SOCKS5 problems

Vaughn Treude plug-discuss@lists.PLUG.phoenix.az.us
Wed, 11 Jul 2001 16:01:14 -0700 

Hi Kevin:
    Once again the mysterious and somewhat misleading nomenclature of Linux modules may have mislead me.  I was under the impression that
IPChains existed mainly to filter out the "bad stuff" that hackers may send my way.  I didn't think of using it to move packets to my other
boxes.  I guess it makes sense that I can use IPChains to connect to my other Linux box, but what about a Windows box?  I know they have SOCKS
clients for Windows, and I also read that Netscape was SOCKS-enabled.  Also, in my "Linux Firewalls" book (by Ziegler) the only entry they in
the index under "Proxy" was SOCKS. That's why I assumed that SOCKS was the way to do it.
    Do you mean to say that IPChains no longer worked as a proxy after your DSL service changed to PPPoE?  That's what I've got, I'm afraid.
    Guess I need to read the chapter on IP Chains in my firewall book.  Still, I'm pretty frustrated because it seems like this SOCKS stuff
ALMOST works.   Is there anyone out there that's using it successfully?

Thanks,
Vaughn Treude

Kevin Brown wrote:

> I'm not an expert on Socks, but wouldn't it be easier to implement IPchains
> (2.2.x kernels) or whatever the equivalent is in the 2.4.x kernels (can't recall
> the package for 2.4).  I'm assuming you are trying to route multiple boxes
> through a single DSL or dial up connection connected to a linux machine.  This
> is what I had done here till Qwest (then USWest) switched the DSL router from
> bridging to PPP mode and I moved my linux box to just play around with (DEC
> Alpha Multia).
>
> > Last week I sent a message detailing my problems getting the SOCKS5 proxy working on my LAN.   I encounter this funny problem regardless
> > of whether I'm trying to connect to the firewall from SocksCap on my Windows machine or Netscape on my other Linux box.  The message says
> > that the proxy has received
> > a request with an "Incompatible Version Number 71."
> >
> > Now I've done a bit more homework since then.  I checked the SOCKS5 source and discovered that the
> > client was supposed to be sending its SOCKS version (either 4 or 5) to the host.  It seems unlikely that
> > BOTH Netscape and SocksCap would be perpetrating this identical error.  So my guess would be that I
> > somehow built Socks5 incorrectly.
> >
> > I reran the build, this time with the "with-threads" option (which I should've done the first time) and the install.   I then ran the
> > Socks5 daemon in debug mode.  The log file no longer included an entry about having not been compiled with the threads option, but
> > otherwise the problems were the same.  I still had the clients
> > telling SOCKS5 that they were "socks 71" clients.
> >
> > I was wondering if there were any SOCKS gurus out there who could help me figure out what I might have done wrong.  I'm running Mandrake
> > 7.0 on the firewall (and the client box.)  I've reviewed the README and INSTALL files and don't see anything about telling the "configure"
> > script that I'm using Linux.   The script appears to be smart enough to look at all the library, compiler, and linker parameters of the
> > system in question, but that seems like that'd be a pretty difficult thing to get right universally.  I wonder if there's some kind of
> > "endianness" or other setting I've neglected.  (I did check the "config.log" file, it complains about not being able to find a certain
> > thread library, but if that's the case, why does the thing compile and run?)
> >
> > I've included the previous message for reference.  Thanks in advance for any help.
> >
> > Vaughn Treude
> >
> > > Hello everyone:
> > >     I'm trying to get SOCKS5 working on my firewall machine so the other machines on my LAN can access the internet.  I've downloaded,
> > > compiled, and installed SOCKS5 from the NEC website; it appears to start OK.  I also downloaded SOCKSCAP from NEC and put it on one of
