From owner-freebsd-current Mon Apr 22 23:38:35 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id XAA08250 for current-outgoing; Mon, 22 Apr 1996 23:38:35 -0700 (PDT) Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id XAA08245 for ; Mon, 22 Apr 1996 23:38:34 -0700 (PDT) Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id XAA18930; Mon, 22 Apr 1996 23:33:29 -0700 From: Terry Lambert Message-Id: <199604230633.XAA18930@phaeton.artisoft.com> Subject: Re: socks support native in freebsd? To: msmith@atrad.adelaide.edu.au (Michael Smith) Date: Mon, 22 Apr 1996 23:33:29 -0700 (MST) Cc: terry@lambert.org, pst@shockwave.com, current@FreeBSD.org In-Reply-To: <199604230253.MAA07445@genesis.atrad.adelaide.edu.au> from "Michael Smith" at Apr 23, 96 12:23:47 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-current@FreeBSD.org X-Loop: FreeBSD.org Precedence: bulk > > Socks functionality should be implemented via an IP tunnel; > > preferrably in a user space "socksd" process. > > This is total crap. How can you possibly implement what Socks does > using a "tunnel"? Socks provides a standards-friendly means of > hiding unroutable hosts behind a routed firewall. It provides > healthy amounts of logging, and good configuration flexibility. By IP tunneling the default route to the socksd that then forwards it to the forwarding host using a static route to the real interface. Local routes can also go to the local linterface statically, by net. Socks *functionality* is the ability to forward packets by proxy through a connection to a proxy agent on the firewall. This has the benefit of *not* implementing the "functionality" of "recompile all socket using programs". > > It is a mistake to rebuild "telnet, ftp, et al" to achieve > > functionality that belongs at the transport layer, not in the > > applications. > > The functionality is correctly implemented in the _library_ functions > that telnet, ftp et. al call. Incorporating Socks proxy support in the > system libraries would instantly Socksify _all_ of the system, including > any ports built, as well as Perl and so forth. > > Given the popularity of firewalls these days, this would be a Big Plus. First, he was talking about implementing it on a per application basis via the makefile hack that is recommended by the socks package. Second, this is an atypical network configuration, and the average user should not have to pay for it in their libc. > > This would also fix the OBA (Only Binary Available) problem with > > trying to use Netscape or Nettrek clinets against a socks server. > > ...except that Netscape (at the least) already supports Socks, and in fact > goes so far as to support making TCP DNS queries so that a UDP proxy isn't > required. Fine. Pick a binary program other than Netscape which does not support socks. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.