Date: Wed, 19 May 1999 10:08:12 -0500 From: Benjamin Gavin <gavinb@supranet.net> To: Rich Fox <rich@f2sys.net> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Socks5: auth failure--always Message-ID: <4.1.19990519100348.00ad4e20@mail.supranet.net> In-Reply-To: <Pine.BSF.4.05.9905190942460.92490-100000@ppp-rich.ari.net> References: <4.1.19990518151143.00b3d390@mail.supranet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, I believe I made a mistake in my original email. The authentication lines should probably read like this: auth - - u permit - - 0.0.0.0/0.0.0.0 - - I think it was permitting nobody with the "permit - - - - -" line. A good practice would probably be to set the permit line to allow only you internal networks. I would be a little wary about the SocksCAP application though, we had a number of problems with it (under Win95 it caused major Winsock instability) and just went with a firewall and NAT. Also, we noticed that over time socks5 processes started running away... Ben At 09:52 AM 5/19/99 -0400, Rich Fox wrote: >Hi, > >Unfortunately this didn't make any difference. >Originally I tried running just Quicktime (4) player for Mac, which is >apparently Socks5 saavy (although I don't see anything for auth in it), >but this time I experimented further with >'Socksifying' quicktime(4) player on Windows, and making sure that the >player was not trying to use a socks5 server, but instead letting >Sockscap32 handle the transactions. Again, the auth failure turned up in >the logs. >The username and password that I used for sockscap32 is identical to the >username/password for my account on the FreeBSD box (as is the >username/password for Windows logon). >I tried your suggestion in 2 variations, 1) your exact suggestion, 2) >changing the auth line to read "auth - - n" and instructing sockscap that >no authentication was required. > >I have cleaned the config file up and it currently looks like this: ># Authentication entries >auth - - u > ># Access entries >permit - - - - - - > ># route entries >route 192.168.1./255.255.255.0 - xl0 >route - - tun0 > >Thanks, >Rich. > >On Tue, 18 May 1999, Benjamin Gavin wrote: > >> Hi, >> You need to have the following two lines in your socks5 configuration: >> >> auth - - u >> permit - - - - - - >> >> That should clear up your problem. >> >> Ben >> >> At 04:06 PM 5/18/99 -0400, you wrote: >> >Hi, >> > >> >I am trying to configure socks5 to provide streaming proxy services for >> >Quicktime4 and I always get an auth failure even though I am pretty sure I >> >have socks wide open... >> > >> >Platform: FreeBSD 3.1, IPFW (wide open), IP aliasing still enabled >> >(although I have instructed qt player to use the socks proxy). (I left the >> >latter two enabled and functioning (to a degree), do they need to be >> >disabled, since the only thing that I really seem to need socks5 for is >> >QT4?) >> > >> >The FreeBSD box has an IP address on a dial up connection, the rest of the >> >machines are behind it with a private network of 192.168.1.n/255.255.255.0 >> > >> >This error occurs for both Mac and Windows QT4 players. >> > >> >My socks5.conf file: >> >-=-=-=-=-=-=- >> ># >> ># Authentication entries >> ># >> ># auth - - n >> ># auth 192.168.1/255.255.255.0 - n >> > >> ># >> ># Access entries >> ># >> > >> >permit - - - - - - >> > >> ># permit - - 127.0.0.1 - - - >> ># permit - - 192.168.1/255.255.255.0 - - - >> ># deny - - - 10.10.10.12/255.0.0.0 - - >> > >> ># >> ># route entries >> ># >> >route 192.168.1/255.255.255.0 - xl0 >> >route - - tun0 >> >-=-=-=-=-=-=- >> > >> >My perpetual error: >> >May 18 16:02:00 ppp-rich Socks5[41379]: Socks5 starting at Tue May 18 >> >16:02:00 1 >> >999 in normal mode >> >May 18 16:02:05 ppp-rich Socks5[41380]: Auth Failed: (192.168.1.2:2063) >> > >> >Any hints? >> > >> >Thanks, >> >Rich. >> > >> > >> > >> >To Unsubscribe: send mail to majordomo@FreeBSD.org >> >with "unsubscribe freebsd-questions" in the body of the message >> >> /--------------------------------------------------------------------------/ >> Benjamin Gavin - Senior Consultant >> >> *********** NO SPAM!! ************ >> >> > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-questions" in the body of the message /--------------------------------------------------------------------------/ Benjamin Gavin - Senior Consultant *********** NO SPAM!! ************ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990519100348.00ad4e20>