3 LOG_DEBUG Reports information useful for
debugging
-f |--foreground
Run in the foreground, and prevent dissociation
from the parent shell when running standalone.
--foreground is most useful for debugging when you
start and stop the daemon frequently.
-i |--inetd
Run socks5 through inetd.
-n val |--nchildren val
Set the maximum number of child processes that can
exist at one time to val.
socks5 presets the maximum number of child processes
to 64. Use this option to lower that preset value.
You cannot set the maximum number of child processes
to a value that exceeds the operating system limit.
socks5 ignores this value in threaded mode, and it is
not useful in oneshot and inetd mode.
-o |--oneshot
Service one request in the foreground, turn on
debugging, send output to stderr, and exit. The
oneshot option is most useful during debugging.
-p |--prefork
Run socks5 as a preforking process. Also include
the --nchildren option to control the number of
forked processes.
-s |--stderr
Log all output to stderr only, instead of the sys
log. Logging output to stderr is most useful in
debug mode, which generates more output.
-t | --threaded
Run socks5 in threaded mode, if your operating sys
tem supports POSIX threads and you built socks5
with the --with-threads option. When threaded mode
is not available, socks5 prints a warning and
reverts to standalone mode.
-v |--version
Print a message containing the current socks5 ver
sion to stderr.
ENVIRONMENT
Environment variables control how socks5 operates. Set
them in the environment, or include them in the configura
tion file. When the environment and the configuration file
contain conflicting settings, the configuration files has
precedence over the environment.
To set the variables in the configuration file, use the
syntax:
set variable [value]
SOCKS5_BINDINTFC host:port
host:port specifies the host and the port number on
that host on which socks5 runs, instead of the
default port. When you omit host, socks5 uses
0.0.0.0 as the host value.
SOCKS5_CONFFILE filename
filename specifies the configuration file. In most
systems, the default is /etc/socks5.conf. Set the
environment before running socks5. With multiple
socks5 daemons, use a different configuration file
for each daemon.
SOCKS5_DEMAND_IDENT
Cause No authentication to fail when the client
fails to respond to an ident request. Use
SOCKS5_DEMAND_IDENT to ensure that each connection
has an associated username.
SOCKS5_ENCRYPT
Request that the next socks5 process encrypt the
data, if possible. SOCKS5_ENCRYPT is only useful
when the socks5 build includes GSS-API authentica
tion.
SOCKS5_FORCE_ENCRYPT
Force the client to encrypt the data when the
authentication method supports encryption.
SOCKS5_IDENTFILE filename
filename specifies the filename that stores the
ident information. In most systems, the default is
/tmp/socks5.ident. SOCKS5_IDENTFILE is most useful
with multiple socks5 daemons.
SOCKS5_MAXCHILD val
val specifies the maximum number of child processes
that can exist at one time.
socks5 presets the maximum number of child processes
to 64. Use this environment variable to lower that
preset value. You cannot set the maximum number of
child processes to a value that exceeds the operating
system limit.
socks5 ignores this value in threaded mode, and it is
not useful in oneshot and inetd mode.
SOCKS5_NOIDENT
Omit ident requests. Use SOCKS5_NOIDENT to reduce
timeouts when you are certain clients are not run
ning identd's.
SOCKS5_NOINTCHK
Request that the next socks5 process perform the
proxy request without integrity checking.
SOCKS5_NOINTCHK is only useful when the socks5
build includes GSS-API authentication.
SOCKS5_NONETMASKCHECK
Instruct the daemon to disregard checking the
server host's netmask. By default, the daemon
checks the netmask and connects directly to hosts
on the same subnet before consulting the configura
tion file.
SOCKS5_REVERSEMAP
Always attempt to map addresses to hostnames. By
default, socks5 only maps when hostnames or domains
are used in the configuration file. When set, the
log file will contain hostnames, but degrades per
formance.
SOCKS5_SERVICENAME
Always map port numbers to service names. By
default, socks5 only maps when services are used in
the configuration file. When set, the log file
will contain services, but degrades performance.
SOCKS5_PASSWD [password]
Specify the password for Username/Password authen
tication when the socks5 daemon connects to another
socks server.
SOCKS5_PIDFILE filename
Specify the filename that stores the socks5 process
ID. socks5 stores the PID in /tmp/socks5.pid. You
can run socks5 on a port other than the default
port by including the --bindintfc command line
option or setting the SOCKS5_BINDINTFC environment
variable. When you run socks5 on a port other than
the default port, socks5 stores the PID in
/tmp/socks5.pid-port. Use SOCKS5_PIDFILE to specify
an alternate filename.
SOCKS5_PWDFILE filename
Specify the password file. In most systems, the
default is /etc/socks5.passwd.
SOCKS5_TIMEOUT minutes
minutes specifies the maximum number of minutes the
connection remains idle. After minutes number of
minutes, socks5 disconnects. When you omit
SOCKS5_TIMEOUT, socks5 disconnects after the con
nection is idle for 15 minutes.
SOCKS5_UDPPORTRANGE port1-port2
Specify a range of UDP ports. port1-port2 specifies
a range of UDP ports that socks5 uses to send UDP
packets.
SOCKS5_USER [user id]
Specify the username for Username/Password authen
tication when the socks5 daemon connects to another
socks server.
SOCKS5_V4SUPPORT
By default, socks5 will only accept SOCKS V5 proto
col (rfc 1928) requests. When set, socks5 will
accept SOCKS V4 protocol requests.
REQUEST FOR COMMENTS
RFC1928
SOCKS protocol Version 5
RFC1929
Username/Password Authentication for SOCKS V5
RFC1961
GSS-API Authentication Method for SOCKS Version 5
SEE ALSOsocks5.conf(5)AUTHOR
NWSL SOCKS5 Development Team
Send comments to socks5-comments@socks.nec.com
7 Oct 1998 socks5(1)