From 0fb59c54c0a0eb59a4559c386e78d62b413c398d Mon Sep 17 00:00:00 2001 From: "git@daemon.de" Date: Sun, 26 Apr 2015 13:27:03 +0200 Subject: [PATCH] updated --- udpxd.1 | 86 +++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 69 insertions(+), 17 deletions(-) diff --git a/udpxd.1 b/udpxd.1 index ce0d407..7e2e07e 100644 --- a/udpxd.1 +++ b/udpxd.1 @@ -1,4 +1,4 @@ -.\" Automatically generated by Pod::Man 2.23 (Pod::Simple 3.14) +.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) .\" .\" Standard preamble: .\" ======================================================================== @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "UDPXD 1" -.TH UDPXD 1 "2015-04-21" "perl v5.12.4" "User Contributed Perl Documentation" +.TH UDPXD 1 "2015-04-26" "perl v5.14.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -134,15 +134,17 @@ udpxd \- A general purpose UDP relay/port forwarder/proxy .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 -\& Usage: udpxd [\-lbdvhV] -\& +\& Usage: udpxd [\-lbdfpvhV] +\& \& Options: -\& \-\-listen \-l listen for incoming requests -\& \-\-bind \-b bind ip used for outgoing requests -\& \-\-dest \-d destination to forward requests to -\& \-\-help \-h \-? print help message -\& \-\-version \-v print program version -\& \-\-verbose \-V enable verbose logging +\& \-\-listen \-l listen for incoming requests +\& \-\-bind \-b bind ip used for outgoing requests +\& \-\-dest \-d destination to forward requests to +\& \-\-foreground \-f don\*(Aqt fork into background +\& \-\-pidfile \-p pidfile, default: /var/run/udpxd.pid +\& \-\-help \-h \-? print help message +\& \-\-version \-v print program version +\& \-\-verbose \-V enable verbose logging .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" @@ -168,6 +170,36 @@ interface of the system running udpxd or the address specified with \fB\-b\fR. .PP The options \fB\-l\fR and \fB\-d\fR are mandatory. +.PP +If the option \fB\-f\fR has not been specified, udpxd forks into +the background and becomes a daemon. It writes it pidfile to +\&\f(CW\*(C`/var/run/udpxd.pid\*(C'\fR, which can be changed with the \fB\-p\fR +option. +.PP +\&\fBCaution: udpxd does not drop its privileges. If started as +root, it will continue to run as root. This may change in the +future.\fR +.PP +Udpxd supports ip version 4 and 6, it doesn't support hostnames, +\&\-l, \-d and \-b must be ip addresses. In order to specify an ipv6 +address and a port, use: +.PP +.Vb 1 +\& \-l [::1]:53 +.Ve +.PP +that is, surround the ipv6 address with brackets. +.PP +Port forwardings can be mixed: +.PP +.Vb 6 +\& listen | forward to +\& \-\-\-\-\-\-\-+\-\-\-\-\-\-\-\-\-\-\- +\& ipv4 | ipv4 +\& ipv6 | ipv4 +\& ipv4 | ipv6 +\& ipv6 | ipv6 +.Ve .SH "EXAMPLES" .IX Header "EXAMPLES" Let's say you operate a multihomed unix system named 'foo' @@ -176,11 +208,11 @@ with two interfaces: eth0 on the inside, eth1 on the outside: .Vb 3 \& foo: \& eth0: 192.168.1.1 -\& eth0: 10.0.0.1 +\& eth1: 10.0.0.1 .Ve .PP And let's say, you have a client in network 10.0.0.0/24 who whiches to reach -an ntp server in network 192.168.1.1; and you dont operate a +an ntp server in network 192.168.1.0/24; and you dont operate a firewall, nat or routing on 'foo'. Run udpxd like this: .PP .Vb 1 @@ -188,14 +220,14 @@ firewall, nat or routing on 'foo'. Run udpxd like this: .Ve .PP Now, if a client with the source ip address 10.0.0.110 sends -an ntp request to 10.0.0.1:123, udpxd will forward that -request to 192.168.1.199:123 with the source ip address +a ntp request to 10.0.0.1:123, udpxd will forward that +packet to 192.168.1.199:123 with the source ip address 192.168.1.1 (because this is where the route points to: eth0). Responses from the ntp server will reach udpxd, which in turn sends them back to the client, where they arrive with the source address (and port) where udpxd is listening. .PP -As you can see, udpxd canbe used to implement hiding nat for +As you can see, udpxd can be used to implement hiding nat for udp services in user space. .PP Another example would be, if 'foo' has multiple ip addresses @@ -217,10 +249,25 @@ In order to use 192.168.1.45 as the source ip address, use the .PP In this case for the client everything looks as before, but the ntp server on the other end will see ntp requests coming from -192.168.1.45. +192.168.1.45 instead. +.PP +Here we listen on the ip v6 loopback address and forward traffic +to another ip v6 destination address: +.PP +.Vb 1 +\& udpxd \-l [::1]:53 \-d [2001:4860:4860::8888]:53 +.Ve +.PP +Or, we could listen on an ip v4 address and forward to an ip v6 +address: +.PP +.Vb 1 +\& udpxd \-l 192.168.1.1:53 \-d [2001:4860:4860::8888]:53 +.Ve .SH "FILES" .IX Header "FILES" -udpxd currently does not write or open any files. +\&\fB/var/run/udpxd.pid\fR: created if running in daemon mode (\-f not +specified). .SH "BUGS" .IX Header "BUGS" In order to report a bug, unexpected behavior, feature requests @@ -229,6 +276,11 @@ or to submit a patch, please open an issue on github: .SH "LICENSE" .IX Header "LICENSE" This software is licensed under the \s-1GNU\s0 \s-1GENERAL\s0 \s-1PUBLIC\s0 \s-1LICENSE\s0 version 3. +.PP +Copyright (c) 2015 by T. v. Dein. +.PP +This software uses \fButhash\fR (bundled), which is +Copyright (c) 2003\-2013 by Troy D. Hanson. .SH "AUTHORS" .IX Header "AUTHORS" T.v.Dein \fBtom \s-1AT\s0 vondein \s-1DOT\s0 org\fR