When transferring data across a WAN, in some cases both IBM i transfer speeds can be much slower than expected under conditions of high latency or when there are significant counts of packet retransmissions. One method that has been shown to restore transfer speeds is to place a Linux based SOCKS 4 proxy server between the IBM i machines, on either side of the WAN.
There are many good SOCKS 4 proxy servers available for Linux. We have had very positive results running the free Dante Server. Dante supports a wide variety of Linux operating systems. The below information is focusing on CentOS/RedHat.
SOCKS Client requirement
To direct traffic to a SOCKS server, requires the initiating machine have a SOCKS client. Some applications such as some browsers and FTP applications have SOCKS clients built in. Specifically for IBM i, the operating system itself has a built in SOCKS client that can control what traffic is sent to a SOCKS server.
Dante Server requirements
For the most current system requirements, please refer to https://www.inet.no/dante/index.html
Step 1: Install tools
$ sudo yum install gcc make
Step 2: Download, make, and install Dante
$ cd ~
$ wget https://www.inet.no/dante/files/dante-1.4.3.tar.gz
$ tar -xvf dante-1.4.3.tar.gz
$ cd dante-1.4.3
$ ./configure
$ sudo make
$ sudo make install
$ sockd –v # (Display installed version)
Step 3: Create log, PID, and configuration files
# These permissions can be set more strict, but this proven working
$ sudo touch /var/log/danted.log
$ sudo chmod 777 /var/log/danted.log
$ sudo touch /var/run/sockd.pid
$ sudo chmod 777 /var/run/sockd.pid
$ sudo touch /etc/sockd.conf
$ sudo vi /etc/sockd.conf
# Paste configuration text from below
# Adjust IP and NIC name
Step 4: Start Dante
# Its highly recommended Dante be run from a systemd file, see below for more information
# After setting up the system file, Dante can be controlled using the following commands:
$ sudo systemctl start|status|stop danted.service
Step 5: Verify Dante is listening on port 1080
$ sudo netstat -tulnp
Example Dante configuration file
##### LOGGING #####
logoutput: /var/log/danted.log
debug: 0
##### INTERFACES/ADDRESSES #####
# The "internal: ip" should be inside NIC address of this proxy server
# Port 1080 is the standard SOCKS port
internal: 10.10.0.5 port=1080
external: ens160
##### AUTHENTICATION TO THIS SOCKS SERVER #####
# "none" allows anyone to connect
# The client built into IBMi only supports SOCKS 4, without authentication
socksmethod: none
##### CLIENT AUTHENTICATION METHOD #####
clientmethod: none
##### WHATS ALLOWED FROM THE CLIENTS #####
# Allow everything from all clients (aka from the IBMi)
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
}
###### WHATS ALLOWED INTO THE SOCKS SERVER #####
# Allow everything into the SOCKS, and everything out of the SOCKS
# Specifically limit to SOCKS v4, since IBMi built in client only supports v4
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect error
proxyprotocol: socks_v4
}
##### ROUTE CONNECTIONS TO ANOTHER SOCKS SERVER #####
# This section forwards SOCKS traffic to another SOCKS server
# The "via: IP" is the IP of the SOCKS on the far side of the WAN)
# Note Dante 1.4.3 and lower only support TCP when forwarding to another SOCKS
route {
from: 0.0.0.0/0 to: 0.0.0.0/0 via: 10.9.0.7 port=1080
proxyprotocol: socks_v4
command: connect
protocol: tcp
method: none
}
Example systemd file
##### PATH & PERMISSIONS FOR THIS SERVICE FILE #####
# /lib/systemd/system/danted.service
# -rw-r--r-- root root
##### CONTENT OF SERVICE FILE #####
[Unit]
Description=SOCKS (v4 and v5) proxy daemon (danted)
Documentation=man:sockd(8) man:sockd.conf(5)
After=network.target
[Service]
Type=forking
PIDFile=/var/run/sockd.pid
ExecStart=/usr/local/sbin/sockd -f /etc/sockd.conf -D
[Install]
WantedBy=multi-user.target
Comments
0 comments
Article is closed for comments.