diff options
author | shin <shin@FreeBSD.org> | 2000-01-27 09:28:38 +0000 |
---|---|---|
committer | shin <shin@FreeBSD.org> | 2000-01-27 09:28:38 +0000 |
commit | ce15efb7c04858f00b57c16093d4a3043809048e (patch) | |
tree | 8b3d00f78a4a5a34cc3b17e29c28b4472d93a35c /usr.sbin/faithd/faithd.8 | |
parent | dcbae417f8f4365a5eea807290162acd308b720d (diff) | |
download | FreeBSD-src-ce15efb7c04858f00b57c16093d4a3043809048e.zip FreeBSD-src-ce15efb7c04858f00b57c16093d4a3043809048e.tar.gz |
another tcp apps IPv6 updates.(should be make world safe)
ftp, telnet, ftpd, faithd
also telnet related sync with crypto, secure, kerberosIV
Obtained from: KAME project
Diffstat (limited to 'usr.sbin/faithd/faithd.8')
-rw-r--r-- | usr.sbin/faithd/faithd.8 | 256 |
1 files changed, 256 insertions, 0 deletions
diff --git a/usr.sbin/faithd/faithd.8 b/usr.sbin/faithd/faithd.8 new file mode 100644 index 0000000..2f62ed3 --- /dev/null +++ b/usr.sbin/faithd/faithd.8 @@ -0,0 +1,256 @@ +.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. Neither the name of the project nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $Id: faithd.8,v 1.3 1999/10/07 04:22:14 itojun Exp $ +.\" $FreeBSD$ +.\" +.Dd January 27, 2000 +.Dt FAITHD 8 +.Os KAME +.Sh NAME +.Nm faithd +.Nd FAITH IPv6/v4 translator daemon +.Sh SYNOPSIS +.Nm faithd +.Op Fl dp +.Oo +.Ar service +.Oo +.Ar serverpath +.Op Ar serverargs +.Oc +.Oc +.Sh DESCRIPTION +.Nm +provides IPv6/v4 TCP relay for the specified +.Ar service . +.Pp +.Nm +must be invoked on IPv4/v6 dual stack router. +The router must be configured to capture all the TCP traffic +toward reserved IPv6 address prefix, by using +.Xr route 8 +and +.Xr sysctl 8 +commands. +.Nm +will daemonize itself on invocation. +.Pp +.Nm +will listen to TCPv6 port +.Ar service . +If TCPv6 traffic to port +.Ar service +is found, +.Nm +will relay the TCPv6 traffic to TCPv4. +Destination for relayed TCPv4 connection will be determined by the +last 4 octets of the original IPv6 destination. +For example, if +.Li 3ffe:0501:4819:ffff:: +is reserved for +.Nm faithd , +and the TCPv6 destination address is +.Li 3ffe:0501:4819:ffff::0a01:0101 , +the traffic will be relayed to IPv4 destination +.Li 10.1.1.1 . +.Pp +If +.Ar service +is not given, +.Li telnet +is assumed, and +.Nm +will relay TCP traffic on TCP port +.Li telnet . +With +.Ar service , +.Nm +will work as TCP relaying daemon for specified +.Ar service +as described above. +.Pp +Since +.Nm +listens to TCP port +.Ar service , +it is not possible to run local TCP daemons for port +.Ar service +on the router, using +.Xr inetd 8 +or other standard mechanisms. +By specifying +.Ar serverpath +to +.Nm faithd , +you can run local daemons on the router. +.Nm +will invoke local daemon at +.Ar serverpath +if the destination address is local interface address, +and will perform translation to IPv4 TCP in other cases. +You can also specify +.Ar serverargs +for the arguments for the local daemon. +.Pp +To use +.Nm +translation service, +an IPv6 address prefix must be reserved for mapping IPv4 addresses into. +Kernel must be properly configured to route all the TCP connection +toward the reserved IPv6 address prefix into the +.Dv faith +pseudo interface, by using +.Xr route 8 +command. +Also, +.Xr sysctl 8 +should be used to configure +.Dv net.inet6.ip6.keepfaith +to +.Dv 1 . +.Pp +If +.Fl d +is given, debugging information will be generated using +.Xr syslog 3 . +If +.Fl p +is given, +.Nm +will use privileged TCP port number as source port, +for IPv4 TCP connection toward final destination. +For relaying +.Xr ftp 1 +and +.Xr rlogin 1 , +.Fl p +is not necessary as special program code is supplied. +.Pp +.Nm +will relay both normal and out-of-band TCP data. +It is capable of emulating TCP half close as well. +.Nm +includes special support for protocols used by +.Xr ftp 1 +and +.Xr rlogin 1 . +When translating FTP protocol, +.Nm +translates network level addresses in +.Li PORT/LPRT/EPRT +and +.Li PASV/LPSV/EPSV +commands. +For RLOGIN protocol, +.Nm +will relay back connection from +.Xr rlogind 8 +on the server to +.Xr rlogin 1 +on client. +.Pp +Inactive sessions will be disconnected in 30 minutes, +to avoid stale sessions from chewing up resources. +This may be inappropriate for some of the services +.Po +should this be configurable? +.Pc . +.\" +.Sh EXAMPLES +Before invoking +.Nm faithd , +.Xr faith 4 +interface has to be configured properly. +.Pp +To translate +.Li telnet +service, and provide no local telnet service, invoke +.Nm +as either of the following: +.Bd -literal -offset +# faithd +# faithd telnet +.Ed +.Pp +If you would like to provide local telnet service via +.Xr telnetd 8 +on +.Pa /usr/local/v6/libexec/telnetd , +user the following command line: +.Bd -literal -offset +# faithd telnet /usr/local/v6/libexec/telnetd telnetd +.Ed +.Pp +If you would like to pass extra arguments to the local daemon: +.Bd -literal -offset +# faithd ftpd /usr/local/v6/libexec/ftpd ftpd -l +.Ed +.Pp +Here are some other examples: +.Bd -literal -offset +# faithd login /usr/local/v6/libexec/rlogin rlogind +# faithd shell /usr/local/v6/libexec/rshd rshd +# faithd sshd +.Ed +.\" +.Sh RETURN VALUES +.Nm +exits with +.Dv EXIT_SUCCESS +.Pq 0 +on success, and +.Dv EXIT_FAILURE +.Pq 1 +on error. +.\" +.Sh SEE ALSO +.Xr faith 4 , +.Xr route 8 , +.Xr sysctl 8 +.Rs +.%A Jun-ichiro itojun Hagino +.%A Kazu Yamamoto +.%T "An IPv6-to-IPv4 transport relay translator" +.%R internet draft +.%N draft-ietf-ngtrans-tcpudp-relay-00.txt +.%O work in progress material +.Re +.\" +.Sh SECURITY NOTICE +It is very insecure to use +.Xr rhosts 5 +and other IP-address based authentication, for connections relayed by +.Nm +.Po +and any other TCP relaying services +.Pc . +.\" +.Sh HISTORY +The +.Nm +command first appeared in WIDE Hydrangea IPv6 protocol stack kit. |