plug -- Plug proxy daemon.
/usr/local/sbin/plug -V <br> /usr/local/sbin/plug
[-f] [-l] [-P pidfile] [-S sessionfile]
[-k] [-d[d]] [-n] [-i sourceaddr] [-p
proxyaddr] [-h https-proxy[:port]] [-t timeout] [-a
accept_rule] [-o] [-r retry] [-V] sourceport
destaddr[:destport] [destaddr[:destport]]...
Plugdaemon acts as a "dumb proxy", forwarding a TCP/IP stream
from a port on one host to a possibly different port on a separate host. It
runs as a daemon to reduce latency in setting up a connection, and optionally
logs every connection via syslog.
- -f
- Forces a given client address to continue to connect to the same host on
subsequent attempts, for proxying HTTP connections so that subsequent hits
will be on the same mirror.
- -k
- Turns on SO_KEEPALIVE on the plug. You want to use this on frequent short
term connections like HTTP requests where response time is more important
than reliability on flakey links, and leave it off on long-term
connections that may go a long time without transferring data.
- -l
- turns on connection logging.
- -P pidfile
- Maintains a file that contains the process ID of the master plug daemon,
followed by the process IDs of all the active children. This can be used
for cleanup or monitoring. The file is deleted when the parent process
exits.
- -S sessionfile
- Write session info to this file at the end of each connection:
- [yyyy-mm-dd HH:MM:SS] plug[PID] FROM PEER TO IN OUT DURATION
- Where "yyyy-mm-dd HH:MM:SS" is the time the connection closed,
PID is the process-id of the connection, PEER is the address of the client
that connected, FROM and TO are the listener port (and address, if
specified) and target address and port, IN and OUT are the bytes read and
written, and DURATION is the connection duration in microseconds.
If the session file is "-", it writes the session to
standard output (implies -n).
- -d
- turns on debugging output (implies -n). Additional -d options add more
output.
- -n Stops
- plug from running as a daemon or logging errors to syslog. Errors
in this mode are displayed on standard error.
- -i interface
- Bind the plug to the named interface, for use on multi-homed hosts.
- -p interface
- Bind the source port of the proxied connection to the named interface, for
use on multi-homed hosts.
- -h host:port
- Connect via an HTTPS proxy on host:port. Note that when using -h
and -p, the -p option specifies the interface to bind to for the
connection to the HTTPS proxy, since there is no way to control what the
HTTPS proxy might do.
- -a accept_rule
- Accept connections that match the rule. Currently, the rule is an ip
address and an optional subnet, e.g. -a 192.168.2.0/24 to accept
connections from the Class-C subnet 192.168.2. All 4 octets of the address
must be provided. If no rules are specified connections are allowed from
any address.
- -t timeout
- Timeout for forced connections, after no attempts in this period it will
connect to a new (pseudo-)randomly selected server. The default is 1
hour.
- -o
- Direct all connections to the first valid server instead of
load-balancing.
- -r retry
- Timeout for downed servers; if specified, then a dead server is retried
after this many seconds. If not specified, then a dead server stays out of
the pool until all have failed or plugdaemon is restarted, then all are
retried again.
- -V
- Prints version and exits.
On a firewall at 192.168.0.14, to proxy an NNTP connection through to a host at
10.0.3.15:
plug -i 192.168.0.14 119 10.0.3.15
On an client, to forward an SSH connection through an HTTP proxy
at 192.168.0.101 port 8008
plug -i 127.0.0.1 2022 -h 192.168.0.101:8008
customer.example.com:22
To forward an AIM connection through the same proxy:
plug -h 192.168.0.101:8008 9898 toc.oscar.aol.com:9898
(then tell your AIM client to connect to localhost port 9898)
Plugdaemon only accepts numeric IP addresses and services.
The syntax is rather clumsy, but I'm deferring cleanup until
version 3.0. The main thing I'd like to do is get rid of the -i option and
allow any of the following forms for the source: port, :port,
*:port, address:port, or source/interface (to specify
the outgoing interface). As well as regularise the various flags other
people have added that I've kept to keep from breaking their scripts.
Plugdaemon only accepts numeric IP addresses and services.
I don't call gethostbyname anywhere to keep someone from managing
to fake it out by spoofing the firewall, but I think that there's places
this would be a minor risk, so 3.0 will probably add that as a compile-time
option.
Plugdaemon is released under a "Berkeley" style license. See
the file LICENSE for details. (tip me if you like this program, e-gold account
172426)
Peter da Silva <peter@taronga.com>