============================
PC SOCKS Pack - Version 1.01
============================
File: WHATSOCK

SOCKS belongs to the type generally referred to as proxy service.
Usually when a network firewall is set up to protect hosts inside an
organization from attacks that may come from outside through the
network, these inside hosts lose their IP-accessibility with the
outside world and thus can no longer use things like telnet, ftp,
gopher, WWW, etc. to access the vast resources available in the
Internet. Proxy servers with their clients restore these functions to
the hosts inside the firewall without breaching their security
requirements.

The original SOCKS was written by David Koblas <koblas@netcom.com>.
The CSTC releases have been mainly the results of work by Ying-Da Lee
<ylee@syl.dl.nec.com> of C&C Software Technology Center (CSTC), NEC
Systems Laboratory, with contributions by many others throughout the
world.

SOCKS.CSTC.4.1-pc implementation evolved from SOCKS.CSTC.4.1 through
the efforts of Cornell Kinderknecht <cornell@syl.dl.nec.com> with
advice from Ying-Da Lee <ylee@syl.dl.nec.com>, both of C&C Software
Technology Center (CSTC), NEC Systems Laboratory.  The intent was to
be able to provide SOCKS compliance to existing client applications
which run on top of the Windows Sockets 1.1 (winsock) TCP/IP stack in
Microsoft Windows without changing the appearance and function of the
original package and be compatible with proxy SOCKS servers version
4.0 and above.  SOCKS.CSTC.X.X-pc itself does not have any SOCKS
server capabilities and many of the UNIX-specific library capabilities
have been removed or revised as appropriate for the PC environment.


----------------------------           
THE SOCKS CONFIGURATION FILE   
----------------------------           

The SOCKS configuration instructions can be complicated to understand.
The simplest way to go is to edit the example SOCKS.CNF located in the
top level of the PC SOCKS Pack distribution for your site.  Remember
that the default location of the configuration file is in
	C:\ETC\SOCKS.CNF
but you can put it anywhere by specifying the full path and file name
in the environment variable SOCKSCNF
	SET SOCKSCNF=T:\MYDIR\SOCKS.CNF

If no SOCKS.CNF file is found, all destinations will be considered
direct connections.

Following is the full documentation for the SOCKS configuration file:

====================================================================

SOCKS.CNF(5)                                         SOCKS.CNF(5)


NAME
       SOCKS.CNF - SOCKS clients configuration file

SYNOPSIS
       C:\ETC\SOCKS.CNF

DESCRIPTION
       All  SOCKS  client  programs  use  this  file to determine
       whether to use direct or proxy connection to a given  des-
       tination  host,  and  to exert access control based on the
       destination host, the requested service  (port  number  on
       the  destination  host),  and the effective user-id of the
       requesting local user.

       Lines starting with a '#' are comments. Non-comment  lines
       must be of one of the three forms:

       deny [*=userlist]   dst_addr  dst_mask  [op dst_port]
       direct    [*=userlist]   dst_addr  dst_mask  [op dst_port]
       sockd     [@=server] [*=userlist]  dst_addr  dst_mask  [op dst_port]

       A  deny  line  tells  the  SOCKS  clients when to reject a
       request.  A direct lines tells when to use a  direct  con-
       nection.  A  sockd line indicates when to use a proxy con-
       nection and,  optionally,  which  SOCKS  proxy  server  it
       should try.

       Spaces  and  tabs  separate the fields. Fields enclosed in
       sqaure brackets are optional.

       The userlist, when present, consists of one or more  local
       user-ids,  with  comma as separator. No spaces or tabs are
       allowed in the list. The user's effective user-id is  com-
       pared  against the specified userlist for a match. If this
       field omitted, it matches all user-ids.

