[clue-tech] Forcing use of SOCKS proxy at OS level?

Jim Ockers ockers at ockers.net
Wed Dec 20 11:56:05 MST 2006 

Hi Peter,

> I realize that DNS requests, being UDP, go out in the clear without 
> explicitly tunneling them separately.  That's another project (maybe); 
> for now I have Firefox configured to tunnel the DNS via the proxy, and I 
> don't worry about the others.
> 
> I have searched around a bit using Google, but I don't see an obvious 
> way to force this SOCKS connectivity model.  Is there a way to do this?

Isn't there a different library for SOCKS against which applications need
to be compiled to be SOCKS-compliant?  It seems unlikely to me that every
application on your system which uses sockets has been compiled with SOCKS
support.

I guess if you were to rebuild the entire OS so that every application
binary which uses socket() instead uses some sort of SOCKS call, then
that would do what you want.  It seems unlikely that this would be very
easy though, and maybe even not possible depending on the nature of
the socket() tye system or library calls.

I don't think you can "force" an application to have SOCKS support, it
is compiled in.  I personally haven't used SOCKS though so I'm not sure.
I personally use openvpn which is encrypted and gives you a tun or tap
interface (I prefer TAP for access to small home network).  You just
set the default gateway for your Linux box to be through the tap0 inter-
face and all internet traffic will go through the VPN and not out the
normal network.

Example routing table where 172.16/16 is the office network and 172.30/16 
is the home network, and 142.142.142.142 is the VPN server:

[root at jimo-linux ockers]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
142.142.142.142	172.16.255.254  255.255.255.255 UH    0      0        0 eth0
172.30.0.0      0.0.0.0         255.255.0.0     U     0      0        0 tap0
172.16.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         172.30.0.1      0.0.0.0         UG    0      0        0 tap0

OK I made that up but I think it's mostly right.  In that case all internet
traffic goes to tap0 and would not be seen by anyone sniffing the eth0 network
(other than a bunch of encrypted openvpn packets).

Hope this helps,
Jim

-- 
Jim Ockers, P.Eng. (ockers at ockers.net)
Contact info: please see http://www.ockers.net/

More information about the clue-tech mailing list