Date: Tue, 22 Dec 2015 12:40:06 +0100 From: Andrea Venturoli <ml@netfence.it> To: freebsd-questions@freebsd.org Subject: inetd + sysutil/socket VS net/tcpproxy Message-ID: <56793696.5020406@netfence.it>
next in thread | raw e-mail | index | archive | help
Hello. I know this question will be vague and possibly a little OT, but I'm in search of some suggestion. I've always used sysutil/socket to allow access to an internal server through a firewall, with an inetd.conf line like > myport stream tcp4 nowait nobody /usr/local/bin/socket socket internalip myport This has always worked (and still is in several cases), but now I found a custom program which would give a protocol error. I tried replacing inetd+socket with net/tcpproxy and everything started working properly. I might declare all is well and solved, but I'm very curious... So I recorded the conversation with "tcpdump -s 65000 -w myfile port myport" and processed it with "tcpflow -o MyConv -r myfile"; I did this for both the "good" traffic (the working one, thanks to tcpproxy) and the "bad" traffic (the problematic one, with inetd+socket). To my surprise they are identical!!! So I'm left wondering why one works and the other doesn't. Of course the size, timestamps, fragmentation of the data stream is not the same across the two packet sets, but I don't think that should matter. Any suggestion? bye & Thanks av.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56793696.5020406>