SOCKS tunneling is a mechanism available for tunneling applications that support the SOCKS4 or SOCKS5 client protocol.
Instead of configuring tunneling (a.k.a port forwarding) from specific ports on the local host to specific ports on the remote server, you can specify a SOCKS server which can be used by the user's applications. Each application is configured in the regular way except that it is configured to use a SOCKS server on a localhost port. The Secure Shell client application, Tectia client tools for z/OS, opens a port in the localhost and mimics a SOCKS4 and SOCKS5 server for any SOCKS client applications.
When the applications connect to services such as IMAP4, POP3, SMTP, and HTTP, they provide the necessary information to the SOCKS server, which is actually Tectia client tools for z/OS mimicking a SOCKS server. Tectia client tools for z/OS will use this information in creating a tunnel to the Secure Shell server and relaying the traffic back and forth securely.
With sshg3
on the command line, the syntax of the
SOCKS tunneling command is as follows:
client$ sshg3 -L socks/[listen-address:]listen-port username@sshserver
where:
[listen-address:]
defines which interface on
the client will be listened to (optional argument)
listen-port
is the number of the port on the
client
sshserver
is the IP address or the host name of
the Secure Shell server.
For example, the following command will set up a local tunnel
from port 1234
on the client to sshserver
. The
applications are set to use a SOCKS server at port 1234
on
the client. From the server, the connections are forwarded unsecured to
the destination hosts requested by the applications.
sshclient$ sshg3 -L socks/1234 username@sshserver
SOCKS tunnels can also be defined for connection profiles in the
Connection Broker configuration file. The following is an example from a
ssh-broker-config.xml
file:
<profile id="id1" host="sshserver.example.com"> ... <tunnels> <local-tunnel type="socks" listen-port="1234" allow-relay="no" /> ... </tunnels> </profile>