2000-10-10-20:33:11 Martin Pool:
> On Wed, Sep 27, 2000 at 11:48:52AM -0400, Sanjeev Jha wrote:
> > Port forwarding question.
> >
> > I want to forward port 873 to say 5555 and I want rsync-users to use this
> > port(5555) not 873. Now, how can I prevent users to connect at port 873
> > directly ?
>
> You might get away with just running the daemon with
>
> rsync --daemon --port=5555
I think despite the way he asked it, what he's really wanting is not
simple port forwarding, but a cryptographic proxy --- stunnel
perhaps, or something like it. In which case the goal is to make the
service accessible only to users going through the encrypting tunnel
(which listens on port 5555), not to users trying to connect
directly to the unencrypted daemon (on port 873).
If so, then he could achieve the desired effect either by using
packet filtering (ipchains for Linux, IP Filter for most other
platforms) to block access to 873 from the internet, or perhaps more
gracefully by using the rsync option "--address=127.0.0.1" to ensure
that the rsync daemon binds only to the localhost loopback
interface, through which the stunnel will be talking to it.
-Bennett
PGP signature
