a proxy with the SOCKS protocol
A proxy is a program
that acts as an intermediary between a client and server. It is often
used to interconnect two networks via a single point.
SOCKS is a protocol that is independent of the application protocol,
and is used to relay a TCP session via a proxy. This independence means
that it can relay
both the PeSIT and ODETTE file transfer protocols with
or without SSL.
This topic describes how to use a proxy and SOCKS, and includes:
SOCKS protocol architecture
Transfer CFT supports versions 4 and 5 of the SOCKS protocol. A brief
explanation of the SOCKS protocol is provided in this topic.
About the connection
When using SOCKS4, the exchange between client and server consists of:
- The client logs into the proxy and sends
it a connection request specifying the server IP address (version 4)
or host name, the listening port number of the server, and
a user name.
- The proxy checks the connection request and either executes or rejects
- A response is sent to the client, indicating the status of the request
(the server is connected, the connection with the server has failed, the
user is not authorized, and so on). Once the connection is correctly established
between the proxy and server, the client and the server are connected
via the proxy and can perform transparent data inter exchanges (PeSIT,
and so on).
When using SOCKS5, the exchange between client and server consists of:
- The client and server negotiate an authentication method for the client. The client
sends a list of methods it supports and the server responds to indicate which method
it has chosen. The only method supported by Transfer CFT is username/password.
- The client authenticates itself using its username/password. The sever response code
indicates if the authentication was successful or not. If authentication is refused,
the server immediately closes the connection.
- The client sends a connection request to the proxy, specifying the remote server IP
address or host name and its port number.
- The proxy checks the connection request and either executes or rejects it. A response
is sent to the client, indicating the request was successful or not. Once the connection
is correctly established between the proxy and server, the client and the server are
connected via the proxy and can perform transparent data inter exchanges (PeSIT, and
so on). If the connection if refused, the server immediately closes the connection.
Using a proxy in
The CFTNET command for a proxy is static. To apply modifications, Transfer
CFT must be shutdown, the new parameters interpreted (CFTUTIL) and Transfer
Additionally, at least one file transfer protocol (CFTPROT command) must be declared
for the CFTNET command (describing an access via a proxy for a
Transfer CFT only accepts outgoing calls.
The protocols (CFTPROT) and the networks (CFTNET)
must be declared in the CFTPARM command to be applied by Transfer CFT.
File transfers via a proxy
Transfer CFT responds to error codes from a proxy with:
- Error code 91 for SOCKS4
- Error code 5 for SOCKS5
Transfer CFT repeats the transfer. The
transfer timeout and number of attempts will depend on the CFTTCP command RETRYW,
and RETRYM parameters defining the network characteristics of the remote
- 92 and 93
- Error code != 5 and > 0 for SOCKS5
Transfer CFT puts the transfer on hold (K status). The operator must manually restart
(START command) the transfer.
Configuring a connection
To configure an outgoing connection through a proxy, user must define the following
objects. The numbers referenced here are taken from the example below.
- A network resource with the class 1 (NET0 in the example).
- A network resource with the class 2 (NSOCKS5 in the example) and inet parameter =
NET0. This net also contains SOCKS proxy host, port, username and password.
- A transfer protocol with the parameter net = NSOCKS5 (value used in the example).
- A partner referencing the protocol and class = 2 in its CFTTCP definition.
- The default port for proxy servers is 1080.
CFTNET ID = 'NET0',
TYPE = 'TCP',
CALL = 'INOUT',
MAXCNX = '128',
CLASS = '1',
HOST = 'localhost'
CFTNET ID = 'NSOCKS5',
TYPE = 'TCP',
CALL = 'INOUT',
MAXCNX = '32',
CLASS = '2',
HOST = proxy_address,
PORT = proxy_port,
INET = 'NET0',
PROTOCOL = 'SOCKS5',
USER = 'john',
PASSWORD = 'foo'
CFTPROT ID = 'PESITANY_SOCKS5',
NET = 'NSOCKS5'
CFTPART ID = 'PARIS_NSOCKS5',
CFTTCP ID = 'PARIS_ NSOCKS5',
CLASS = '2',
Setting up a proxy for Copilot
The proxy implementation for
Transfer CFT Copilot is handled directly by the Java Socket class, and uses either the SOCKS
V4 or V5 protocol. Note that the HTTP proxy that is used to connect to the Copilot
server for downloading is different from the one used for SOCKS 4 data exchange between
Copilot client and server. Therefore, you require 2 proxies:
- An HTTP proxy that you set in internet browser
- A SOCKS 4 proxy that you set in Copilot
Since the Copilot log in screen in a browser window does not provide a way to enter
proxy settings, you must force the
Connect to a product dialog box to display by entering faulty credentials in the Copilot log in screen.
Once this connection dialog box displays, you can then set the proxy address and port.
The step is only required for your first log in through a proxy. Copilot retains the
proxy address and port settings for subsequent connections.
To remove proxy and revert to the standard log in, simply remove the proxy address
and port settings in the connection dialog box.
Connect to a product dialog box