faithd(8) - NetBSD Manual Pages

FAITHD(8)               NetBSD System Manager's Manual               FAITHD(8)


NAME
faithd - FAITH IPv6/v4 translator daemon
SYNOPSIS
faithd [-dp] [service [serverpath [serverargs]]]
DESCRIPTION
faithd provides IPv6/v4 TCP relay for the specified service. faithd must be invoked on IPv4/v6 dual stack router. The router must be configured to capture all the TCP traffic toward reserved IPv6 address prefix, by using route(8) and sysctl(8) commands. faithd will daemonize itself on invocation. faithd will listen to TCPv6 port service. If TCPv6 traffic to port service is found, faithd will relay the TCPv6 traffic to TCPv4. Destina- tion for relayed TCPv4 connection will be determined by the last 4 octets of the original IPv6 destination. For example, if 3ffe:0501:4819:ffff:: is reserved for faithd, and the TCPv6 destination address is 3ffe:0501:4819:ffff::0a01:0101, the traffic will be relayed to IPv4 des- tination 10.1.1.1. If service is not given, telnet is assumed, and faithd will relay TCP traffic on TCP port telnet. With service, faithd will work as TCP relay- ing daemon for specified service as described above. Since faithd listens to TCP port service, it is not possible to run local TCP daemons for port service on the router, using inetd(8) or other stan- dard mechanisms. By specifying serverpath to faithd, you can run local daemons on the router. faithd will invoke local daemon at serverpath if the destination address is local interface address, and will perform translation to IPv4 TCP in other cases. You can also specify serverargs for the arguments for the local daemon. To use faithd translation service, an IPv6 address prefix must be re- served for mapping IPv4 addresses into. Kernel must be properly config- ured to route all the TCP connection toward the reserved IPv6 address prefix into the faith pseudo interface, by using route(8) command. Also, sysctl(8) should be used to configure net.inet6.ip6.keepfaith to 1. If -d is given, debugging information will be generated using syslog(3). If -p is given, faithd will use privileged TCP port number as source port, for IPv4 TCP connection toward final destination. For relaying ftp(1) and rlogin(1), -p is not necessary as special program code is sup- plied. faithd will relay both normal and out-of-band TCP data. It is capable of emulating TCP half close as well. faithd includes special support for protocols used by ftp(1) and rlogin(1). When translating FTP protocol, faithd translates network level addresses in PORT/LPRT/EPRT and PASV/LPSV/EPSV commands. For RLOGIN protocol, faithd will relay back connection from rlogind(8) on the server to rlogin(1) on client. Inactive sessions will be disconnected in 30 minutes, to avoid stale ses- sions from chewing up resources. This may be inappropriate for some of the services (should this be configurable?).
EXAMPLES
Before invoking faithd, faith(4) interface has to be configured properly. To translate telnet service, and provide no local telnet service, invoke faithd as either of the following: # faithd # faithd telnet If you would like to provide local telnet service via telnetd(8) on /usr/libexec/telnetd, user the following command line: # faithd telnet /usr/libexec/telnetd telnetd If you would like to pass extra arguments to the local daemon: # faithd ftpd /usr/libexec/ftpd ftpd -l Here are some other examples: # faithd sshd # faithd login /usr/libexec/rlogin rlogind # faithd shell /usr/libexec/rshd rshd However, you should be careful when translating rlogin or rsh connec- tions. See SECURITY NOTICE for more details.
RETURN VALUES
faithd exits with EXIT_SUCCESS (0) on success, and EXIT_FAILURE (1) on error.
SEE ALSO
faith(4), route(8), sysctl(8) Jun-ichiro itojun Hagino, and Kazu Yamamoto, An IPv6-to-IPv4 transport relay translator, internet draft, draft-ietf-ngtrans-tcpudp-relay-01.txt, work in progress material.
SECURITY NOTICE
It is very insecure to use rhosts(5) and other IP-address based authenti- cation, for connections relayed by faithd (and any other TCP relaying services). faithd itself does not implement access controls, as it intends to imple- ment transparent TCP relay services. Administrators are advised to fil- ter packets based on IPv6 address. IPv6 destination address can be lim- ited by carefully configuring routing entries that points to faith(4), using route(8). IPv6 source address needs to be filtered by using packet filters. Documents listed in SEE ALSO have more discussions on this top- ic.
HISTORY
The faithd command first appeared in WIDE Hydrangea IPv6 protocol stack kit. NetBSD 1.5.1 May 17, 1998 2

Powered by man-cgi (2024-08-26). Maintained for NetBSD by Kimmo Suominen. Based on man-cgi by Panagiotis Christias.