Dante socksify on opensuse 11.4 not working

English Network/Internet
1

I installed dante from yast on opensuse 11.4 and edited /etc/socks.conf to reflect my network configuration but when I try to socksify a command, nothing happens. Even a non-network command, such as “ls -l” does nothing when preceded by socksify.

Any ideas?

2

Hello,

Will need to see exactly what commands you’re attempting.
Also, especially when you’re talking about Proxy SOCKS, verify you’re properly configuring for SOCKSv4 or SOCKSv5 depending on your proxy.

BTW - usually I don’t try to execute SOCKS commands manually, I usually test using a known SOCKS application. Eliminates or minimizes human mistakes.

And, just curious why/whether you have tried configuring your Proxy from within YAST instead. YMMV no matter what you do, and I’ve found YAST isn’t guaranteed to work always but IMO it should be the first try.

Tony

3

The problem is not related to the SOCKS proxy. Even a non-network command does nothing when preceded by socksify. Presumably the LD_PRELOAD is messing it up.

> ls
[some output]

>socksify ls
[no output]

4

Actually, the above was wrong. However, network commands do nothing when preceded by socksify. It doesn’t matter if you are trying to reach a host routed via SOCKS proxy or direct, you still get no output.

5

Without knowledge how your network Gateway is setup, I can’t speculate how to solve your problem.

Tony

6

You can reproduce the problem without a SOCKS gateway; just trying to talk to a machine on same network fails with socksify.

Install dante.
Leave /etc/socks.conf alone or add an entry to route everything via direct:

route {
from: 0.0.0.0/0 to: 0.0.0.0/0 via: direct
}

Now try to ssh to a machine on your network, with and without socksify.

> ssh john@sung1
[asks for password]

> socksify ssh john@sung1
[no output]

7

Two possible problems…

  1. Simply configuring to point directly to a specific machine isn’t necessarily all that is required. Verify
  • A SOCKS proxy is running on the target machine
  • Verify firewall(s) are disabled or port opened (default port 1080)
  1. I recommend you take a look at the Dante configuration at the Project website (I’ve embedded the URL). At the least you’ll find in the documentation
  • You can’t just run the socksify command as you’ve posted. Before that command you need to run the command declaring/configuring the socksify command.
  • Current versions of Dante do many things automatically like route to same subnet addresses directly which would of course mean that if you attempted to target a SOCKS proxy on your subnet going through a third Host, <that> would need to be configured/declared.
  • The documentation describes both invoking Dante confgiured in a shell and by config file, you might want to take a look at that.

HTH,
Tony

8

I should have explained that I have used exactly the same setup on 11.1 with no problem.

In my example above (connecting to machine sung1 on same network), there is no SOCKS proxy on the target machine, I intend the connection to be direct. I gave this as a simple example of how the socksify command fails - even when there is no SOCKS proxy involved.

Has anyone used dante socksify successfully on 11.4?

9

OK, I found the problem (with help from a colleague).

Dante log shows:

May  6 13:53:16 (1304686396.626847) ssh[28976]: parseconfig(): found proxyserver set in environment, value http://www-cache.rd.bbc.co.uk:8080
May  6 13:53:16 (1304686396.626874) ssh[28976]: parseconfig(): illegal value for port specification in SOCKS_SERVER http://www-cache.rd.bbc.co.uk:8080: must be between 1 and 65535

Dante examines the HTTP_PROXY environment variable and expects to find a port number after the first occurrence of ‘:’

In opensuse the HTTP_PROXY is a URL, e.g. http://www-cache.rd.bbc.co.uk:8080 so the first ‘:’ is followed by // not the port number.

In my opinion, this is a bug in dante. The relevant source code is in config_parse.c around line 1133.

10

The bug is fixed in dante version 1.3.0