'\" t .\" Title: tcpproxy .\" Author: [see the "AUTHORS" section] .\" Generator: DocBook XSL Stylesheets v1.76.1 .\" Date: 10/07/2013 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" .TH "TCPPROXY" "8" "10/07/2013" "\ \&" "\ \&" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" tcpproxy \- IPv4/IPv6 tcp connection proxy .SH "SYNOPSIS" .sp .nf \fBtcpproxy\fR [ \fB\-h|\-\-help\fR ] [ \fB\-D|\-\-nodaemonize\fR ] [ \fB\-u|\-\-username\fR ] [ \fB\-g|\-\-groupname\fR ] [ \fB\-C|\-\-chroot\fR ] [ \fB\-P|\-\-write\-pid\fR ] [ \fB\-L|\-\-log\fR :[,[,[\&.\&.]]] ] [ \fB\-U|\-\-debug\fR ] [ \fB\-l|\-\-local\-addr\fR ] [ \fB\-t|\-\-local\-resolv\fR (ipv4|4|ipv6|6) ] [ \fB\-p|\-\-local\-port\fR ] [ \fB\-r|\-\-remote\-addr\fR ] [ \fB\-R|\-\-remote\-resolv\fR (ipv4|4|ipv6|6) ] [ \fB\-o|\-\-remote\-port\fR ] [ \fB\-s|\-\-source\-addr\fR ] [ \fB\-b|\-\-buffer\-size\fR ] [ \fB\-c|\-\-config\fR ] .fi .SH "DESCRIPTION" .sp \fBtcpproxy\fR is a simple tcp connection proxy which combines the features of rinetd and 6tunnel\&. \fBtcpproxy\fR supports IPv4 and IPv6 and also supports connections from IPv6 to IPv4 endpoints and vice versa\&. .SH "OPTIONS" .sp The following options can be passed to the \fBtcpproxy\fR daemon: .PP \fB\-D, \-\-nodaemonize\fR .RS 4 This option instructs \fBtcpproxy\fR to run in foreground instead of becoming a daemon which is the default\&. .RE .PP \fB\-u, \-\-username \fR .RS 4 run as this user\&. If no group is specified (\fB\-g\fR) the default group of the user is used\&. The default is to not drop privileges\&. .RE .PP \fB\-g, \-\-groupname \fR .RS 4 run as this group\&. If no username is specified (\fB\-u\fR) this gets ignored\&. The default is to not drop privileges\&. .RE .PP \fB\-C, \-\-chroot \fR .RS 4 Instruct \fBtcpproxy\fR to run in a chroot jail\&. The default is to not run in chroot\&. .RE .PP \fB\-P, \-\-write\-pid \fR .RS 4 Instruct \fBtcpproxy\fR to write it\(cqs pid to this file\&. The default is to not create a pid file\&. .RE .PP \fB\-L, \-\-log :[,[,[\&.\&.]]]\fR .RS 4 add log target to logging system\&. This can be invoked several times in order to log to different targets at the same time\&. Every target has its own log level which is a number between 0 and 5\&. Where 0 means disabling log and 5 means debug messages are enabled\&. The file target can be used more than once with different levels\&. If no target is provided at the command line a single target with the config \fBsyslog:3,tcpproxy,daemon\fR is added\&. The following targets are supported: .PP \fBsyslog\fR .RS 4 log to syslog daemon, parameters [,[,]] .RE .PP \fBfile\fR .RS 4 log to file, parameters [,] .RE .PP \fBstdout\fR .RS 4 log to standard output, parameters .RE .PP \fBstderr\fR .RS 4 log to standard error, parameters .RE .RE .PP \fB\-U, \-\-debug\fR .RS 4 This option instructs \fBtcpproxy\fR to run in debug mode\&. It implicits \fB\-D\fR (don\(cqt daemonize) and adds a log target with the configuration \fBstdout:5\fR (logging with maximum level)\&. In future releases there might be additional output when this option is supplied\&. .RE .PP \fB\-l, \-\-local\-addr \fR .RS 4 The local address to bind to\&. By default \fBtcpproxy\fR will listen on any interface (IPv6 and IPv4)\&. .RE .PP \fB\-t|\-\-local\-resolv (ipv4|4|ipv6|6)\fR .RS 4 When resolving the local address (see above) use only IPv4 or IPv6\&. The default is to resolv both\&. .RE .PP \fB\-p, \-\-local\-port \fR .RS 4 The local port to bind to\&. By default there is no port defined in which case \fBtcpproxy\fR will try to read the configuration file\&. .RE .PP \fB\-r, \-\-remote\-addr \fR .RS 4 The remote address to connect to\&. Unless the configuration file should be used this must be set to a valid address or hostname\&. .RE .PP \fB\-R|\-\-remote\-resolv (ipv4|4|ipv6|6)\fR .RS 4 When resolving the remote address (see above) use only IPv4 or IPv6\&. The default is to resolv both\&. Mind that this also effects resolving of the source address (see below) as the remote and source addresses must be of the same protocol familiy\&. .RE .PP \fB\-o, \-\-remote\-port \fR .RS 4 The remote port to connect to\&. Unless the configuration file should be used this must be set to a valid port or servicename\&. .RE .PP \fB\-s, \-\-source\-addr \fR .RS 4 Instruct tcpproxy to use this source address for connections to \fB\-R|\-\-remote\-address\fR\&. By default \fBtcpproxy\fR uses the default source address for the defined remote host\&. .RE .PP \fB\-b, \-\-buffer\-size \fR .RS 4 The size of the transmit buffers to use\&. \fBtcpproxy\fR will allocate two buffers of this size for any client which is connected\&. By default a value of 10Kbytes is used\&. .RE .PP \fB\-c, \-\-config \fR .RS 4 The path to the configuration file to be used\&. This is only evaluated if the local port is omitted\&. .RE .SH "CONFIGURATION FILE" .sp If the configuratin file is used it should contain one or more of the following stanzas: .sp .if n \{\ .RS 4 .\} .nf listen (*|address|hostname) (port\-number|service\-name) { resolv: (ipv4|ipv6) remote: (address|hostname) (port\-number|service\-name); remote\-resolv: (ipv4|ipv6); source: (address|hostname); }; .fi .if n \{\ .RE .\} .sp Everything between the curly brackets except for the \fBremote\fR parameter may be omitted\&. .SH "SIGNALS" .sp After receiving the HUP signal \fBtcpproxy\fR tries to reload the configuration file\&. It only reopens a listen socket if the local address and or port has changed\&. Therefore reloading the configuration after the daemon has dropped privileges is safe as long as there are no changes in the local address and port\&. However this is only of concern if any of the listen ports is a privileged port (<1024)\&. If there is a syntax error at the configuration file all changes are discarded\&. On SIGUSR1 \fBtcpproxy\fR prints some information about the listening sockets and after SIGUSR2 information about open client connections is printed\&. This is sent to all configured log targets at a level of 3\&. .SH "BUGS" .sp Most likely there are some bugs in \fBtcpproxy\fR\&. If you find a bug, please let the developers know at tcpproxy@spreadspace\&.org\&. Of course, patches are preferred\&. .SH "SEE ALSO" .sp rinetd(8) .SH "AUTHORS" .sp Christian Pointner .SH "RESOURCES" .sp Main web site: http://www\&.spreadspace\&.org/tcpproxy/ .SH "COPYING" .sp Copyright (C) 2010\-2013 Christian Pointner\&. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version\&.