NAME
sockd.route - Route file for multi-homed SOCKS proxy server
SYNOPSIS
/etc/sockd.route
DESCRIPTION
The file /etc/sockd.route is used by the SOCKS server program sockd to
determine which of its network interfaces it should use to reach a
given destination host. It is needed only if your SOCKS server host is
multi-homed and your version of sockd supports RBIND. A multi-homed
host is a host with more than one network interfaces and with its
IP_FORWARDING turned off. Only the multi-homed version of sockd can be
run on such hosts. You can find out the version of your sockd (or
rsockd) by command
sockd -ver
or
rsockd -ver
A line in the file can be up to 1024 characters long. Lines starting
with a ‘#’ are comments. Non-comment lines must be of the form
if_addr dst_addr dst_mask
All three fields are required and are separated by spaces or tabs.
Each filed is specified in the usual dotted form of IP addresses, e.g.,
128.23.16.2. if_addr must be the IP address of one of the network
interfaces on the SOCKS server host. dst_addr specifies either the IP
address of a host, a network, or a subnet in the usual dotted form,
e.g., 129.201.4.0, or a domain name, e.g., internic.net. dst_mask
specifies mask for the IP address used in dst_addr. Bits in dst_mask
that are set to 0 indicate the bit positions to be ignored during
comparison of IP addresses. So, specifying 255.255.255.255 in dst_mask
demands an exact match with dst_addr, whereas 0.0.0.0 in dst_mask
causes a matching with any given destination address regardless of what
is specified for dst_addr. If a domain name is used for dst_addr, the
contents of dst_mask are ignored, though it must still be supplied
(simply use 0.0.0.0). If the domain name starts with a period, it
specifies a zone and matches all domain names within that zone,
otherwise it matches only the domain name itself. For example, xyz.com
matches only xyz.comP, while .xyz.com macthes not only xyz.com, but
also abc.xyz.com and this.and.that.xyz.com, among others. The special
symbol ALL (which must be entirely in uppercase) matches everything.
Domain names are otherwise case-insentive.
When using a domain name in dst_addr, you have be very careful in
maintaining your DNS setup. See the last few paragraphs in
sockd.conf(5).
When a multi-homed sockd receives a network request, it first checks
with /etc/sockd.fc (or /etc/sockd.conf) to decide whether the request
should be allowed or denied. For an allowable request, sockd then
checks the given destination IP address or domain name against the
dst_addr dst_mask pair in /etc/sockd.route, one line at a line. Once a
match is found, the network interface of the corresponding if_addr
field is used for connection to the destination host. Remaining lines
in the file are skipped. Therefore the order of the lines in the file
is of extreme importance. If no match is found throughout the file, a
line indicating the error is produced using syslog with facility daemon
and level err and the request is ignored.
You have the option of using the frozen route file /etc/sockd.fr
instead of /etc/sockd.route. The frosen file is produced by
make_sockdfr and is essentially the memory image of the parsed route
file. Using it can reduce the start-up delay of the SOCKS server since
it eliminate the need for parsing. Since the SOCKS server always looks
for /etc/sockd.fr first, be sure that you always run make_sockdfr every
time after you modifify /etc/sockd.route.
EXAMPLES
Suppose you have a dual-homed host with interface 129.1.2.3 connecting
to your internal Class B network 129.1, and interface 129.1.254.1
connecting to the outside world. If you only use the SOCKS server to
provide connections to outside hosts, then the file /etc/sockd.route
only needs one line:
129.1.254.1 0.0.0.0 0.0.0.0
If you also use the SOCKS server to provide connection to internal
hosts as well, then two lines would suffice:
129.1.2.3 129.1.0.0 255.255.0.0
129.1.254.1 0.0.0.0 0.0.0.0
Note that these two lines must be in the order given above.
If you prefer using domain name instead, the lines should be
129.1.2.3 .myown.com 0.0.0.0
129.1.254.1 0.0.0.0 0.0.0.0
assuming that myown.com is your domain.
SEE ALSO
dump_sockdfr(8), make_sockdfr(8), sockd(8), sockd.fr(5)
May 6, 1996