> > > my Windows machines.  I added Explorer to the list of SocksCap clients and attempted to start it.   But no matter how closely I follow
> > > the instructions, the authentification fails and kicks me out!   I ran socks5 in debug mode, and here's some of the output:  As you can
> > > see, it seems to be working OK until it gets that mysterious error "Incompatible Version Number 71."
> > > Any ideas on what I might be doing wrong?
> > >
> > > Thanks,
> > > Vaughn Treude
> > > Nakota Software, Inc.
> > >
> > > 27534:000000: Accept: Waiting on accept or a signal
> > > 27538:000000: Child: Starting
> > > 27538:000000: Check: Checking host address (0001a8c0 == 0001a8c0)?
> > > 27538:000000: Check: Checking port range   (0 <= 1079 <= 65535)?
> > > 27538:000000: Route: Line 6: Matched
> > > 27538:000000: Checking Authentication
> > > 27538:000000: Check: Checking host address (0001a8c0 == 0001a8c0)?
> > > 27538:000000: Check: Checking port range   (0 <= 1079 <= 65535)?
> > > 27538:000000: Auth: Line 7: Matched
> > > 27538:000000: Socks5: Told client to do authentication method #2
> > > 27538:000000: UPWD: Password file is /etc/socks5.passwd
> > > 27538:000000: UPWD: successful: user is lowell
> > > 27538:000000: Socks5: Read initial protocol
> > > 27538:000000: Socks5: Read address part of protocol
> > > 27538:000000: Proxy: vers:5 cmnd:1 addr:192.168.1.101 port:1080 user:lowell
> > > 27538:000000: Resolve Names: Starting
> > > 27538:000000: Resolve Names: Looking up service name
> > > 27538:000000: Resolve Names: Looking up next proxy
> > > 27538:000000: Proxy: dst on the same subnet
> > > 27538:000000: Resolve Names: No Next Proxy
> > > 27538:000000: TCP Connection Request: Connect (192.168.1.3:1079 to 192.168.1.101:1080) for user lowell
> > > 27538:000000: Checking Authorization
> > > 27538:000000: Check: Checking commands: Anything is ok
> > > 27538:000000: Check: Checking auths: Anything is ok
> > > 27538:000000: Check: Checking host address (0001a8c0 == 0001a8c0)?
> > > 27538:000000: Check: Checking port range   (0 <= 1079 <= 65535)?
> > > 27538:000000: Check: Checking port range   (0 <= 1080 <= 65535)?
> > > 27538:000000: Check: Checking username, lowell is in -
> > > 27538:000000: Perm: Line 8:matched
> > > 27538:000000: Check: Checking host address (0001a8c0 == 0001a8c0)?
> > > 27538:000000: Check: Checking port range   (0 <= 1080 <= 65535)?
> > > 27538:000000: Route: Line 6: Matched
> > > 27534:000000: Parent: 3 children
> > > 27540:000000: Child: Starting
> > > 27540:000000: Check: Checking host address (0001a8c0 == 0001a8c0)?
> > > 27540:000000: Check: Checking port range   (0 <= 2581 <= 65535)?
> > > 27540:000000: Route: Line 6: Matched
> > > 27540:000000: Checking Authentication
> > > 27540:000000: Check: Checking host address (0001a8c0 == 0001a8c0)?
> > > 27540:000000: Check: Checking port range   (0 <= 2581 <= 65535)?
> > > 27540:000000: Auth: Line 7: Matched
> > > 27534:000000: Accept: Waiting on accept or a signal
> > > 27538:000000: lsSendResponse: reply is (192.168.1.101:2581)
> > > 27538:000000: lsSendResponse: response sent
> > > 27538:000000: TCP out interface 192.168.1.101:2581
> > > 27538:000000: TCP Connection Established: Connect (192.168.1.3:1079 to 192.168.1.101:1080) for user lowell
> > > 27538:000000: Flow Setup: Allocated Buffer
> > > 27538:000000: Flow Recv: Reading from client socket
> > > 27538:000000: Flow Recv: Read 223 bytes from client socket
> > > 27538:000000: Flow Send: Writing 223 bytes to server socket
> > > 27538:000000: Flow Send: Wrote 223 bytes to server
> > > 27540:000000: Proxy: Received request with incompatible version number: 71
> > > 27540:000000: Auth Failed: (192.168.1.101:2581)
> > >
> > > ________________________________________________
> > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> > >
> > > PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss