"Fossies" - the Fresh Open Source Software Archive

Member "portfwd-0.29/contrib/suggestions.txt" (15 May 2001, 3329 Bytes) of package /linux/privat/old/portfwd-0.29.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 
    2 Hi,
    3 
    4 I'm trying to switch from stone as a port forwarder to portfwd.
    5 If you don't know stone:
    6 ----------------------------------------------------------------------------
    7 kenny:~# dpkg --status stone
    8 Package: stone
    9 Status: install ok installed
   10 Priority: optional
   11 Section: net
   12 Installed-Size: 124
   13 Maintainer: Takuo KITAME  <kitame@northeye.org> 
   14 Version: 2.1-1
   15 Depends: libc6 (> = 2.1)
   16 Description: TCP/IP packet repeater in the application layer.
   17  TCP/IP packet repeater in the application layer.
   18  It repeats TCP and UDP packets from inside to outside of a firewall, or from
   19  outside to inside.
   20 ----------------------------------------------------------------------------
   21 
   22 While portfwd  is more  configurable than  stone, it  suffers from  the same
   23 problem:
   24 If I have an opened TCP connection that is being forwarded by portfwd, and I
   25 restart it, I get:
   26 portfwd[25529]: listen: Can't bind TCP socket: Address already in use: 
   27 198.186.202.178:80
   28 portfwd[25529]: socket_close(): shutdown() on socket FD 4 failed: Transport 
   29 endpoint is not connected
   30 portfwd[25529]: Child exiting (!)
   31 
   32 This is  bad because if  a sysadmin  restarts portfwd, everything  looks ok,
   33 except that  one port (or  more) isn't being  forwarded, and no  one notices
   34 until ssomeone complains.
   35 
   36 Suggestions:
   37 1) If there is any fatal error (syntax of conf file or failed bind), portfwd
   38    should really output this on stderr too for the sysadmin to see right away
   39 
   40 2) portfwd should have an option to retry binds once a second for a 
   41    configurable number of times so that in the case above, the bind hopefully
   42    succeeds eventually.
   43 
   44 Do you agree with my suggestions?
   45 If so,  I need to  fix our setup  fairly quickly, which  I will do  by using
   46 another program,  or with  a shell  script wrapper,  but if  the suggestions
   47 above are easy to implement and you  think you can do them fairly quickly, I
   48 can wait for the next version too.
   49 
   50 Let me know. Thanks in advance.
   51 
   52 
   53 As another suggestions,  the transparent proxying option could  be an option
   54 in the config file. The reason for this is that my forwarding machine is not
   55 my gateway, but  it can still transparently proxy udp  connections (the fact
   56 that the  ip of returning packets  is different doesn't prevent  things like
   57 syslog from working)
   58 
   59 Either way, I tried  with two portfwd and two config files  (one for TCP and
   60 one for UDP with -t) and I got:
   61 
   62 portfwd[30002]: UDP packet from: 198.186.202.1:3340 
   63 portfwd[30002]: UDP forward: 198.186.202.1:3340 =>  10.1.0.37:514
   64 portfwd[30002]: host_map::udp_forward: Transparent proxy - Binding to local 
   65 address: 198.186.202.1:0
   66 portfwd[30002]: host_map::udp_forward: Can't bind UDP socket to client address: 
   67 Cannot assign requested address: 198.186.202.1:0
   68 portfwd[30002]: socket_close(): shutdown() on socket FD 5 failed: Transport 
   69 endpoint is not connected
   70 
   71 My kernel is compiled with: CONFIG_IP_TRANSPARENT_PROXY=y
   72 
   73 Any idea why transparent proxying isn't working?
   74 
   75 Thanks,
   76 Marc
   77 
   78 PS: In your init script, you do killall portfwd in the stop section.  That's
   79 actually  a bad  idea  because  it kills  the  /etc/init.d/portfwd too,  and
   80 prevents the  addition of a restart  section that does stop  and start.  One
   81 quick  fix is  to call  your  init script  /etc/init.d/portfwd.init so  that
   82 killall doesn't kill it :-)
   83 
   84 Marc Merlin <marc@merlins.org>
   85