From owner-freebsd-questions@FreeBSD.ORG Sun Feb 22 10:27:01 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CE33116A4CE for ; Sun, 22 Feb 2004 10:27:01 -0800 (PST) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D2D943D1D for ; Sun, 22 Feb 2004 10:27:01 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i1MIQruV002862 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 22 Feb 2004 18:26:53 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i1MIQqo6002861; Sun, 22 Feb 2004 18:26:52 GMT (envelope-from matthew) Date: Sun, 22 Feb 2004 18:26:52 +0000 From: Matthew Seaman To: Marty Landman Message-ID: <20040222182652.GB2372@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Marty Landman , Rob , freebsd-questions@freebsd.org References: <4038C549.1020702@users.sourceforge.net> <20040222161215.GA1165@happy-idiot-talk.infracaninophile.co.uk> <6.0.0.22.0.20040222114940.06a3bc70@pop.face2interface.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ZfOjI3PrQbgiZnxM" Content-Disposition: inline In-Reply-To: <6.0.0.22.0.20040222114940.06a3bc70@pop.face2interface.com> User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: freebsd-questions@freebsd.org cc: Rob Subject: Re: Is inetd a proxy server? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Feb 2004 18:27:01 -0000 --ZfOjI3PrQbgiZnxM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 22, 2004 at 11:58:10AM -0500, Marty Landman wrote: > At 11:12 AM 2/22/2004, Matthew Seaman wrote: >=20 > >A proxy listens to all of your request, and then opens up a second=20 > >connection to the real server (or another > >proxy) for you and replays your request to it -- so all of the traffic i= s=20 > >relayed through the proxy. >=20 > Newbie here Matthew. Could you please explain how a proxy differs from a= =20 > router? Or are they in many ways intersecting in their functionality? e.g= =2E=20 > I've got a class c network in my office and recently learned how to use= =20 > apache to reverse proxy a request so that http://my-ip-adr/fbsd becomes t= he=20 > same as http://fbsd, where the latter is mapped to the ip addr for my fbs= d=20 > box on the lan by apache. (which btw is kind of cool) Sure. A router deals with network traffic at the IP level -- sometimes described as Layer 3 on the OSI 7 layer model. In plain English, the router doesn't care what's inside the packets: it just looks at the IP numbers in the headers and relays the packets appropriately. A router will work for all sorts of traffic -- HTTP, FTP, SSH, SMTP, whatever (unless you've deliberately added a packet filter) -- unlike a proxy, which works at the protocol level: thus you'll get an HTTP proxy or a FTP proxy or a SMTP relay or a DNS recursive server -- the names vary, but they all do proxy service. It's also common for proxies to cache previous traffic and reply out of cache instead of going all the way back to the originating server, but that's not a requirement. Sometimes the software used to implement a proxy is actually identical to the software you'ld use to implement the originating server -- as commonly seen with most MTAs and BIND and occasionally Apache HTTPD as you've done -- although specialised proxying software is more generally used for HTTP and FTP and the like. =20 > >The point of having inetd(8) is that it provides is a mechanism so that= =20 > >you don't have to have umpty-dozen different small servers running all o= f=20 > >the time and taking up your process space. >=20 > I notice that mingetty runs ~ half a dozen instances on my box, waiting f= or=20 > console users that will never come since as a rule I do everything thru s= sh=20 > on my windows workstation. And httpd, though I've cut the child process= =20 > spec down on the apache conf since it's not needed. Of course the saved= =20 > cycles aren't needed either in my current environment. :) getty(8) is pretty light weight, and it doesn't take much extra memory to run multiple copies of it. It's also the case that while you may not need to log in via the console during normal usage, when you do need console access then you generally need it very badly. =20 =20 > Could httpd be set up to run via inetd instead of on its own? If so, is i= t=20 > not typically done this way because it is usually the biggie app on=20 > servers? Following that reasoning, if a server were primarily used for ft= p=20 > would it make sense to remove ftpd from inetd's conf file and instead sta= rt=20 > it as a service, assuming that were possible? You can run apache 1.3.x through inetd -- see the 'ServerType' directive in httpd.conf: http://httpd.apache.org/docs/mod/core.html#servertype As it says in bright red letters: "Inetd mode is no longer recommended and does not always work properly. Avoid it if at all possible." ServerType no longer exists in apache 2.0.x. If you are running a busy FTP site, then yes, running a standalone FTP daemon would be a good idea. However, the server side configuration for most FTP daemons is a lot simpler than for Apache, so it's feasible to run ftpd out of inetd for much higher traffic than it would be for apache. Another common server where there's an option of running under inetd is Samba -- however I think the trend nowadays is to assume that the Samba daemons will run standalone. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --ZfOjI3PrQbgiZnxM Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAOPRsdtESqEQa7a0RAhzxAJ9cMDbTY5e0LErtAmoHsIS/ibQv5gCfeA1e suYhGAlRO4kGBgL55WABfsA= =j3Bd -----END PGP SIGNATURE----- --ZfOjI3PrQbgiZnxM--