Views:

Install at least IWSVA 6.5 Service Pack 2 Patch 1 after checking the Readme file to make use of the options listed in the next sections.

  1. Enabling SOCKS5 proxy:

    Edit the file "/etc/iscan/network.ini", and add/modify the following two keys:

    socks5_proxy_enabled=yes
    socks5_proxy_port=1080

  2. Enabling SOCKS5 user authentication:

    To enable authentication for the SOCKS5 requests, add the following parameter to the same file as above:

    socks5_auth_enable=yes

    And specify the username and password when performing the authentication.

    The character ";" is expected to split multiple users, for example:

    socks5_auth_users=testuser/testpassword;testuser2/testpassword2

  3. Destination port ACL:

    Specify the destination port which can be rejected, for example:

    socks5_reject_dstport=443;8443

  4. Enabling ACL based on client IP:

    • Set the default action for the socks proxy, for example:

      default_allow_action = yes

       
      • #"yes" means that the default action is "allow", coordinated with the configuration "socks5_reject_srcip"
      • #"no" means that the default action is "reject", coordinated with the configuration "socks5_allow_srcip"
    • Specify the source ip range which can be rejected, for example:

      socks5_reject_srcip=127.0.0.1/32

    • Specify the source ip range which can be allowed, for example:

      socks5_allow_srcip=172.16.0.0/12;10.204.151.0/23

      All the SOCKS5-related settings that can be configured in the /etc/iscan/network.ini file:

      Click image to enlarge

       

      When modifying any of these settings, save the file and quit, then restart the socks proxy service using the following command:

      $/etc/iscan/S99ISsocks5 restart

      restart the socks proxy service

      Click image to enlarge

Use case: SOCKS5 user authentication

After configuring the settings, the IWSVA administrator can trigger one visit from a test client.

The administrator should set SOCKS5 proxy (for instance, Address:10.204.151.65 Port:1080) as web proxy on the test client, and input the username and the password.

Click image to enlarge

If you input an invalid username or password, the client will not be able to access internet as shown in the following:

Click image to enlarge

If the username and password are valid, the client can access the internet. This ensures that the current SOCKS5 proxy is working.

 username and password are valid

Click image to enlarge

The following are limitations and known issues of this feature:

  • IPv6 is not supported.
  • This feature only works in forward proxy mode.
  • The characters “/” and “;” are invalid for username and password.
  • The Rejected destination port does not support wildcards.
  • If an entry in “socks5_allow_srcip” is in conflict with one key in “socks5_reject_srcip”, such entries will be rejected.