inetd + sysutil/socket VS net/tcpproxy
Andrea Venturoli
ml at netfence.it
Tue Dec 22 11:40:16 UTC 2015
Hello.
I know this question will be vague and possibly a little OT, but I'm in
search of some suggestion.
I've always used sysutil/socket to allow access to an internal server
through a firewall, with an inetd.conf line like
> myport stream tcp4 nowait nobody /usr/local/bin/socket socket internalip myport
This has always worked (and still is in several cases), but now I found
a custom program which would give a protocol error.
I tried replacing inetd+socket with net/tcpproxy and everything started
working properly.
I might declare all is well and solved, but I'm very curious...
So I recorded the conversation with "tcpdump -s 65000 -w myfile port
myport" and processed it with "tcpflow -o MyConv -r myfile"; I did this
for both the "good" traffic (the working one, thanks to tcpproxy) and
the "bad" traffic (the problematic one, with inetd+socket).
To my surprise they are identical!!!
So I'm left wondering why one works and the other doesn't.
Of course the size, timestamps, fragmentation of the data stream is not
the same across the two packet sets, but I don't think that should matter.
Any suggestion?
bye & Thanks
av.
More information about the freebsd-questions
mailing list