| RINETD(8) | Unix System Manager's Manual | RINETD(8) |
|---|
NAME
rinetd -- internet ``redirection server''
SYNOPSIS
/usr/sbin/rinetd
VERSION
Version 0.41, 2/11/1998.
WHERE TO GET
By
anonymous FTP from ftp.boutell.com in the subdirectory
boutell/rinetd as the file rinetd.tar.gz.
DESCRIPTION
Redirects TCP connections from one IP address and port to another. rinetd
is a single-process server which handles any number of connections to
the address/port pairs specified in the file /etc/rinetd.conf.
Since rinetd runs as a single process using nonblocking I/O, it is
able to redirect a large number of connections without a severe
impact on the machine. This makes it practical to run TCP services
on machines inside an IP masquerading firewall.
rinetd should be launched at boot time, using the following syntax:
/usr/sbin/rinetd
The format of /etc/rinetd.conf is as follows:
bindaddress bindport connectaddress connectport
For example:
206.125.69.81 80 10.1.1.2 80
Would redirect all connections to port 80 of the "real" IP address 206.125.69.81, which could be a virtual interface, through rinetd to port 80 of the address 10.1.1.2, which would typically be a machine on the inside of a firewall which has no direct routing to the outside world.
Service names can be specified instead of port numbers. On most systems, service names are defined in the file /etc/services.
Both IP addresses and hostnames are accepted for bindaddress and connectaddress.
rinetd redirects TCP connections only. There is no support for UDP.
The kill -1 signal (SIGHUP) can be used to cause rinetd to reload its configuration file without interrupting existing connections (this was added in version 0.4). Under Linux\(tm the process id is saved in the file \fI/var/run/rinetd.pid\fR to facilitate the kill -HUP (added in version 0.41).
BUGS
rinetd does not currently produce any log information. The
server redirected to is not able to identify the host the
client really came from. Sockets would theoretically lose
data when closed with SO_LINGER turned off, but in Linux
this is not the case (kernel source comments support this
belief on my part). On non-Linux platforms, alternate code
which uses a different trick to work around blocking close()
is provided, but this code is untested. The manpage
is sketchy.
LICENSE
Copyright (c) 1997, 1998, Thomas Boutell and Boutell.Com, Inc. This software is released for free use under the terms of the GNU Public License, version 2 or higher.
CONTACT INFORMATION
See the rinetd web page for the latest release. Thomas Boutell can be reached by email: boutell@boutell.com
THANKS
Thanks are due to Bill Davidsen.