.TH SOCKD.ROUTE 5 "May 6, 1996" .SH NAME sockd.route \- Route file for multi-homed SOCKS proxy server .SH SYNOPSIS \fB/etc/sockd.route\fP .SH DESCRIPTION The file \fB/etc/sockd.route\fP is used by the SOCKS server program \fIsockd\fP to determine which of its network interfaces it should use to reach a given destination host. It is needed only if your SOCKS server host is multi-homed \fIand\fR your version of sockd supports RBIND. A multi-homed host is a host with more than one network interfaces and with its IP_FORWARDING turned off. Only the multi-homed version of \fIsockd\fP can be run on such hosts. You can find out the version of your sockd (or rsockd) by command .nf .+1 \fBsockd -ver\fP .-1 or .+1 \FBrsockd -ver\fP .-1 .fi A line in the file can be up to 1024 characters long. Lines starting with a `#' are comments. Non-comment lines must be of the form \fIif_addr dst_addr dst_mask\fR All three fields are required and are separated by spaces or tabs. Each filed is specified in the usual dotted form of IP addresses, e.g., 128.23.16.2. \fIif_addr\fR must be the IP address of one of the network interfaces on the SOCKS server host. \fIdst_addr\fR specifies either the IP address of a host, a network, or a subnet in the usual dotted form, e.g., \fB129.201.4.0\fP, or a domain name, e.g., \fBinternic.net\fP. \fIdst_mask\fR specifies mask for the IP address used in \fIdst_addr\fR. Bits in \fIdst_mask\fP that are set to 0 indicate the bit positions to be ignored during comparison of IP addresses. So, specifying 255.255.255.255 in \fIdst_mask\fP demands an exact match with \fIdst_addr\fP, whereas 0.0.0.0 in \fIdst_mask\fP causes a matching with any given destination address regardless of what is specified for \fIdst_addr\fP. If a domain name is used for \fIdst_addr\fR, the contents of \fIdst_mask\fR are ignored, though it must still be supplied (simply use 0.0.0.0). If the domain name starts with a period, it specifies a zone and matches all domain names within that zone, otherwise it matches only the domain name itself. For example, \fBxyz.com\fP matches only xyz.comP, while \fB.xyz.com\fP macthes not only xyz.com, but also abc.xyz.com and this.and.that.xyz.com, among others. The special symbol \fBALL\fP (which must be entirely in uppercase) matches everything. Domain names are otherwise case-insentive. When using a domain name in \fIdst_addr\fP, you have be very careful in maintaining your DNS setup. See the last few paragraphs in \fIsockd.conf\fP(5). When a multi-homed \fIsockd\fP receives a network request, it first checks with \fB/etc/sockd.fc\fP (or \fB/etc/sockd.conf\fP) to decide whether the request should be allowed or denied. For an allowable request, \fIsockd\fP then checks the given destination IP address or domain name against the \fIdst_addr dst_mask\fP pair in \fB/etc/sockd.route\fP, one line at a line. Once a match is found, the network interface of the corresponding \fIif_addr\fR field is used for connection to the destination host. Remaining lines in the file are skipped. Therefore the order of the lines in the file is of extreme importance. If no match is found throughout the file, a line indicating the error is produced using \fIsyslog\fP with facility \fBdaemon\fP and level \fIerr\fP and the request is ignored. You have the option of using the frozen route file \fB/etc/sockd.fr\fP instead of \fB/etc/sockd.route\fP. The frosen file is produced by \fImake_sockdfr\fR and is essentially the memory image of the parsed route file. Using it can reduce the start-up delay of the SOCKS server since it eliminate the need for parsing. Since the SOCKS server always looks for \fB/etc/sockd.fr\fP first, be sure that you always run \fImake_sockdfr\fR every time after you modifify \fB/etc/sockd.route\fP. .SH EXAMPLES Suppose you have a dual-homed host with interface 129.1.2.3 connecting to your internal Class B network 129.1, and interface 129.1.254.1 connecting to the outside world. If you only use the SOCKS server to provide connections to outside hosts, then the file \fB/etc/sockd.route\fP only needs one line: .nf .+1 129.1.254.1 0.0.0.0 0.0.0.0 .fi .-1 If you also use the SOCKS server to provide connection to internal hosts as well, then two lines would suffice: .nf .+1 129.1.2.3 129.1.0.0 255.255.0.0 129.1.254.1 0.0.0.0 0.0.0.0 .fi .-1 Note that these two lines must be in the order given above. If you prefer using domain name instead, the lines should be .nf .+1 129.1.2.3 .myown.com 0.0.0.0 129.1.254.1 0.0.0.0 0.0.0.0 .fi .-1 assuming that myown.com is your domain. .SH SEE ALSO \fIdump_sockdfr\fP(8), \fImake_sockdfr\fP(8), \fIsockd\fP(8), \fIsockd.fr\fP(5)