This document only describes the features of rsockd that are different from sockd. You should read sockd(5) carefully to gain a basic understanding of of how the SOCKS server works.
When rsockd receives a request, it checks the request again its configuration (in exactly the same way that sockd does) to decider whether the request is to be accepted. The primary difference between sockd and rsockd is in how they establish connection to the destination host of a accepted request. sockd assumes that it can connect directly to the destination host and proceeds to do so. rsockd makes no such assumption. Instead, it consults another configuration file to decide whether it can connect directly to the particular destination host or whether it has to use a proxy connection through another SOCKS server. In other words, it behaves just like a versatile SOCKS client in this regard. Therefore rsockd requires not only the SOCKS server configuration file /etc/sockd.fc or /etc/sockd.conf to decide whether to accept or reject a request, but also the client configuration file /etc/socks.fc or /etc/socks.conf to decide how to reach the destination host. If it is a multi-homed version and supports RBIND, it also needs the route file /etc/sockd.fr or /etc/sockd.fr to decide which network interface to use for a connection.
Look at it in a different way, you can think of sockd as a special case of rsockd, one which can connect directly to all destination hosts. In fact, an rsockd using the client configuration consisting of only this line
direct ALL 0.0.0.0
is functinally identical to the regular sockd.
Anther thing to mention is related to the use of identd. Only the SOCKS server which the requesting host directly connects to can find out the identity of the real user. Suppose user x on host C connects to rsockd on server B which in turn connects to sockd on server A in order to reach destination z. Host B can query identd on host C to find out whether the user is indeed x. To host A, the request appears to originate from user x on host B. An identd query from Host A to host B returns the userid that owns the rsockd process on host B, not the real user x.
# /etc/socks.conf for rsockd of domain rnd.xyz.com # # Use proxy connection through SOCKS server on socks.market.xyz.com # to reach hosts within market.xyz.com sockd @=socks.market.xyz.com .market.xyz.com 0.0.0.0 # # Use direct connect to all other hosts within xyz.com direct .xyz.com 0.0.0.0 # # Use proxy connection through SOCKS server on gateway.xyz.com # to reach all others sockd @=gateway.xyz.com ALL 0.0.0.0
Ying-Da Lee, email@example.com