Wireless Connect Logo
Hello Guest! - Login
Contact Wireless Connect
SOCKS Proxy Server
Credit Cards Accepted
Back to Table Of Contents >>

General Information


This manual discusses the SOCKS proxy server which is implemented in RouterOS. MikroTik RouterOS supports SOCKS version 4.


Packages required: system
License required: Level1
Submenu level: /ip socks
Standards and Technologies: SOCKS version 4
Hardware usage: Not significant


SOCKS is a proxy server that allows TCP based application data to relay across the firewall, even if the firewall would block the packets. The SOCKS protocol is independent from application protocols, so it can be used for many services, e.g, WWW, FTP, TELNET, and others.

At first, an application client connects to the SOCKS proxy server, then the proxy server looks in its access list to see whether the client is permited to access the remote application resource or not, if it is permitted, the proxy server relies the packet to the application server and creates a connection between the application server and client.


Remember to configure your application client to use SOCKS version 4.

You should secure the SOCKS proxy using its access list and/or firewall to disallow access from outisde. Failing to secure the proxy server may introduce security issues to your network, and may provide a way for spammers to send junk mail through the router.

Additional Resources

SOCKS Configuration


In this section you will learn how to enable the SOCKS proxy server and do its configuration.

Property Description

connection-idle-timeout (time; default: 2m) - time after which idle connections are terminatedenabled (yes | no; default: no) - whether to enable or no the SOCKS proxymax-connections (integer: 1..500; default: 200) - maxumum number of simultaneous connectionsport (integer: 1..65535; default: 1080) - TCP port on which the SOCKS server listens for connections


To enable SOCKS:

[admin@MikroTik] ip socks> set enabled=yes
[admin@MikroTik] ip socks> print
                    enabled: yes
                       port: 1080
    connection-idle-timeout: 2m
            max-connections: 200
[admin@MikroTik] ip socks>

Access List

Submenu level: /ip socks access


In the SOCKS access list you can add rules which will control access to SOCKS server. This list is similar to firewall lists.

Property Description

action (allow | deny; default: allow) - action to be performed for this rule

allow - allow packets, matching this rule, to be forwarded for further processing
deny - deny access for packets, matching this rule

dst-address (IP address/netmask) - destination (server's) addressdst-port (port) - destination TCP portsrc-address (IP address/netmask) - source (client's) address for a packetsrc-port (port) - source TCP port

Active Connections

Submenu level: /ip socks connections


The Active Connection list shows all established TCP connections, which are maintained through the SOCKS proxy server.

Property Description

dst-address (read-only: IP address) - destination (application server) IP addressrx (read-only: integer) - bytes receivedsrc-address (read-only: IP address) - source (application client) IP addresstx (read-only: integer) - bytes senttype (read-only: in | out | unknown) - connection type

in - incoming connection
out - outgoing connection
unknown - connection has just been initiated


To see current TCP connections:

[admin@MikroTik] ip socks connections> print
 # SRC-ADDRESS                DST-ADDRESS                TX         RX
 0          4847       2880
 1          3408       2127
 2            10172      25207
 3              474        1629
 4            6477       18695
 5            4137       27568
 6            1712       14296
 7             314        208
 8             934        524
 9             930        524
10             312        158
11             312        158
[admin@MikroTik] ip socks connections>

Application Examples

FTP service through SOCKS server

Let us consider that we have a network which is masqueraded, using a router with a public IP and a private IP Somewhere in the network is an FTP server with IP address We want to allow access to this FTP server for a client in our local network with IP address

We have already masqueraded our local network:

[admin@MikroTik] ip firewall nat> print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=srcnat action=masquerade src-address=
[admin@MikroTik] ip firewall nat>

And the access to public FTP servers is denied in firewall:

[admin@MikroTik] ip firewall filter> print
Flags: X - disabled, I - invalid, D - dynamic
 0   chain=forward action=drop src-address= dst-port=21 protocol=tcp
[admin@MikroTik] ip firewall filter>

We need to enable the SOCKS server:

[admin@MikroTik] ip socks> set enabled=yes
[admin@MikroTik] ip socks> print
                    enabled: yes
                       port: 1080
    connection-idle-timeout: 2m
            max-connections: 200
[admin@MikroTik] ip socks>

Add access to a client with an IP address to SOCKS access list, allow data transfer from FTP server to client (allow destionation ports from 1024 to 65535 for any IP address), and drop everything else:

[admin@MikroTik] ip socks access> add src-address= dst-port=21 \
\... action=allow
[admin@MikroTik] ip socks access> add dst-port=1024-65535 action=allow
[admin@MikroTik] ip socks access> add action=deny
[admin@MikroTik] ip socks access> print
Flags: X - disabled
 0   src-address= dst-port=21 action=allow
 1   dst-port=1024-65535 action=allow
 2   action=deny
[admin@MikroTik] ip socks access>

That's all - the SOCKS server is configured. To see active connections and data transmitted and received:

[admin@MikroTik] ip socks connections> print
 # SRC-ADDRESS                DST-ADDRESS                TX         RX
 0                 1163       4625
 1               0          3231744
[admin@MikroTik] ip socks connections>

Note! In order to use SOCKS proxy server, you have to specify its IP address and port in your FTP client. In this case IP address would be (local IP address of the router/SOCKS server) and TCP port 1080.

Back to Table Of Contents >>