|
     |
In this example we have two users, SSHSP and SSHSPB, and two
started tasks, SSHSP and SSHSPB, for two Tectia SOCKS Proxies:
SSHSP: this started task is assigned to user
SSHSP and uses stack TCPIP:
//STDENV DD DSN=<HLQ>.V650.PARMLIB(SSHENV), // DISP=SHR // DD DSN=<HLQ>.V650.PARMLIB(TCPIP),DISP=SHR
 | The TCP/IP stack name is specified using the
_BPXK_SETIBMOPT_TRANSPORT= |
SSHSPB: this started task is assigned to user
SSHSPB and uses stack TCPIPB:
//STDENV DD DSN=<HLQ>.V650.PARMLIB(SSHENV), // DISP=SHR // DD DSN=<HLQ>.V650.PARMLIB(TCPIPB),DISP=SHR
The IP address of the SOCKS Proxy in stack TCPIP is
198.51.100.1, and the IP address of the SOCKS Proxy in stack
TCPIPB is 198.51.100.2. The SOCKS
Proxies are used to connect to remote servers at 203.0.113.1 and
203.0.113.2.
You can run the two SOCKS proxies on a dual stack z/OS in two ways:
Using two SOCKS Proxy configuration files with different network listeners (see Example D.1)
Using one global SOCKS Proxy configuration file, and creating network listeners on both TCP/IP stacks' loopback address (see Example D.2). You can also use two separate SOCKS Proxy configuration files if you want to have different rules for the other stack connections.
Example D.1. Two configuration files with different network listeners
Add the following elements to the SSHSP configuration file
(/u/SSHSP/.ssh2/ssh-socks-proxy-config.xml):
...
<profile name="dynamic-ftp"
id="id1"
host=""
port="22"
user="">
</profile>
...
<!-- SOCKS proxy needs its own listener for SOCKS. -->
<tunnel type="socks-proxy"
listen-address="198.51.100.1"
listen-port="1080"
dst-port="0"
profile="" />
...
<rule ip-address="203.0.113.1"
ports="21"
action="ftp-proxy"
profile-id="id1"
username-from-app="YES"
hostname-from-app="YES"
fallback-to-plain="NO" />
...Add the following elements to the SSHSPB configuration file
(/u/SSHSPB/.ssh2/ssh-socks-proxy-config.xml):
...
<profile name="dynamic-ftp"
id="id1"
host=""
port="22"
user="">
</profile>
...
<!-- SOCKS proxy needs its own listener for SOCKS. -->
<tunnel type="socks-proxy"
listen-address="198.51.100.2
listen-port="1080"
dst-port="0"
profile="" />
...
<rule ip-address="203.0.113.2"
ports="21"
action="ftp-proxy"
profile-id="id1"
username-from-app="YES"
hostname-from-app="YES"
fallback-to-plain="NO" />
...Define the IP addresses of the SOCKS Proxies in the socks.conf
file:
sockd @=198.51.100.1203.0.113.1255.255.255.0 sockd @=198.51.100.2203.0.113.2255.255.255.0 direct 0.0.0.0 0.0.0.0
Example D.2. Network listeners on TCP/IP stacks' loopback address
Add the following elements to the global SOCKS Proxy configuration file
(/opt/tectia/etc/ssh-socks-proxy-config.xml):
...
<profile name="dynamic-ftp"
id="id1"
host=""
port="22"
user="">
</profile>
...
<!-- SOCKS proxy needs its own listener for SOCKS. -->
<tunnel type="socks-proxy"
listen-address="127.0.0.1"
listen-port="1080"
dst-port="0"
profile="" />
...
<rule ip-address="203.0.113.*"
ports="21"
action="ftp-proxy"
profile-id="id1"
username-from-app="YES"
hostname-from-app="YES"
fallback-to-plain="NO" />
...Create listeners on both TCP/IP stacks' loopback address (127.0.0.1)
in the socks.conf file:
sockd @=127.0.0.1203.0.113.1255.255.255.255 sockd @=127.0.0.1203.0.113.2255.255.255.0 direct 0.0.0.0 0.0.0.0
| |
Copyright 
2015 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information