bionic (5) sockd.route.5.gz

Provided by: socks4-server_4.3.beta2-20_amd64 bug

NAME

       sockd.route - Route file for multi-homed SOCKS proxy server

SYNOPSIS

       /etc/sockd.route

DESCRIPTION

       The  file  /etc/sockd.route  is  used by the SOCKS server program sockd to determine which of its network
       interfaces it should use to reach a given destination host. It is needed only if your SOCKS  server  host
       is multi-homed and your version of sockd supports RBIND.  A multi-homed host is a host with more than one
       network interfaces and with its IP_FORWARDING turned off. Only the multi-homed version of  sockd  can  be
       run on such hosts.  You can find out the version of your sockd (or rsockd) by command

       sockd -ver

       or

       rsockd -ver

       A line in the file can be up to 1024 characters long. Lines starting with a `#' are comments. Non-comment
       lines must be of the form

       if_addr        dst_addr  dst_mask

       All three fields are required and are separated by spaces or tabs.  Each filed is specified in the  usual
       dotted  form  of  IP  addresses, e.g., 128.23.16.2.  if_addr must be the IP address of one of the network
       interfaces on the SOCKS server host.  dst_addr specifies either the IP address of a host, a network, or a
       subnet  in  the  usual  dotted  form,  e.g.,  129.201.4.0, or a domain name, e.g., internic.net. dst_mask
       specifies mask for the IP address used in dst_addr.  Bits in dst_mask that are set to 0 indicate the  bit
       positions  to  be  ignored  during comparison of IP addresses. So, specifying 255.255.255.255 in dst_mask
       demands an exact match with dst_addr, whereas 0.0.0.0 in  dst_mask  causes  a  matching  with  any  given
       destination  address regardless of what is specified for dst_addr. If a domain name is used for dst_addr,
       the contents of dst_mask are ignored, though it must still be supplied  (simply  use  0.0.0.0).   If  the
       domain  name  starts  with  a  period, it specifies a zone and matches all domain names within that zone,
       otherwise it matches only the domain name itself. For  example,  xyz.com  matches  only  xyz.comP,  while
       .xyz.com  macthes  not  only  xyz.com, but also abc.xyz.com and this.and.that.xyz.com, among others.  The
       special symbol ALL (which must be entirely in uppercase) matches everything. Domain names  are  otherwise
       case-insentive.

       When  using  a  domain  name in dst_addr, you have be very careful in maintaining your DNS setup. See the
       last few paragraphs in sockd.conf(5).

       When  a  multi-homed  sockd  receives  a  network  request,  it  first  checks  with  /etc/sockd.fc   (or
       /etc/sockd.conf)  to  decide  whether  the request should be allowed or denied. For an allowable request,
       sockd then checks the given destination IP address or domain name against the dst_addr dst_mask  pair  in
       /etc/sockd.route,  one  line at a line. Once a match is found, the network interface of the corresponding
       if_addr field is used for connection to the destination host.  Remaining lines in the file  are  skipped.
       Therefore  the  order  of the lines in the file is of extreme importance. If no match is found throughout
       the file, a line indicating the error is produced using syslog with facility daemon and level err and the
       request is ignored.

       You  have the option of using the frozen route file /etc/sockd.fr instead of /etc/sockd.route. The frosen
       file is produced by make_sockdfr and is essentially the memory image of the parsed route file.  Using  it
       can  reduce  the  start-up  delay  of the SOCKS server since it eliminate the need for parsing. Since the
       SOCKS server always looks for /etc/sockd.fr first, be sure that you always run  make_sockdfr  every  time
       after you modifify /etc/sockd.route.

EXAMPLES

       Suppose  you  have a dual-homed host with interface 129.1.2.3 connecting to your internal Class B network
       129.1, and interface 129.1.254.1 connecting to the outside world. If you only use  the  SOCKS  server  to
       provide connections to outside hosts, then the file /etc/sockd.route only needs one line:

       129.1.254.1    0.0.0.0  0.0.0.0

       If  you  also  use the SOCKS server to provide connection to internal hosts as well, then two lines would
       suffice:

       129.1.2.3 129.1.0.0  255.255.0.0
       129.1.254.1    0.0.0.0  0.0.0.0

       Note that these two lines must be in the order given above.

       If you prefer using domain name instead, the lines should be

       129.1.2.3       .myown.com  0.0.0.0
       129.1.254.1     0.0.0.0  0.0.0.0

       assuming that myown.com is your domain.

SEE ALSO

       dump_sockdfr(8), make_sockdfr(8), sockd(8), sockd.fr(5)

                                                   May 6, 1996                                    SOCKD.ROUTE(5)