In message <_A4125@delegate-en.ML_> on 09/11/08(21:08:29)
you Andre <email@example.com> wrote:
|> In message <_A4121@delegate-en.ML_> on 09/11/08(11:51:18) I wrote:
|> | |We would also like to know whether it is possible to use the BIND
|> | command to open a specific port on the SOCKS server
|> | |not just for one client connection, but for multiple client connections.
|> |Is it possible with other implementations of a SOCKS server?
|> |Since the tcp connection established by the BIND command on the SOCKS
|> |protocol becomes a transparent connection with the remote peer after
|> |the ACCEPT command, there is no chance to reuse it for another ACCEPT.
|> If your intension is just to use a persistent port (as 80/HTTP)
|> to accept client's connection via the SOCKS server, (not to repeat
|> ACCEPT on the same SOCKS connection), you can use SRCIF with PORTS as this:
Sorry, it is not "PORTS" but "PORT" as the reference manual says :p
|> If necessary, you can restrict this mapping of reserved port-number based
|> on the destination host (to be indicated by the SOCKS client) and the
|> IP-address of the SOCKS client's host, or by user name with AUTHORIZER.
|This is my intention, but I would like to be able to do this at runtime,
|so that I send a command to the server server that there is a service X
|to accept connections through the server at a specific port. And this
|should be a persistent port, possibly with timeout.
I don't see the insufficiency by PORT and SRCIF for your requirement.
If necessary, you can select a port to be bound dynamically based on the
request from the SOCKS-client, using the DST.ADDR and/or DST.PORT field
of the BIND command (which is intended to specify the control connection
to a FTP server but will not be used in other protocols) to indicate the
desired port to be bound, using a set of SRCIFs conditional on the
destination host (SRCIF=host:port:proto:dsthost:srchost).
You can omit PORT commands to reserve ports to be used. But reserving
a port is desirable to keep the LISTEN queue alive persistently not to
drop the connection requests for it when there is no SOCKS-client to
bind/accept from the port.
9 9 Yutaka Sato <firstname.lastname@example.org> http://delegate.org/y.sato/
( ~ ) National Institute of Advanced Industrial Science and Technology
_< >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller