THE INFORMATION IN THIS ARTICLE APPLIES TO:
- DMZ Gateway version 3.1.0.5 and later
DISCUSSION
By default, DMZ Gateway will only service SOCKS5 requests if they originate from an IP Address of a connected EFT Server. You can tell if the DMZ Gateway Server is currently disallowing requests due to this behavior by the presence of WARN level log messages in the <InstallDir>\logs\DMZGatewayServer.log file similar to the following text:
16 Aug 2011 14:56:07,561 WARN PNC (192.168.157.1): Refused SOCKS client greeting from unrecognized remote address /192.168.157.179:3091
You can override this behavior and instruct the DMZ Gateway to allow SOCKS5 requests from any IP Address by editing a system property, as described below.
|
GlobalSCAPE Quality Assurance tested the system with the default setting; changing this setting from the default may cause as yet unknown issues. |
To override the default setting:
- Open the file <InstallDir>\conf\DMZGatewayServerService.conf in a text editor.
- Locate the “Additional Java Parameters” section which will be similar tothe following text:
# Additional Java parameters. Add parameters as needed starting from 1.
# By default, use the server Virtual Machine.
wrapper.java.additional.1=-server
wrapper.java.additional.2=-DDMZSharedConfigurationDirectory=%DMZ_SHARED_CONFIG_DIRECTORY%
wrapper.java.additional.2.stripquotes=TRUE
wrapper.java.additional.3=-Djava.ext.dirs=bin/jre1.6.0_24/lib/ext
- Add the following line at the end of the section:
wrapper.java.additional.<Index>=-DDMZAllowSOCKS5ConnectionFromUnknownIP=true
Where “<Index>” is 1 more than the index number in the previous line. For example:
# Additional Java parameters. Add parameters as needed starting from 1.
# By default, use the server Virtual Machine.
wrapper.java.additional.1=-server
wrapper.java.additional.2=-DDMZSharedConfigurationDirectory=%DMZ_SHARED_CONFIG_DIRECTORY%
wrapper.java.additional.2.stripquotes=TRUE
wrapper.java.additional.3=-Djava.ext.dirs=bin/jre1.6.0_24/lib/ext
wrapper.java.additional.4=-DDMZAllowSOCKS5ConnectionFromUnknownIP=true
- Save your changes.
- Restart the DMZ Gateway Server Windows Service.
- To verify that the changes have taken effect verify that the DMZ Gateway now allows SOCKS5 requests from unrecognized addresses and that the WARN level log messages discussed above no longer appear in the <InstallDir>\logs\DMZGatewayServer.log file.
Refer to https://kb.globalscape.com/KnowledgebaseArticle11201.aspx for other DMZ Gateway configuration settings.