friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzab6_5.4.0.1/csocks.htm

166 lines
11 KiB
HTML
Raw Normal View History

Add readme and dist folders
2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Client SOCKS support" />
<meta name="abstract" content="iSeries uses SOCKS version 4 to enable programs that use the AF_INET address family with SOCK_STREAM socket type to communicate with server programs that run on systems outside a firewall." />
<meta name="description" content="iSeries uses SOCKS version 4 to enable programs that use the AF_INET address family with SOCK_STREAM socket type to communicate with server programs that run on systems outside a firewall." />
<meta name="DC.Relation" scheme="URI" content="aconcepts.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/bind.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/connec.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/accept.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/gsockn.htm" />
<meta name="DC.Relation" scheme="URI" content="../apis/rbind.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2001, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2001, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="csocks" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Client SOCKS support</title>
</head>
<body id="csocks"><a name="csocks"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Client SOCKS support</h1>
<div><p>iSeries™ uses
SOCKS version 4 to enable programs that use the AF_INET address family with
SOCK_STREAM socket type to communicate with server programs that run on systems
outside a firewall.</p>
<p>A firewall is a very secure host that a network administrator places between
a secure internal network and a less secure external network. Typically such
a network configuration does not allow communications that originate from
the secure host to be routed on the less secure network, and vice versa. Proxy
servers that exist on the firewall help manage required access between secure
hosts and less secure networks. </p>
<div class="p">Applications that run on hosts in a secure internal network must send their
requests to firewall proxy servers to navigate the firewall. The proxy servers
can then forward these requests to the real server on the less secure network
and relay the reply back to the applications on the originating host. A common
example of a proxy server is an HTTP proxy server. Proxy servers perform a
number of tasks for HTTP clients: <ul><li>They hide your internal network from outside systems.</li>
<li>They protect the host from direct access by outside systems.</li>
<li>They can filter data that comes in from outside if they are properly designed
and configured.</li>
</ul>
HTTP proxy servers handle only HTTP clients.</div>
<p>A common alternative to running multiple proxy servers on a firewall is
to run a more robust proxy server known as a SOCKS server. A SOCKS server
can act as a proxy for any TCP client connection that is established using
the sockets API. The key advantage to iSeries Client SOCKS support is that
it enables client applications to access a SOCKS server transparently without
changing any client code.</p>
<p>The following figure shows a common firewall arrangement with an HTTP proxy,
a telnet proxy, and a SOCKS proxy on the firewall. Notice that the two separate
TCP connections used for the secure client that is accessing a server on the
internet. One connection leads from the secure host to the SOCKS server, and
the other leads from the less secure network to the SOCKS server.</p>
<p><br /><img src="rv4w201.gif" alt="Common firewall arrangement" /><br /></p>
<p>Two actions are required on the secure client host to use a SOCKS server:</p>
<ol><li>Configuration of a SOCKS server. On February 15, 2000, IBM<sup>®</sup> announced
that the IBM Firewall
for iSeries product
(5769-FW1), which provides SOCKS server support, is not enhanced beyond its
current V4R4 capability. </li>
<li>On the secure client system, define all outbound Client TCP connections
that are to be directed to the SOCKS server on the Client system. You can
define the secure client SOCKS configuration entries by using the SOCKS tab
found under the iSeries Navigator
function of iSeries Access
95 or Microsoft<sup>®</sup> Windows
NT<sup>®</sup>. The SOCKS tab has substantial help on configuring the secure client
system for Client SOCKS support. <p>To configure client SOCKS
support, follow these steps: </p>
<ol type="a"><li>In iSeries Navigator,
expand your <span class="menucascade"><span class="uicontrol">iSeries server</span> &gt; <span class="uicontrol">Network</span> &gt; <span class="uicontrol">TCP/IP Configuration</span></span>. </li>
<li>Right-click <span class="uicontrol">TCP/IP Configuration</span>.</li>
<li>Click <span class="uicontrol">Properties</span>. </li>
<li>Click the <span class="uicontrol">SOCKS </span> tab.</li>
<li>Enter your connection information about the SOCKS page.</li>
</ol>
<div class="note"><span class="notetitle">Note:</span> The secure client SOCKS configuration data is saved in the file
QASOSCFG in library QUSRSYS on the secure client host system.</div>
</li>
</ol>
<p>When configured, the system automatically directs certain outbound connections
to the SOCKS server you specified on the SOCKS page. You do not need to make
any changes to the secure client application. When it receives the request,
the SOCKS server establishes a separate external TCP/IP connection to the
server in the less secure network. The SOCKS server then relays data between
the internal and external TCP/IP connections.</p>
<div class="note"><span class="notetitle">Note:</span> The remote host on the less secure network connects directly to the
SOCKS server. It does not have direct access to the secure client.</div>
<p>Up to this point, <em>outbound</em> TCP connections that
originate from the secure client have been addressed. Client SOCKS support
also lets you tell the SOCKS server to allow an inbound connection request
across a firewall. An <span class="apiname">Rbind()</span> call from the secure client
system allows this communication. For <span class="apiname">Rbind()</span> to operate,
the secure client must have previously issued a <span class="apiname">connect()</span> call
and the call must have resulted in an outbound connection over the SOCKS server.
