|< Free Open Study >|| |
This chapter describes how to install the Dante SOCKS client library. Dante provides support for the SOCKS firewall-traversal protocol to client applications. A firewall is a network device frequently employed by businesses or even individuals to protect a network of computers from hostile attackers. Typically, all network traffic to and from the Internet is forced to pass through a single point. A firewall is installed at this point, and it blocks all access to the protected network, except perhaps for a set of specific, tightly controlled services. The potential downside of a firewall is that it usually works both ways: It also prevents users inside the firewall from accessing Internet resources directly.
Typically, a proxy server is employed to provide internal users access to the World Wide Web. However, proxy servers are only useful for the Web, and don't help with other applications. For example, because the SSH protocol doesn't work over the Web's HTTP protocol, it would be blocked, preventing users behind a firewall from using a program such as OpenSSH to access an Internet host. The SOCKS protocol fills this gap, by acting as a sort of generic proxy server for all services (not just the Web).
Network administrators can install a SOCKS server on the firewalled network. This server must "straddle" the firewall, in that it has access to both the internal network and the Internet. Client programs that speak the SOCKS protocol can be configured to connect to the SOCKS server, which acts as a relay. The client will request a connection to a particular resource, and the SOCKS server will act as an intermediary, relaying communications between the client and the Internet host. As far as the Internet host can tell, it will be communicating only with the SOCKS server, but the connection is otherwise transparent. The SOCKS protocol is therefore a "tunneling" protocol in that it allows a client program to "tunnel" through the firewall.
Because the SOCKS protocol allows hosts on the protected network behind the firewall to access arbitrary Internet services, it can be viewed as a security risk, albeit a greatly reduced risk since it only allows outgoing connections and not incoming ones. For this reason, not all networks with a firewall run a SOCKS server, so if you find yourself stuck behind a firewall, you'll have to ask your network administrator about SOCKS access. Even if a SOCKS server is running, it may be configured to restrict the types of connections it actually permits.
So what is Dante? Simply put, Dante is both a SOCKS server and a SOCKS client library. The Dante server program can be installed on a system and used to set up a SOCKS server that supports firewall traversal, as described previously. The client library, meanwhile, gives client programs a way to traverse a firewall. Since Part Three of this book contains several other examples of installing server software, and setting up the Dante SOCKS server is very similar to those installations, discussing the Dante SOCKS server would be redundant. As a result, this chapter focuses on demonstrating the installation of a client library, and the Dante server is not discussed. By reading this chapter, you'll see a very typical example of how software that functions as a shared library is configured. This isn't an especially common type of software, but you will still most likely run across it at some point so it's useful to see.
The Dante client library comes as a Unix shared object. (This is a similar creature to Windows' dynamic link libraries [DLLs].) Specifically, the Dante client libraries implement a SOCKS-aware version of the standard BSD sockets API. This API is the API used by the vast majority of networked Unix applications, and it's even used on some other operating systems. By replacing this library with a version that is able to transparently use SOCKS, Dante is able to make almost any program SOCKS-enabled.
A shared library (sometimes called a shared object or shlib) is a file, usually named with an extension of ".so", that contains compiled software code that is shared by multiple running programs. The motivation for sharing code between programs is to reduce memory: Since each program shares the library, there's only one copy in memory, which reduces the memory footprint of running programs, and thus conserves RAM. Programs that use a dynamic shared object are said to be dynamically linked against that library. (Programs that link in their own copy of a library are said to be statically linked.)
Another benefit of shared objects is that they can be upgraded independently of applications that use them—within certain restrictions, of course. You can't completely change an API and expect old programs to be able to use it. Shared libraries are said to be binary compatible when they can be used without modification by programs that were compiled against a different version. The Dante SOCKS library takes advantage of this feature and provides a SOCKS-aware version of the BSD sockets API that is binary compatible with the standard (non-SOCKS) version. This makes it possible to SOCKS-enable almost any program that uses the network.
Some distributions include Dante with the standard installation; for example, Red Hat Linux has included the software as an optional package in previous versions (though this is not the case in 7.3). As always, check to see if a package is already installed on your system or is available for installation before bothering to do all the work discussed in this chapter. However, even if Dante is already installed, chances are it won't be properly configured. As you'll soon see, configuring Dante means knowing a good deal about your network's configuration, and so obviously the default configuration is probably going to be inadequate. For this reason, the "Configuring Dante" section of this chapter will still probably be useful to you, even if Dante is installed with your distribution.
Purpose: Provides support for the SOCKS firewall-traversal protocol
Authors: Inferno Nettverk A/S, Norway
Web site: http://www.inet.no/
Description: Dante is an implementation of the SOCKS firewall traversal protocol, supporting versions 4 and 5. The SOCKS protocol allows client programs that use it to access general Internet resources even while located behind a firewall. Dante provides a generic library that can make almost any program "socksified", providing transparent access to the Internet.
|< Free Open Study >|| |