socks5c.conf File

Purpose

Contains mappings between network destinations and SOCKSv5 servers.

Description

The /etc/socks5c.conf file contains basic mappings (between network destinations, hosts or networks, and SOCKSv5 servers) to use when accessing network destinations. It is an ASCII file that contains records for server mappings. Text that follows a pound character (#) is ignored until the end of the line. Each record is on a single line in the following format:

destination [/prefixlength] server [:port]

You must separate the fields with whitespace. Records are separated by new line characters. The fields and modifiers in a record have the following values:

Item Description
destination Specifies a network destination. The destination variable may be either a name fragment or a numeric address (with optional prefixlength). If destination is an address, it may be either IPv4 or IPv6.
prefixlength If specified, indicates the number of leftmost (network order) bits of an address to use when comparing to this record. It is valid only if destination is an address. If not specified, all bits are used in comparisons.
server Specifies the SOCKSv5 server associated with destination. If server is NONE (must be all uppercase), this record indicates that target addresses matching destination should not use any SOCKSv5 server; instead, it should be contacted directly.
port If specified, indicates the port to use when contacting server.

If a name fragment destination is present in /etc/socks5c.conf, all target addresses in SOCKSv5 operations will be converted into hostnames for name comparison (in addition to numeric comparisons with numeric records). The resulting hostname is considered to match if the last characters in the hostname match the specified name fragment.

When using this configuration information to determine the address of the appropriate SOCKSv5 server for a target destination, the best match is used. The best match is defined as follows:

When both name fragment and numeric addresses are present, all name fragment entries are better than numeric address entries.

The following two implicit records are assumed as defaults for all destinations not specified in /etc/socks5c.conf.:

0.0.0.0/0 NONE #All IPv4 destinations; no associated server.
::/0      NONE #All IPv6 destinations; no associated server.

SOCKS5C_CONFIG Environment Variable

The SOCKS5C_CONFIG environment variable enables the SOCKS library. To enable the library and to indicate that it uses the socks5c.conf file, you must set and export the variable to the pathname of the file, which is /etc/socks5c.conf. However, you can use a different configuration file by setting SOCKS5C_CONFIG to the pathname of that file. If the specified file is not found, then by default the socks5c.conf file is used as a configuration file. If you set this variable to NULL, then SOCKS is not used and traditional network operations occur instead.

Security

Access Control: This file should grant read (r) access to all users and grant write (w) access only to the root user.

Examples

#Sample socks5c.conf file
9.0.0.0/8    NONE    #Direct communication with all hosts in the 9 network.
129.35.0.0/16    sox1.austin.ibm.com
ibm.com    NONE    #Direct communication will all hosts matching "ibm.com" (e.g. "aguila.austin.ibm.com")