Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/usr.sbin/faithd/faithd.8

243 lines
5.7 KiB
Groff
Raw Normal View History

add faithd, IPv6-to-IPv4 tcp relay translator. utilizes pseudo-device "faith".
1999-07-14 02:16:48 +04:00
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\" 3. Neither the name of the project nor the names of its contributors
.\" may be used to endorse or promote products derived from this software
.\" without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $NetBSD: faithd.8,v 1.1 1999/07/13 22:16:49 itojun Exp $
.\" KAME Id: faithd.8,v 1.1.2.6.4.5.2.5 1999/03/31 04:40:46 itojun Exp
.\"
.Dd May 17, 1998
.Dt FAITHD 8
.Os KAME
.Sh NAME
.Nm faithd
.Nd FAITH IPv6/v4 translator daemon
.Sh SYNOPSIS
.Nm faithd
.Op Fl dp
.Oo
.Ar service
.Oo
.Ar serverpath
.Op Ar serverargs
.Oc
.Oc
.Sh DESCRIPTION
.Nm
provides IPv6/v4 TCP relay for the specified
.Ar service .
.Pp
.Nm
must be invoked on IPv4/v6 dual stack router.
The router must be configured to capture all the TCP traffic
toward reserved IPv6 address prefix, by using
.Xr route 8
and
.Xr sysctl 8
commands.
.Nm
will daemonize itself on invocation.
.Pp
.Nm
will listen to TCPv6 port
.Ar service .
If TCPv6 traffic to port
.Ar service
is found,
.Nm
will relay the TCPv6 traffic to TCPv4.
Destination for relayed TCPv4 connection will be determined by the
last 4 octets of the original IPv6 destination.
For example, if
.Li 3ffe:0501:4819:ffff::
is reserved for
.Nm faithd ,
and the TCPv6 destination address is
.Li 3ffe:0501:4819:ffff::0a01:0101 ,
the traffic will be relayed to IPv4 destination
.Li 10.1.1.1 .
.Pp
If
.Ar service
is not given,
.Li telnet
is assumed, and
.Nm
will relay TCP traffic on TCP port
.Li telnet .
With
.Ar service ,
.Nm
will work as TCP relaying daemon for specified
.Ar service
as described above.
.Pp
Since
.Nm
listens to TCP port
.Ar service ,
it is not possible to run local TCP daemons for port
.Ar service
on the router, using
.Xr inetd 8
or other standard mechanisms.
By specifying
.Ar serverpath
to
.Nm faithd ,
you can run local daemons on the router.
.Nm
will invoke local daemon at
.Ar serverpath
if the destination address is local interface address,
and will perform translation to IPv4 TCP in other cases.
You can also specify
.Ar serverargs
for the arguments for the local daemon.
.Pp
To use
.Nm
translation service,
an IPv6 address prefix must be reserved for mapping IPv4 addresses into.
Kernel must be properly configured to route all the TCP connection
toward the reserved IPv6 address prefix into the
.Dv faith
pseudo interface, by using
.Xr route 8
command.
Also,
.Xr sysctl 8
should be used to configure
.Dv net.inet6.ip6.keepfaith
to
.Dv 1 .
.Pp
If
.Fl d
is given, debugging information will be generated using
.Xr syslog 3 .
If
.Fl p
is given,
.Nm
will use privileged TCP port number as source port,
for IPv4 TCP connection toward final destination.
For relaying
.Xr ftp 1
and
.Xr rlogin 1 ,
.Fl p
is not necessary as special program code is supplied.
.Pp
.Nm
will relay both normal and out-of-band TCP data.
It is capable of emulating TCP half close as well.
.Nm
includes special support for protocols used by
.Xr ftp 1
and
.Xr rlogin 1 .
When translating FTP protocol,
.Nm
translates network level addresses in
.Li PORT/LPRT/EPRT
and
.Li PASV/LPSV/EPSV
commands.
For RLOGIN protocol,
.Nm
will relay back connection from
.Xr rogind 8
on the server to
.Xr rlogin 1
on client.
.Pp
Inactive sessions will be disconnected in 30 minutes,
to avoid stale sessions from chewing up resources.
This may be inappropriate for some of the services
.Po
should this be configurable?
.Pc .
.\"
.Sh EXAMPLES
To translate
.Li telnet
service, and provide no local telnet service, invoke
.Nm
as either of the following:
.Bd -literal -offset
# faithd
# faithd telnet
.Ed
.Pp
If you would like to provide local telnet service via
.Xr telnetd 8
on
.Li /usr/local/v6/libexec/telnetd ,
user the following command line:
.Bd -literal -offset
# faithd telnet /usr/local/v6/libexec/telnetd telnetd
.Ed
.Pp
If you would like to pass extra arguments to the local daemon:
.Bd -literal -offset
# faithd ftpd /usr/local/v6/libexec/ftpd ftpd -l
.Ed
.Pp
Here are some other examples:
.Bd -literal -offset
# faithd login /usr/local/v6/libexec/rlogin rlogind
# faithd shell /usr/local/v6/libexec/rshd rshd
# faithd sshd
.Ed
.\"
.Sh RETURN VALUES
.Nm
exits with
.Dv EXIT_SUCCESS
.Pq 0
on success, and
.Dv EXIT_FAILURE
.Pq 1
on error.
.\"
.Sh SEE ALSO
.Xr route 8 ,
.Xr sysctl 8
.\"
.Sh SECURITY NOTICE
It is very insecure to use
.Xr rhosts 5
and other IP-address based authentication, for connections relayed by
.Nm
.Po
and any other TCP relaying services
.Pc .
.\"
.Sh HISTORY
The
.Nm
command first appeared in WIDE Hydrangea IPv6 protocol stack kit.