       The dst_addr dst_mask pair together specify  the  destina-
       tion  IP address or the range of destination IP addresses.
       They are both  given  in  the  usual  dotted  form,  e.g.,
       129.1.2.3. Bits in dst_mask that are set to 0 indicate the
       bit positions which should be masked off  (i.e.,  ignored)
       during  comparison  of dst_addr and the actual destination
       IP address.  So  specifying  255.255.255.255  in  dst_mask
       demands  an  exact match with dst_addr, whereas 0.0.0.0 in
       dst_mask causes an address match no matter what is  speci-
       fied  for  dst_addr.  (NOTE: This is the same way netmasks
       are interpreted, but is the direct  opposite  of  how  the
       address masks are used in cisco router's access-lists.)

       The  op  field must be eq, neq, lt, gt, le, or ge, for the
       condition of equal, not equal, less  than,  greater  than,
       less  than  or  equal,  and greater than or equal, respec-
       tively.  The dst_port field can be either a  port  number,
       e.g.,  23,  or the equivalent service name as specified in



			  April 5, 1994                         1





SOCKS.CNF(5)                                         SOCKS.CNF(5)


       the winsock SERVICES file, e.g., telnet  for  port  number
       23.  If this pair is omitted, the line applies to all ser-
       vices.

       The server, which may only be used in a sockd  line,  con-
       sists  of  a  SOCKS proxy server, which the client program
       should try to use for establishing a proxy connection  for
       the  defined  destination(s).  Domain names of the servers
       may be used, though it is probably more prudent to specify
       IP  addresses.   If this field is omitted, the client pro-
       gram will use the default SOCKS  proxy  server,  which  is
       determined by the environment variable SOCKS_SERVER.

       Consider

       sockd  @=1.2.3.4  *=boss,george 11.12.13.14 255.255.255.255 eq telnet

       To  match  the condition indicated in this line, a request
       must come from a local user whose effective id  is  either
       boss  or  george,  the  destination  IP  address  must  be
       11.12.13.14 exactly, and the  service  requested  must  be
       telnet.  In  that  case,  connection  to  host 11.12.13.14
       should be done via a SOCKS proxy server on host 1.2.3.4.

       Every time a SOCKS client has to make  a  network  connec-
       tion,  it  checks  the  pending  request  against the file
       SOCKS.CNF, one line at a time. Once it finds a  line  with
       conditions  that  are  matched  by the request, the action
       specified on that line is taken. The  remaining  lines  of
       file  SOCKS.CNF  are skipped. So the order of the lines in
       the file is extremely important; switch two lines and  you
       may  have entirely different results.  If no matching line
       is found throughout the file, the request is denied.

       Although there is an implied 'deny all' at the end of  the
       control file, you may supply one explicitly.

	deny 0.0.0.0 0.0.0.0

       Be sure to use

	direct    127.0.0.1  255.255.255.255

       as  the  first  line  of  your  SOCKS.CNF if you are using
       clients prior to version 1.01 of the PC SOCKS  Pack.  This
       assures  that network requests to the host itself are pro-
       cessed locally rather than being diverted through a  SOCKS
       server.  The IP address of the local machine or the subnet
       should be defined next as a direct connection.  In version
       1.01  and  above of the PC SOCKS Pack, 127.0.0.1 is always
       treated as a direct connection.

ENVIRONMENT
       SOCKSCNF, specifies the full path and name  of  the  SOCKS



			  April 5, 1994                         2





SOCKS.CNF(5)                                         SOCKS.CNF(5)


       configuration   file.    By   default,   the  file  is  in
       C:\ETC\SOCKS.CNF.

       SOCKS_LOG, specifies the name of a file for storing debug-
       ging  information from the SOCKS clients.  If not defined,
       no logging information is saved.

       SOCKS_SERVER, specifies the name  or  IP  address  of  the
       default  SOCKS proxy server host to use.  This is required
       if you do not specify explicit servers in the sockd  lines
       in the SOCKS.CNF file.

       USER,  user  name used for validation in the deny lines in
       the SOCKS.CNF file.  Defaults to "PCUSER".











































			  April 5, 1994                         3
