Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PLUG(1)			    General Commands Manual		       PLUG(1)

NAME
       plug -- Plug proxy daemon.

SYNOPSIS
       /usr/local/sbin/plug  -V	 <br>  /usr/local/sbin/plug [-f] [-l] [-P pid-
       file] [-S sessionfile] [-k] [-d[d]] [-n]	[-i sourceaddr]	[-p proxyaddr]
       [-h  https-proxy[:port]]	 [-t timeout] [-a accept_rule] [-o] [-r	retry]
       [-V] sourceport destaddr[:destport] [destaddr[:destport]]...

DESCRIPTION
       Plugdaemon acts as a "dumb proxy", forwarding a TCP/IP  stream  from  a
       port  on	 one  host to a	possibly different port	on a separate host. It
       runs as a daemon	to reduce latency in setting up	a connection, and  op-
       tionally	logs every connection via syslog.

OPTIONS
       -f     Forces a given client address to continue	to connect to the same
	      host on subsequent attempts, for proxying	 HTTP  connections  so
	      that subsequent hits will	be on the same mirror.

       -k     Turns  on	SO_KEEPALIVE on	the plug. You want to use this on fre-
	      quent short term connections like	HTTP requests  where  response
	      time  is	more  important	 than reliability on flakey links, and
	      leave it off on long-term	connections that may go	 a  long  time
	      without transferring data.

       -l     turns on connection logging.

       -P pidfile
	      Maintains	a file that contains the process ID of the master plug
	      daemon, followed by the process IDs of all the active  children.
	      This  can	be used	for cleanup or monitoring. The file is deleted
	      when the parent process exits.

       -S sessionfile
	      Write session info to this file at the end of each connection:

	      [yyyy-mm-dd HH:MM:SS] plug[PID] FROM PEER	TO IN OUT DURATION

	      Where "yyyy-mm-dd	HH:MM:SS" is the time the  connection  closed,
	      PID  is the process-id of	the connection,	PEER is	the address of
	      the client that connected, FROM and TO  are  the	listener  port
	      (and  address, if	specified) and target address and port,	IN and
	      OUT are the bytes	read and written, and DURATION is the  connec-
	      tion duration in microseconds.

       If  the	session	 file is "-", it writes	the session to standard	output
       (implies	-n).

       -d     turns on debugging output	(implies -n).  Additional  -d  options
	      add more output.

       -n Stops
	      plug  from  running as a daemon or logging errors	to syslog. Er-
	      rors in this mode	are displayed on standard error.

       -i interface
	      Bind the plug to the named interface,  for  use  on  multi-homed
	      hosts.

       -p interface
	      Bind  the	source port of the proxied connection to the named in-
	      terface, for use on multi-homed hosts.

       -h host:port
	      Connect via an HTTPS proxy on host:port. Note that when using -h
	      and -p, the -p option specifies the interface to bind to for the
	      connection to the	HTTPS proxy, since there is no way to  control
	      what the HTTPS proxy might do.

       -a accept_rule
	      Accept  connections  that	match the rule.	Currently, the rule is
	      an ip address and	an optional subnet, e.g.  -a 192.168.2.0/24 to
	      accept  connections  from	 the  Class-C  subnet 192.168.2. All 4
	      octets of	the address must be provided. If no rules  are	speci-
	      fied connections are allowed from	any address.

       -t timeout
	      Timeout for forced connections, after no attempts	in this	period
	      it will connect to a new (pseudo-)randomly selected server.  The
	      default is 1 hour.

       -o     Direct  all  connections	to  the	 first valid server instead of
	      load-balancing.

       -r retry
	      Timeout for downed servers; if specified,	then a dead server  is
	      retried  after this many seconds.	 If not	specified, then	a dead
	      server stays out of the pool until all have failed or plugdaemon
	      is restarted, then all are retried again.

       -V     Prints version and exits.

EXAMPLES
       On a firewall at	192.168.0.14, to proxy an NNTP connection through to a
       host at 10.0.3.15:

       plug -i 192.168.0.14 119	10.0.3.15

       On an client, to	forward	an SSH connection through  an  HTTP  proxy  at
       192.168.0.101 port 8008

       plug -i 127.0.0.1 2022 -h 192.168.0.101:8008 customer.example.com:22

       To forward an AIM connection through the	same proxy:

       plug -h 192.168.0.101:8008 9898 toc.oscar.aol.com:9898

       (then tell your AIM client to connect to	localhost port 9898)

BUGS
       Plugdaemon only accepts numeric IP addresses and	services.

       The  syntax  is	rather clumsy, but I'm deferring cleanup until version
       3.0. The	main thing I'd like to do is get rid of	the -i option and  al-
       low any of the following	forms for the source: port, :port, *:port, ad-
       dress:port, or source/interface (to specify  the	 outgoing  interface).
       As  well	 as  regularise	the various flags other	people have added that
       I've kept to keep from breaking their scripts.

SECURITY FEATURES
       Plugdaemon only accepts numeric IP addresses and	services.

       I don't call gethostbyname anywhere to keep someone  from  managing  to
       fake  it	 out by	spoofing the firewall, but I think that	there's	places
       this would be a minor risk, so 3.0 will probably	add that as a compile-
       time option.

LICENSE
       Plugdaemon  is  released	under a	"Berkeley" style license. See the file
       LICENSE for details.  (tip me if	you like this program, e-gold  account
       172426)

AUTHOR
       Peter da	Silva <peter@taronga.com>

				   FIREWALL			       PLUG(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | BUGS | SECURITY FEATURES | LICENSE | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=plug&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help