man rinetd Command

Man page for apt-get rinetd Command

Man Page for rinetd in Linux

Ubuntu Man Command : man rinetd

Man Rinetd  Command

This tutorial shows the man page for man rinetd in linux.

Open terminal with 'su' access and type the command as shown below:
man rinetd

Result of the Command Execution shown below:

RINETD(8)                 BSD System Manager's Manual                RINETD(8)

NAME
rinetd internet ``redirection server''

SYNOPSIS
/usr/sbin/rinetd

VERSION
Version 0.62, 04/14/2003.

DESCRIPTION
rinetd redirects TCP connections from one IP address and port to another.
rinetd is a single process server which handles any number of connections
to the address/port pairs specified in the file /etc/rinetd.conf. Since
rinetd runs as a single process using nonblocking I/O, it is able to re
direct a large number of connections without a severe impact on the
machine. This makes it practical to run TCP services on machines inside
an IP masquerading firewall. rinetd does not redirect FTP, because FTP
requires more than one socket.

rinetd is typically launched at boot time, using the following syntax:

/usr/sbin/rinetd

The configuration file is found in the file /etc/rinetd.conf, unless
another file is specified using the c command line option.

FORWARDING RULES
Most entries in the configuration file are forwarding rules. The format
of a forwarding rule is as follows:

bindaddress bindport connectaddress connectport

For example:

206.125.69.81 80 10.1.1.2 80

Would redirect all connections to port 80 of the "real" IP address
206.125.69.81, which could be a virtual interface, through rinetd to port
80 of the address 10.1.1.2, which would typically be a machine on the
inside of a firewall which has no direct routing to the outside world.

Although responding on individual interfaces rather than on all inter
faces is one of rinetd's primary features, sometimes it is preferable to
respond on all IP addresses that belong to the server. In this situa
tion, the special IP address 0.0.0.0 can be used. For example:

0.0.0.0 23 10.1.1.2 23

Would redirect all connections to port 23, for all IP addresses assigned
to the server. This is the default behavior for most other programs.

Service names can be specified instead of port numbers. On most systems,
service names are defined in the file /etc/services.

Both IP addresses and hostnames are accepted for bindaddress and connec
taddress.

ALLOW AND DENY RULES
Configuration files can also contain allow and deny rules.

Allow rules which appear before the first forwarding rule are applied
globally: if at least one global allow rule exists, and the address of a
new connection does not satisfy at least one of the global allow rules,
that connection is immediately rejected, regardless of any other rules.

Allow rules which appear after a specific forwarding rule apply to that
forwarding rule only. If at least one allow rule exists for a particular
forwarding rule, and the address of a new connection does not satisfy at
least one of the allow rules for that forwarding rule, that connection is
immediately rejected, regardless of any other rules.

Deny rules which appear before the first forwarding rule are applied
globally: if the address of a new connection satisfies any of the global
allow rules, that connection is immediately rejected, regardless of any
other rules.

Deny rules which appear after a specific forwarding rule apply to that
forwarding rule only. If the address of a new connection satisfies any of
the deny rules for that forwarding rule, that connection is immediately
rejected, regardless of any other rules.

The format of an allow rule is as follows:

allow pattern

Patterns can contain the following characters: 0, 1, 2, 3, 4, 5, 6, 7, 8,
9, . (period), ?, and *. The ? wildcard matches any one character. The *
wildcard matches any number of characters, including zero.

For example:

allow 206.125.69.*

This allow rule matches all IP addresses in the 206.125.69 class C
domain.

Host names are NOT permitted in allow and deny rules. The performance
cost of looking up IP addresses to find their corresponding names is pro
hibitive. Since rinetd is a single process server, all other connections
would be forced to pause during the address lookup.

LOGGING
rinetd is able to produce a log file in either of two formats: tab delim
ited and web server style "common log format."

By default, rinetd does not produce a log file. To activate logging, add
the following line to the configuration file:

logfile log file location

Example: logfile /var/log/rinetd.log

By default, rinetd logs in a simple tab delimited format containing the
following information:

Date and time

Client address

Listening host

Listening port

Forwarded to host

Forwarded to port

Bytes received from client

Bytes sent to client

Result message

To activate web server style "common log format" logging, add the follow
ing line to the configuration file:

logcommon

COMMAND LINE OPTIONS
The c command line option is used to specify an alternate configuration
file.

The f command line option is used to run rinetd in the foreground, with
out forking to the background.

The h command line option produces a short help message.

The v command line option displays the version number.

REINITIALIZING RINETD
The kill 1 signal (SIGHUP) can be used to cause rinetd to reload its
configuration file without interrupting existing connections. Under
Linuxtm the process id is saved in the file /var/run/rinetd.pid to facil
itate the kill HUP. An alternate filename can be provided by using the
pidlogfile configuration file option.


LIMITATIONS
rinetd redirects TCP connections only. There is no support for UDP.
rinetd only redirects protocols which use a single TCP socket. This rules
out FTP.

BUGS
The server redirected to is not able to identify the host the client
really came from. This cannot be corrected; however, the log produced by
rinetd provides a way to obtain this information. Under Unix, Sockets
would theoretically lose data when closed with SO_LINGER turned off, but
in Linux this is not the case (kernel source comments support this belief
on my part). On non Linux Unix platforms, alternate code which uses a
different trick to work around blocking close() is provided, but this
code is untested. The logging is inadequate. The duration of each con
nection should be logged.

LICENSE
Copyright (c) 1997, 1998, 1999, Thomas Boutell and Boutell.Com, Inc.
This software is released for free use under the terms of the GNU Public
License, version 2 or higher. NO WARRANTY IS EXPRESSED OR IMPLIED. USE
THIS SOFTWARE AT YOUR OWN RISK.

CONTACT INFORMATION
See http://www.boutell.com/rinetd/ for the latest release. Thomas
Boutell can be reached by email: boutell@boutell.com

THANKS
Thanks are due to Bill Davidsen, Libor Pechachek, Sascha Ziemann, the
Apache Group, and many others who have contributed advice and/or source
code to this and other free software projects.

LINUX February 18, 1999 LINUX


Related Topics

Apt Get Commands