summaryrefslogtreecommitdiff
path: root/usr.sbin/faithd/faithd.8
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>2003-01-18 23:53:50 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>2003-01-18 23:53:50 +0000
commit0737851f1642d613c81b8ae2ee1cb7603cbd837a (patch)
treef302a7fae29e75d80a8f4c984253110ec1eab569 /usr.sbin/faithd/faithd.8
parent46ff6b272921b15bc0df982c467b575d17c674a6 (diff)
inet6 fixes from jmc@prioris.mini.pw.edu.pl
Diffstat (limited to 'usr.sbin/faithd/faithd.8')
-rw-r--r--usr.sbin/faithd/faithd.878
1 files changed, 39 insertions, 39 deletions
diff --git a/usr.sbin/faithd/faithd.8 b/usr.sbin/faithd/faithd.8
index 3c6f5885488..320d83151d5 100644
--- a/usr.sbin/faithd/faithd.8
+++ b/usr.sbin/faithd/faithd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: faithd.8,v 1.22 2002/05/09 14:26:41 itojun Exp $
+.\" $OpenBSD: faithd.8,v 1.23 2003/01/18 23:53:49 deraadt Exp $
.\" $KAME: faithd.8,v 1.36 2002/05/09 13:59:16 itojun Exp $
.\"
.\" Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -43,7 +43,7 @@
.\".Nm ""
.Sh DESCRIPTION
.Nm
-provides IPv6-to-IPv4 TCP relay.
+provides an IPv6-to-IPv4 TCP relay.
.Nm
must be used on an IPv4/v6 dual stack router.
.Pp
@@ -57,9 +57,9 @@ will relay the
.Tn TCPv6
traffic to
.Tn TCPv4 .
-Destination for relayed
+The destination for the relayed
.Tn TCPv4
-connection will be determined by the last 4 octets of the original
+connection is determined by the last 4 octets of the original
.Tn IPv6
destination.
For example, if
@@ -70,17 +70,17 @@ and the
.Tn TCPv6
destination address is
.Li 3ffe:0501:4819:ffff::0a01:0101 ,
-the traffic will be relayed to IPv4 destination
+the traffic is relayed to IPv4 destination
.Li 10.1.1.1 .
.Pp
-To use
+To use the
.Nm
translation service,
-an IPv6 address prefix must be reserved for mapping IPv4 addresses into.
-Kernel must be properly configured to route all the TCP connection
+an IPv6 address prefix must be reserved for mapping IPv4 addresses onto.
+The kernel must be properly configured to route all the TCP connections
toward the reserved IPv6 address prefix into the
.Xr faith 4
-pseudo interface, by using
+pseudo interface, by using the
.Xr route 8
command.
Also,
@@ -91,9 +91,9 @@ to
.Dv 1 .
.Pp
The router must be configured to capture all the TCP traffic
-toward reserved
+for a given reserved
.Tn IPv6
-address prefix, by using
+address prefix, by using the
.Xr route 8
and
.Xr sysctl 8
@@ -101,7 +101,7 @@ commands.
.Pp
.Nm
needs a special name-to-address translation logic, so that
-hostnames gets resolved into special
+hostnames get resolved into a special
.Tn IPv6
address prefix.
For small-scale installation, use
@@ -142,19 +142,19 @@ it is not possible to run local TCP daemons for port
on the router, using
.Xr inetd 8
or other standard mechanisms.
-By specifying
+Local daemons can be run on the router
+by specifying a
.Ar serverpath
to
-.Nm Ns ,
-you can run local daemons on the router.
+.Nm Ns .
.Nm
-will invoke local daemon at
+will invoke a local daemon at
.Ar serverpath
-if the destination address is local interface address,
+if the destination address is a local interface address,
and will perform translation to IPv4 TCP in other cases.
-You can also specify
-.Ar serverargs
-for the arguments for the local daemon.
+.Ar Serverargs
+can also be specified as
+arguments for the local daemon.
.Pp
The following options are available:
.Bl -tag -width indent
@@ -165,8 +165,8 @@ Debugging information will be generated using
Specify a configuration file for access control.
See below.
.It Fl p
-Use privileged TCP port number as source port,
-for IPv4 TCP connection toward final destination.
+Use the privileged TCP port number as a source port,
+for an IPv4 TCP connection toward the final destination.
For relaying
.Xr ftp 1
this flag is not necessary as special program code is supplied.
@@ -191,7 +191,7 @@ to avoid stale sessions from chewing up resources.
This may be inappropriate for some of the services
.Pq should this be configurable? .
.Ss Access control
-To prevent malicious accesses,
+To prevent malicious access,
.Nm
implements a simple address-based access control.
With
@@ -204,7 +204,6 @@ specified by
.Pc ,
.Nm
will avoid relaying unwanted traffic.
-The
.Pa faithd.conf
contains directives with the following format:
.Bl -bullet
@@ -233,8 +232,8 @@ permit the connection.
The directives are evaluated in sequence,
and the first matching entry will be effective.
If there is no match
-.Pq if we reach the end of the ruleset
-the traffic will be denied.
+.Pq the end of the ruleset has been reached ,
+the traffic is denied.
.\".Pp
.\"With inetd mode,
.\"traffic may be filtered by using access control functionality in
@@ -251,8 +250,9 @@ on error.
.Sh EXAMPLES
Before invoking
.Nm Ns ,
+the
.Xr faith 4
-interface has to be configured properly.
+interface has to be configured properly:
.Bd -literal -offset
# sysctl -w net.inet6.ip6.accept_rtadv=0
# sysctl -w net.inet6.ip6.forwarding=1
@@ -262,6 +262,7 @@ interface has to be configured properly.
# route change -inet6 3ffe:501:4819:ffff:: -prefixlen 96 -ifp faith0
.Ed
.\".Ss Daemon mode samples
+.Pp
To translate
.Li telnet
service, and provide no local telnet service, invoke
@@ -271,24 +272,23 @@ as follows:
# faithd telnet
.Ed
.Pp
-If you would like to provide local telnet service via
+Provide local telnet service via
.Xr telnetd 8
-on
-.Pa /usr/libexec/telnetd ,
-use the following command line:
+using
+.Pa /usr/libexec/telnetd .
.Bd -literal -offset
# faithd telnet /usr/libexec/telnetd telnetd
.Ed
.Pp
-If you would like to pass extra arguments to the local daemon:
+Pass extra arguments to the local daemon:
.Bd -literal -offset
# faithd ftp /usr/libexec/ftpd ftpd -l
.Ed
.Pp
Here are some other examples.
-You may need
+If the service checks the source port range,
.Fl p
-if the service checks the source port range.
+may be required.
.Bd -literal -offset
# faithd ssh
# faithd telnet /usr/libexec/telnetd telnetd
@@ -334,16 +334,16 @@ Administrators are advised to limit accesses to
.Nm
using
.Pa faithd.conf ,
-or by using IPv6 packet filters.
-It is to protect
+or by using IPv6 packet filters,
+to protect the
.Nm
service from malicious parties and avoid theft of service/bandwidth.
-IPv6 destination address can be limited by
-carefully configuring routing entries that points to
+IPv6 destination addresses can be limited by
+carefully configuring routing entries that point to
.Xr faith 4 ,
using
.Xr route 8 .
-IPv6 source address needs to be filtered by using packet filters.
+IPv6 source addresses need to be filtered using a packet filter.
Documents listed in
.Sx SEE ALSO
have more discussions on this topic.