  |
     |
In this example we have two users, SSHSP and SSHSPB, and two started tasks, SSHSP and SSHSPB, for two Tectia SOCKS Proxies:
SSHSP: this started task is assigned to userSSHSPand uses stackTCPIP://STDENV DD DSN=
<HLQ>.V663.PARMLIB(SSHENV), // DISP=SHR // DD DSN=<HLQ>.V663.PARMLIB(TCPIP),DISP=SHR
The TCP/IP stack name is specified using the
_BPXK_SETIBMOPT_TRANSPORTenvironment variable that is set in<HLQ>.V663.PARMLIB(TCPIP):_BPXK_SETIBMOPT_TRANSPORT=
TCPIPSSHSPB: this started task is assigned to userSSHSPBand uses stackTCPIPB://STDENV DD DSN=
<HLQ>.V663.PARMLIB(SSHENV), // DISP=SHR // DD DSN=<HLQ>.V663.PARMLIB(TCPIPB),DISP=SHR
The IP address of the SOCKS Proxy in stack TCPIP is 198.51.100.1, and the IP address of the SOCKS Proxy in stack TCPIPB is 198.51.100.2. The SOCKS Proxies are used to connect to remote servers at 203.0.113.1 and 203.0.113.2.
You can run the two SOCKS proxies on a dual stack z/OS in two ways:
Using two SOCKS Proxy configuration files with different network listeners (see Example D.1)
Using one global SOCKS Proxy configuration file, and creating network listeners on both TCP/IP stacks' loopback address (see Example D.2). You can also use two separate SOCKS Proxy configuration files if you want to have different rules for the other stack connections.
Example D.1. Two configuration files with different network listeners
Add the following elements to the SSHSP configuration file (/u/SSHSP/.ssh2/ssh-socks-proxy-config.xml):
...
<profile name="dynamic-ftp"
id="id1"
host=""
port="22"
user="">
</profile>
...
<!-- SOCKS proxy needs its own listener for SOCKS. -->
<tunnel type="socks-proxy"
listen-address="198.51.100.1"
listen-port="1080"
dst-port="0"
profile="" />
...
<rule ip-address="203.0.113.1"
ports="21"
action="ftp-proxy"
profile-id="id1"
username-from-app="YES"
hostname-from-app="YES"
fallback-to-plain="NO" />
...Add the following elements to the SSHSPB configuration file (/u/SSHSPB/.ssh2/ssh-socks-proxy-config.xml):
...
<profile name="dynamic-ftp"
id="id1"
host=""
port="22"
user="">
</profile>
...
<!-- SOCKS proxy needs its own listener for SOCKS. -->
<tunnel type="socks-proxy"
listen-address="198.51.100.2
listen-port="1080"
dst-port="0"
profile="" />
...
<rule ip-address="203.0.113.2"
ports="21"
action="ftp-proxy"
profile-id="id1"
username-from-app="YES"
hostname-from-app="YES"
fallback-to-plain="NO" />
...Define the IP addresses of the SOCKS Proxies in the socks.conf file:
sockd @=198.51.100.1203.0.113.1255.255.255.0 sockd @=198.51.100.2203.0.113.2255.255.255.0 direct 0.0.0.0 0.0.0.0
Example D.2. Network listeners on TCP/IP stacks' loopback address
Add the following elements to the global SOCKS Proxy configuration file (/opt/tectia/etc/ssh-socks-proxy-config.xml):
...
<profile name="dynamic-ftp"
id="id1"
host=""
port="22"
user="">
</profile>
...
<!-- SOCKS proxy needs its own listener for SOCKS. -->
<tunnel type="socks-proxy"
listen-address="127.0.0.1"
listen-port="1080"
dst-port="0"
profile="" />
...
<rule ip-address="203.0.113.*"
ports="21"
action="ftp-proxy"
profile-id="id1"
username-from-app="YES"
hostname-from-app="YES"
fallback-to-plain="NO" />
...Create listeners on both TCP/IP stacks' loopback address (127.0.0.1) in the socks.conf file:
sockd @=127.0.0.1203.0.113.1255.255.255.255 sockd @=127.0.0.1203.0.113.2255.255.255.0 direct 0.0.0.0 0.0.0.0
| |
Copyright 
2017 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information