Proxy servers can exist in various forms. SOCKS5 proxies are the most modern example. But what’s SOCKS5, and how do you use it? This piece goes over the technology behind this proxy type and the various applications for which it’s suitable.
Recently, proxy servers have become some of the most widely used tools in computer networking. That’s because they assist millions of users in anonymously connecting their local networks to a larger one, like the internet.
Furthermore, a typical proxy has ports that you can use to intercept client/server connections. Data comes in through one of the ports and gets rerouted through another in a process called traffic/IP forwarding. These days, you can also use proxies for caching and encryption purposes.
What’s a SOCKS Proxy?
Table of Contents
ToggleSOCKS stands for Socket Secure. It’s a network protocol that transmits communication data to a server in place of a client computer.
By intercepting and forwarding network traffic on behalf of the client, SOCKS proxies can get past any server firewalls. They do that by setting up a TCP (Transmission Control Protocol) behind the firewall to which the client computer can send its UDP (User Datagram Protocol) session.
SOCKS has the design to forward and route all data types and protocols. We have two SOCKS versions: SOCKS4 and SOCKS5. Below are some of the main differences between both proxy versions:
Authentication
SOCKS4 and SOCKS5 handle authentication differently. The former doesn’t support it entirely, while SOCKS5 has a series of authentication methods it can initiate.
UDP Support
Clients may need to send their UDP (User Datagram Protocol) sessions to a server. If the server doesn’t authorize a direct transmission, UDP proxies can come in handy. But, the SOCKS4 proxy version doesn’t support UDP, while SOCKS5 supports it.
Channel Security
SOCKS5 is comparatively better at establishing secure channels than SOCKS4. That’s because the former initiates an authorized TCP connection for its traffic relays. SOCKS5 may sometimes also utilize SSH (Secure Shell) encryption to set up an encrypted tunneling channel.
How Do You Use SOCKS5?
For all that this proxy has to offer, it still has to work in a practical situation. These days, network security personnel often implement SOCKS5 proxies within their resource environment. But how does the proxy version work in such cases? More importantly, how can you set about using SOCKS5 yourself? Consider the following steps:
SOCKS5 Connection Setup
The first thing you’d want to do with a SOCKS5 proxy in an IT environment is to establish a proxy connection. The admin first confirms if the client application supports the SOCKS5 protocol. Then, they’d run a SOCKS5 proxy server syntax on the local computer to authenticate the cluster’s Edge node.
If the client computer runs on Linux, the syntax will look like this:
$ ssh -D 30001 root@EdgeNodeSSHserverIP -C -f -N (password: xyz;
or
$ ssh -i /path/to/private_key -D 30001 root@EdgeNodeSSHserverIP -C -f –N
Both commands initiate a SOCKS5 server creation on port 30001 on the user computer, then make the connection with the gateway node over the cloud-hosted gateway SSH tunnel.
Endpoint Access
You can use a SOCKS5 proxy to access backend services within a cluster once the connection is there. Typically, a cURL (command-line URL) command will suffice to request access, provided it supports the SOCKS5 protocol. Any other method—through a web browser, for example—will require special configurations.
Below is an example of a cURL access call for HTTP app endpoints on a port behind a firewall:
curl -x socks5h://localhost:30001 -v -k -X GET https://EdgeNodeSSHserverIP:8000
This command will push an HTTP GET request through the SSL tunnel and server on a localhost port 30001. The request gets passed around until a remote SSH server response is sent to the SOCKS5 proxy.
Afterward, you can test backend service connections using a utility. For instance,
ncat –proxy 127.0.0.1:30001 –proxy-type socks5 EdgeNodeSSHserverIP 8443 –nv
is a SOCKS5 TCP connection test carried out on the netcat utility for backend services on port 8443.
Benefits of SOCKS5
Thanks to the SSH tunneling support that SOCKS5 proxies have, they’re much more versatile than their SOCKS4 counterparts. As such, here are some benefits of using it on a network.
Safer Backend Service Access
Sometimes, a server admin can host their backend resources on the cloud, behind a firewall. They’d do that to prevent security breaches and other vulnerabilities. However, this technique makes access difficult for a third party.
In such a case, the admin can grant the backend services public access, which affects the security. They can also whitelist the individual IP address from which the access request comes, but that wouldn’t work when the client’s IP keeps changing.
SOCKS5 provides an excellent alternative to these flawed options. You can use a SOCKS5 proxy to access backend services in a hosted cluster without exposing their ports or resorting to IP whitelisting.
Backend service access behind a firewall may be necessary for several reasons: server administrators need it to debug and monitor network traffic from a public node. In the real world, people use SOCKS5 in a private or shared proxy arrangement to access APIs and UI instances stored in a Hadoop cluster, for example. Doing things any other way will leave a node in the cluster exposed.
Quicker Setup
SOCKS5 is also quite suitable when you need to access an edge node or cluster gateway without an added setup process. As a direct benefit, you won’t need a VPN (Virtual Private Network) when calling for access to backend resources behind a paywall.
Better Performance
SOCKS5 doesn’t have to rewrite its data packets like other application proxy versions. That means a lower likelihood of transmission errors like you’re bound to get with free proxies based on HTTP. Hence, you’ll have better performance overall.
Wrapping Up
So, what’s SOCKS5 and how do you use it? SOCKS5 proxies are a modern and versatile proxy version you can find today. They operate at layer 5 of the OSI model and utilize an SSH tunneling method. A SOCKS5 proxy is the best option to access HTTP or FTP services behind a firewall.
Now you know what’s SOCKS5. Learn here more about how to choose the best SOCKS5 proxies.
How useful was this post?
Click on a star to rate it!
Average rating 0 / 5. Vote count: 0
No votes so far! Be the first to rate this post.
Tell Us More!
Let us improve this post!
Tell us how we can improve this post?