can the SOCKS 5 proxy accept connections from the outside?

[Fresurfer]

I am trying to use wingate 6.6.4 to set up a SOCKS 5 proxy on my LAN, and I am wondering if the SOCKS 5 proxy in wingate supports accepting incoming connections from the outside, which can be passed to clients on the inside of my LAN..

E.g. a client on my LAN connects to the SOCKS server, then the client requests the SOCKS server to listen to a port on the external interface, because it is expecting an incoming connection from the outside. Wingate then listens to a port on the external interface and accepts the connection, so the client on my LAN can communicate with the client connecting from the internet.

I cannot see any places where this feature can be enabled or disabled, or configured in any way, so I am just wondering if this feature is implemented in wingate or not.
Also, I am wondering if the SOCKS proxy in wingate supports UDP.

Thanks in advance.

[adrien]

Hi

Where WinGate will accept connections from is a function of what interfaces it is bound to, so it is possible to bind the SOCKS server to your external interfaces, and then you will be able to use SOCKS from the internet. Once connected to your SOCKS server, then the clients can connect through to your internal network, or back out to the internet.

Yes it does support UDP.

I would however recommend WinGate 7, since it supports GSSAPI authentication (Kerberos) which is more secure than the plaintext support that WG6 SOCKS server supports.

Regards

Adrien

[Fresurfer]

Hello, and thank you for your quick response.

I understand that the SOCKS proxy can be used in reverse to allow clients from the outside that support SOCKS to access services on my LAN, but that is not the exact configuration I need.

The clients on the outside don't know anything about SOCKS, and are merely told to connect to an IP:Port the way they usually would.

What I am wondering is if the client on the inside can request the SOCKS proxy to listen to a port on the external interface, so that the client from the outside can connect, without knowing that it is in fact connecting to a proxy. E.g. the raw connection is just accepted without the client from the outside passing any SOCKS requests down the connection.

SOCKS 5 should support this, although it may not be supported by every SOCKS server or client.

[adrien]

Hi

so the SOCKS client software is a server that sits on the LAN?

I don't see why SOCKS is even needed, you can pipe incoming connections through to a server behind your firewall without using SOCKS.

SOCKS5 isn't really designed for server apps. You can bind a socket on the firewall, but it's only usable for 1 connection, then the server would need to open another.

The WinGate client does a better job of this than SOCKS allows, but if your protocol is simple TCP-based, you should just use an ENS (packet-level) redirect inbound or a TCP mapping proxy.

Regards

Adrien

[adrien]

check out the section on the BIND command in http://www.ietf.org/rfc/rfc1928.txt

we support this, since it's needed for FTP clients etc. It won't be very good for a server accepting many inbound connections though.

[Fresurfer]

Hello again. The reason I want to use SOCKS for this is that I have a PPTP VPN connection, but I don't want all my traffic passing through it, just some selected traffic. The problem is that when the PPTP connection is up, everything is automatically passed through it, and when it is disconnected, obviously nothing runs through it. I need some to run inside and some outside the VPN at the same time.

That's why I think a SOCKS proxy can be a good solution to the problem. I plan to set up a separate computer which connects to the VPN server and hosts a wingate SOCKS proxy. Then I can enter the IP address of the SOCKS proxy in the programs that I want to run through the VPN tunnel, while leaving the others at their default settings when I want them to run through my main connection.

But as you can see, it can be a bit tricky to forward ports from the VPN connection to my computer, since most of the programs won't listen to the port specified in the settings when the SOCKS proxy details are entered, because they are expecting incoming connections to happen through the SOCKS proxy.

Anyway, I think I have my questions answered, and I will see what I do about this.

Thank you for your time. :)