Search

GlobalSCAPE Knowledge Base

Overriding the default SOCKS5 Connection Security in DMZ Gateway

Karla Marsh
DMZ Gateway

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • DMZ Gateway version 3.1.0.5 and later

DISCUSSION

By default, DMZ Gateway will only service SOCKS5 requests if they originate from an IP Address of a connected EFT Server. You can tell if the DMZ Gateway Server is currently disallowing requests due to this behavior by the presence of WARN level log messages in the <InstallDir>\logs\DMZGatewayServer.log file similar to the following text:

16 Aug 2011 14:56:07,561 WARN  PNC (192.168.157.1): Refused SOCKS client greeting from unrecognized remote address /192.168.157.179:3091

You can override this behavior and instruct the DMZ Gateway to allow SOCKS5 requests from any IP Address by editing a system property, as described below.

Description: icon_info.gif GlobalSCAPE Quality Assurance tested the system with the default setting; changing this setting from the default may cause as yet unknown issues.

To override the default setting:

  1. Open the file <InstallDir>\conf\DMZGatewayServerService.conf in a text editor.
  2. Locate the “Additional Java Parameters” section which will be similar tothe following text:
  3.      # Additional Java parameters. Add parameters as needed starting from 1.

         # By default, use the server Virtual Machine.

         wrapper.java.additional.1=-server

         wrapper.java.additional.2=-DDMZSharedConfigurationDirectory=%DMZ_SHARED_CONFIG_DIRECTORY%

         wrapper.java.additional.2.stripquotes=TRUE

         wrapper.java.additional.3=-Djava.ext.dirs=bin/jre1.6.0_24/lib/ext

  4. Add the following line at the end of the section:
  5.      wrapper.java.additional.<Index>=-DDMZAllowSOCKS5ConnectionFromUnknownIP=true

         Where “<Index>” is 1 more than the index number in the previous line. For example:

         # Additional Java parameters. Add parameters as needed starting from 1.

         # By default, use the server Virtual Machine.

         wrapper.java.additional.1=-server

         wrapper.java.additional.2=-DDMZSharedConfigurationDirectory=%DMZ_SHARED_CONFIG_DIRECTORY%

         wrapper.java.additional.2.stripquotes=TRUE

         wrapper.java.additional.3=-Djava.ext.dirs=bin/jre1.6.0_24/lib/ext

         wrapper.java.additional.4=-DDMZAllowSOCKS5ConnectionFromUnknownIP=true

  6. Save your changes.
  7. Restart the DMZ Gateway Server Windows Service.
  8. To verify that the changes have taken effect verify that the DMZ Gateway now allows SOCKS5 requests from unrecognized addresses and that the WARN level log messages discussed above no longer appear in the <InstallDir>\logs\DMZGatewayServer.log file.
Refer to https://kb.globalscape.com/KnowledgebaseArticle11201.aspx for other DMZ Gateway configuration settings.
Details
Last Modified: 5 Years Ago
Last Modified By: GlobalSCAPE 5
Type: FIX
Rated 1 star based on 3 votes.
Article has been viewed 24K times.
Options
Also In This Category