The <span class="apiname">Rbind()</span> inbound connection must be from the same IP
address that was addressed by the outbound connection that the <span class="apiname">connect()</span> established.</p>
<p>The following figure shows a detailed overview of how sockets
functions interact with a SOCKS server transparent to the application. In
the example, the FTP client calls the <span class="apiname">Rbind()</span> function
instead of a <span class="apiname">bind()</span> function, because the FTP protocol
allows the FTP server to establish a data connection when there is a request
from the FTP client to send files or data. It makes this call by recompiling
the FTP client code with the __Rbind preprocessor #define, which defines <span class="apiname">bind()</span> to
be <span class="apiname">Rbind()</span>. Alternatively, an application can explicitly
code <span class="apiname">Rbind()</span> in the pertinent source code. If an application
does not require inbound connections across a SOCKS server, <span class="apiname">Rbind()</span> should
not be used. </p>
<br /><img src="rv4w200.gif" alt="Interaction of sockets functions with a SOCKS server" /><br /><div class="note"><span class="notetitle">Notes:</span> <ol><li>FTP client initiates an outbound TCP connection to a less secure network
through a SOCKS server. The destination address that the FTP client specifies
on the <span class="apiname">connect()</span> is the IP address and port of the FTP
server located on the less secure network. The secure host system is configured
through the SOCKS page to direct this connection through the SOCKS server.
When configured, the system automatically directs the connection to the SOCKS
server that was specified through the SOCKS page.</li>
<li>A socket is opened and <span class="apiname">Rbind()</span> is called to establish
an inbound TCP connection. When established, this inbound connection is from
the same destination-outbound IP address that was specified above. You must
pair outbound and inbound connections over the SOCKS server for a particular
thread. In other words, all <span class="apiname">Rbind()</span> inbound connections
should immediately follow the outbound connection over the SOCKS server. You
cannot attempt to intervene non-SOCKS connections relating to this thread
before the <span class="apiname">Rbind()</span> runs.</li>
<li><span class="apiname">getsockname()</span> returns the SOCKS server address. The
socket logically binds to the SOCKS server IP address coupled with a port
that is selected through the SOCKS server. In this example, the address is
sent through the "control connection" Socket CTLed to the FTP server that
is located on the less secure network. This is the address to which the FTP
server connects. The FTP server connects to the SOCKS server and not directly
to the secure host.</li>
<li>The SOCKS server establishes a data connection with the FTP client and
relays data between the FTP client and the FTP server. Many SOCKS servers
allow a fixed length of time for the server to connect to the Secure client.
If the server does not connect within this time, errno ECONNABORTED is encountered
on the <span class="apiname">accept()</span>.</li>
</ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="aconcepts.htm" title="Advanced socket concepts go beyond a general discussion of what sockets are and how they work. They provide ways to design socket applications for larger and more complex networks.">Advanced socket concepts</a></div>
</div>
<div class="relinfo"><strong>Related information</strong><br />
<div><a href="../apis/bind.htm">bind()</a></div>
<div><a href="../apis/connec.htm">connect()</a></div>
<div><a href="../apis/accept.htm">accept()</a></div>
<div><a href="../apis/gsockn.htm">getsockname()</a></div>
<div><a href="../apis/rbind.htm">Rbind()</a></div>
</div>
</div>
</body>
</html>
Reference in New Issue Copy Permalink