NAME¶
sockd.route - Route file for multi-homed SOCKS proxy server
SYNOPSIS¶
/etc/sockd.route
DESCRIPTION¶
The file
/etc/sockd.route is used by the SOCKS server program
sockd to determine which of its network interfaces it should use to
reach a given destination host. It is needed only if your SOCKS server host is
multi-homed
and your version of sockd supports RBIND. A multi-homed
host is a host with more than one network interfaces and with its
IP_FORWARDING turned off. Only the multi-homed version of
sockd can be
run on such hosts. You can find out the version of your sockd (or rsockd) by
command
sockd -ver
or
rsockd -ver
A line in the file can be up to 1024 characters long. Lines starting with a `#'
are comments. Non-comment lines must be of the form
if_addr dst_addr dst_mask
All three fields are required and are separated by spaces or tabs. Each filed is
specified in the usual dotted form of IP addresses, e.g., 128.23.16.2.
if_addr must be the IP address of one of the network interfaces on the
SOCKS server host.
dst_addr specifies either the IP address of a host,
a network, or a subnet in the usual dotted form, e.g.,
129.201.4.0, or
a domain name, e.g.,
internic.net.
dst_mask specifies mask for
the IP address used in
dst_addr. Bits in
dst_mask that are set
to 0 indicate the bit positions to be ignored during comparison of IP
addresses. So, specifying 255.255.255.255 in
dst_mask demands an exact
match with
dst_addr, whereas 0.0.0.0 in
dst_mask causes a
matching with any given destination address regardless of what is specified
for
dst_addr. If a domain name is used for
dst_addr, the
contents of
dst_mask are ignored, though it must still be supplied
(simply use 0.0.0.0). If the domain name starts with a period, it specifies a
zone and matches all domain names within that zone, otherwise it matches only
the domain name itself. For example,
xyz.com matches only xyz.comP,
while
.xyz.com macthes not only xyz.com, but also abc.xyz.com and
this.and.that.xyz.com, among others. The special symbol
ALL (which must
be entirely in uppercase) matches everything. Domain names are otherwise
case-insentive.
When using a domain name in
dst_addr, you have be very careful in
maintaining your DNS setup. See the last few paragraphs in
sockd.conf(5).
When a multi-homed
sockd receives a network request, it first checks with
/etc/sockd.fc (or
/etc/sockd.conf) to decide whether the request
should be allowed or denied. For an allowable request,
sockd then
checks the given destination IP address or domain name against the
dst_addr
dst_mask pair in
/etc/sockd.route, one line at a line. Once a match
is found, the network interface of the corresponding
if_addr field is
used for connection to the destination host. Remaining lines in the file are
skipped. Therefore the order of the lines in the file is of extreme
importance. If no match is found throughout the file, a line indicating the
error is produced using
syslog with facility
daemon and level
err and the request is ignored.
You have the option of using the frozen route file
/etc/sockd.fr instead
of
/etc/sockd.route. The frosen file is produced by
make_sockdfr
and is essentially the memory image of the parsed route file. Using it can
reduce the start-up delay of the SOCKS server since it eliminate the need for
parsing. Since the SOCKS server always looks for
/etc/sockd.fr first,
be sure that you always run
make_sockdfr every time after you modifify
/etc/sockd.route.
EXAMPLES¶
Suppose you have a dual-homed host with interface 129.1.2.3 connecting to your
internal Class B network 129.1, and interface 129.1.254.1 connecting to the
outside world. If you only use the SOCKS server to provide connections to
outside hosts, then the file
/etc/sockd.route only needs one line:
129.1.254.1 0.0.0.0 0.0.0.0
If you also use the SOCKS server to provide connection to internal hosts as
well, then two lines would suffice:
129.1.2.3 129.1.0.0 255.255.0.0
129.1.254.1 0.0.0.0 0.0.0.0
Note that these two lines must be in the order given above.
If you prefer using domain name instead, the lines should be
129.1.2.3 .myown.com 0.0.0.0
129.1.254.1 0.0.0.0 0.0.0.0
assuming that myown.com is your domain.
SEE ALSO¶
dump_sockdfr(8),
make_sockdfr(8),
sockd(8),
sockd.fr(5)