![]() ![]() |
In this example we have two users, SSHSP
and SSHSPB
, and two started tasks, SSHSP
and SSHSPB
, for two Tectia SOCKS Proxies:
SSHSP
: this started task is assigned to userSSHSP
and uses stackTCPIP
://STDENV DD DSN=
<HLQ>
.V663.PARMLIB(SSHENV), // DISP=SHR // DD DSN=<HLQ>
.V663.PARMLIB(TCPIP
),DISP=SHRSSHSPB
: this started task is assigned to userSSHSPB
and uses stackTCPIPB
://STDENV DD DSN=
<HLQ>
.V663.PARMLIB(SSHENV), // DISP=SHR // DD DSN=<HLQ>
.V663.PARMLIB(TCPIPB
),DISP=SHR
The IP address of the SOCKS Proxy in stack TCPIP
is 198.51.100.1
, and the IP address of the SOCKS Proxy in stack TCPIPB
is 198.51.100.2
. The SOCKS Proxies are used to connect to remote servers at 203.0.113.1
and 203.0.113.2
.
You can run the two SOCKS proxies on a dual stack z/OS in two ways:
Using two SOCKS Proxy configuration files with different network listeners (see Example D.1)
Using one global SOCKS Proxy configuration file, and creating network listeners on both TCP/IP stacks' loopback address (see Example D.2). You can also use two separate SOCKS Proxy configuration files if you want to have different rules for the other stack connections.
Example D.1. Two configuration files with different network listeners
Add the following elements to the SSHSP
configuration file (/u/SSHSP/.ssh2/ssh-socks-proxy-config.xml
):
... <profile name="dynamic-ftp" id="id1" host="" port="22" user=""> </profile> ... <!-- SOCKS proxy needs its own listener for SOCKS. --> <tunnel type="socks-proxy" listen-address="198.51.100.1" listen-port="1080" dst-port="0" profile="" /> ... <rule ip-address="203.0.113.1" ports="21" action="ftp-proxy" profile-id="id1" username-from-app="YES" hostname-from-app="YES" fallback-to-plain="NO" /> ...
Add the following elements to the SSHSPB
configuration file (/u/SSHSPB/.ssh2/ssh-socks-proxy-config.xml
):
... <profile name="dynamic-ftp" id="id1" host="" port="22" user=""> </profile> ... <!-- SOCKS proxy needs its own listener for SOCKS. --> <tunnel type="socks-proxy" listen-address="198.51.100.2 listen-port="1080" dst-port="0" profile="" /> ... <rule ip-address="203.0.113.2" ports="21" action="ftp-proxy" profile-id="id1" username-from-app="YES" hostname-from-app="YES" fallback-to-plain="NO" /> ...
Define the IP addresses of the SOCKS Proxies in the socks.conf
file:
sockd @=198.51.100.1
203.0.113.1
255.255.255.0 sockd @=198.51.100.2
203.0.113.2
255.255.255.0 direct 0.0.0.0 0.0.0.0
Example D.2. Network listeners on TCP/IP stacks' loopback address
Add the following elements to the global SOCKS Proxy configuration file (/opt/tectia/etc/ssh-socks-proxy-config.xml
):
... <profile name="dynamic-ftp" id="id1" host="" port="22" user=""> </profile> ... <!-- SOCKS proxy needs its own listener for SOCKS. --> <tunnel type="socks-proxy" listen-address="127.0.0.1" listen-port="1080" dst-port="0" profile="" /> ... <rule ip-address="203.0.113.*" ports="21" action="ftp-proxy" profile-id="id1" username-from-app="YES" hostname-from-app="YES" fallback-to-plain="NO" /> ...
Create listeners on both TCP/IP stacks' loopback address (127.0.0.1
) in the socks.conf
file:
sockd @=127.0.0.1203.0.113.1
255.255.255.255 sockd @=127.0.0.1203.0.113.2
255.255.255.0 direct 0.0.0.0 0.0.0.0