Provided by: rinetd_0.62.1sam-1.1_amd64 bug

NAME
       rinetd — internet “redirection server”


SYNOPSIS
       /usr/sbin/rinetd


VERSION
       Version 0.62, 04/14/2003.


DESCRIPTION
       rinetd  redirects  TCP  connections  from  one IP address and port to another. rinetd is a single-process
       server which handles any  number  of  connections  to  the  address/port  pairs  specified  in  the  file
       /etc/rinetd.conf.   Since rinetd runs as a single process using nonblocking I/O, it is able to redirect a
       large number of connections without a severe impact on the machine. This makes it practical  to  run  TCP
       services  on  machines  inside  an  IP  masquerading  firewall. rinetd does not redirect FTP, because FTP
       requires more than one socket.

       rinetd is typically launched at boot time, using the following syntax:

       /usr/sbin/rinetd

       The configuration file is found in the file /etc/rinetd.conf, unless another file is specified using  the
       -c command line option.


FORWARDING RULES
       Most  entries  in  the  configuration  file  are  forwarding rules. The format of a forwarding rule is as
       follows:

       bindaddress bindport connectaddress connectport

       For example:

       206.125.69.81 80 10.1.1.2 80

       Would redirect all connections to port 80 of the "real"  IP  address  206.125.69.81,  which  could  be  a
       virtual  interface, through rinetd to port 80 of the address 10.1.1.2, which would typically be a machine
       on the inside of a firewall which has no direct routing to the outside world.

       Although responding on individual interfaces rather than on all interfaces is  one  of  rinetd's  primary
       features,  sometimes  it is preferable to respond on all IP addresses that belong to the server.  In this
       situation, the special IP address 0.0.0.0 can be used. For example:

       0.0.0.0 23 10.1.1.2 23

       Would redirect all connections to port 23, for all IP addresses assigned  to  the  server.  This  is  the
       default behavior for most other programs.

       Service names can be specified instead of port numbers. On most systems, service names are defined in the
       file /etc/services.

       Both IP addresses and hostnames are accepted for bindaddress and connectaddress.


ALLOW AND DENY RULES
       Configuration files can also contain allow and deny rules.

       Allow  rules  which  appear before the first forwarding rule are applied globally: if at least one global
       allow rule exists, and the address of a new connection does not satisfy at least one of the global  allow
       rules, that connection is immediately rejected, regardless of any other rules.

       Allow rules which appear after a specific forwarding rule apply to that forwarding rule only. If at least
       one  allow  rule  exists  for  a particular forwarding rule, and the address of a new connection does not
       satisfy at least one of the allow  rules  for  that  forwarding  rule,  that  connection  is  immediately
       rejected, regardless of any other rules.

       Deny  rules  which  appear before the first forwarding rule are applied globally: if the address of a new
       connection satisfies any of the global deny rules, that connection is immediately rejected, regardless of
       any other rules.

       Deny rules which appear after a specific forwarding rule apply to  that  forwarding  rule  only.  If  the
       address  of a new connection satisfies any of the deny rules for that forwarding rule, that connection is
       immediately rejected, regardless of any other rules.

       The format of an allow rule is as follows:

       allow pattern

       Patterns can contain the following characters: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, . (period), ?, and *. The  ?
       wildcard matches any one character. The * wildcard matches any number of characters, including zero.

       For example:

       allow 206.125.69.*

       This allow rule matches all IP addresses in the 206.125.69 class C domain.

       Host  names are NOT permitted in allow and deny rules. The performance cost of looking up IP addresses to
       find their corresponding names is prohibitive. Since  rinetd  is  a  single  process  server,  all  other
       connections would be forced to pause during the address lookup.


LOGGING
       rinetd is able to produce a log file in either of two formats: tab-delimited and web server-style "common
       log format."

       By  default,  rinetd  does  not  produce  a  log file. To activate logging, add the following line to the
       configuration file:

       logfile log-file-location

       Example: logfile /var/log/rinetd.log

       By default, rinetd logs in a simple tab-delimited format containing the following information:

       Date and time

       Client address

       Listening host

       Listening port

       Forwarded-to host

       Forwarded-to port

       Bytes received from client

       Bytes sent to client

       Result message

       To activate web server-style "common log format" logging, add the following  line  to  the  configuration
       file:

       logcommon


COMMAND LINE OPTIONS
       The -c command line option is used to specify an alternate configuration file.

       The -f command line option is used to run rinetd in the foreground, without forking to the background.

       The -h command line option produces a short help message.

       The -v command line option displays the version number.


REINITIALIZING RINETD
       The  kill  -1  signal  (SIGHUP)  can  be  used  to  cause rinetd to reload its configuration file without
       interrupting existing connections.  Under Linux™ the process id is saved in the file  /var/run/rinetd.pid
       to  facilitate  the kill -HUP. An alternate filename can be provided by using the <code>pidlogfile</code>
       configuration file option.


LIMITATIONS
       rinetd redirects TCP connections only. There is no support for UDP. rinetd only redirects protocols which
       use a single TCP socket. This rules out FTP.


BUGS
       The server redirected to is not able to identify the host the client really came  from.  This  cannot  be
       corrected;  however,  the  log  produced by rinetd provides a way to obtain this information. Under Unix,
       Sockets would theoretically lose data when closed with SO_LINGER turned off, but in Linux this is not the
       case (kernel source comments support this belief on my part). On non-Linux Unix platforms, alternate code
       which uses a different trick to work around blocking close() is provided, but this code is untested.  The
       logging is inadequate.  The duration of each connection should be logged.


LICENSE
       Copyright  (c) 1997, 1998, 1999, Thomas Boutell and Boutell.Com, Inc.  This software is released for free
       use under the terms of the GNU Public License, version 2 or higher. NO WARRANTY IS EXPRESSED OR  IMPLIED.
       USE THIS SOFTWARE AT YOUR OWN RISK.


CONTACT INFORMATION
       See  http://www.boutell.com/rinetd/  for  the  latest  release.   Thomas Boutell can be reached by email:
       boutell@boutell.com


THANKS
       Thanks are due to Bill Davidsen, Libor Pechachek, Sascha Ziemann, the Apache Group, and many  others  who
       have contributed advice and/or source code to this and other free software projects.

LINUX                                           February 18, 1999                                      RINETD(8)