Forum Discussion

Brabik's avatar
Brabik
Icon for Nimbostratus rankNimbostratus
Apr 21, 2017

SOCKS proxy with authentication

Hello,   I have a request to set up F5 as SOCKS proxy server with user authentication. While I have been successful in configuring VS which will server SOCKS requests, I am struggling to find a wa...
devops
iRules
LTM
Brabik's avatar
Brabik
Icon for Nimbostratus rankNimbostratus
May 14, 2018

Hi, our solution is based on two daisy-chained virtual servers The latter VS contains standard SOCKS proxy configuration and is configured on non-default port:

ltm virtual VS_SOCKS_proxy {
destination 192.168.1.100:1081
ip-protocol tcp
mask 255.255.255.255
partition Common
profiles {
    /Common/PF_SOCKS { }
    /Common/tcp { }
}
rules {
    IR_SOCKS_WHITELIST
}
source 0.0.0.0/0
source-address-translation {
     type automap
}
translate-address enabled
translate-port enabled
vs-index 64
}
  • iRule IR_SOCKS_WHITELIST whitelists only specific destination IPs behind the SOCKS tunnel in order to keep the network secure

The first Virtual server which is in front of the previous one is the VS enforcing the user authentication utilizing IR_SOCKS_basic-auth_EMEA iRule which we obtained from F5 Professional Services

ltm virtual VS_SOCKS_auth_emea {
destination 192.168.1.100:1080
ip-protocol tcp
mask 255.255.255.255
partition Common
profiles {
    /Common/tcp { }
}
rules {
    IR_SOCKS_basic-auth_EMEA
}
source 0.0.0.0/0
source-address-translation {
    type automap
}
translate-address enabled
translate-port enabled
vs-index 63
}