Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
PLUG(1)			    General Commands Manual		       PLUG(1)

NAME
       plug -- Plug proxy daemon.

SYNOPSIS
       /usr/local/sbin/plug  -V	 <br>  /usr/local/sbin/plug [-f] [-l] [-P pid-
       file] [-S sessionfile] [-k] [-d[d]] [-n]	[-i sourceaddr]	[-p proxyaddr]
       [-h https-proxy[:port]] [-t timeout] [-a	accept_rule] [-o]  [-r	retry]
       [-V] sourceport destaddr[:destport] [destaddr[:destport]]...

DESCRIPTION
       Plugdaemon  acts	 as  a "dumb proxy", forwarding	a TCP/IP stream	from a
       port on one host	to a possibly different	port on	a  separate  host.  It
       runs  as	a daemon to reduce latency in setting up a connection, and op-
       tionally	logs every connection via syslog.

OPTIONS
       -f     Forces a given client address to continue	to connect to the same
	      host on subsequent attempts, for proxying	 HTTP  connections  so
	      that subsequent hits will	be on the same mirror.

       -k     Turns  on	SO_KEEPALIVE on	the plug. You want to use this on fre-
	      quent short term connections like	HTTP requests  where  response
	      time  is	more  important	 than reliability on flakey links, and
	      leave it off on long-term	connections that may go	 a  long  time
	      without transferring data.

       -l     turns on connection logging.

       -P pidfile
	      Maintains	a file that contains the process ID of the master plug
	      daemon,  followed	by the process IDs of all the active children.
	      This can be used for cleanup or monitoring. The file is  deleted
	      when the parent process exits.

       -S sessionfile
	      Write session info to this file at the end of each connection:

	      [yyyy-mm-dd HH:MM:SS] plug[PID] FROM PEER	TO IN OUT DURATION

	      Where  "yyyy-mm-dd  HH:MM:SS" is the time	the connection closed,
	      PID is the process-id of the connection, PEER is the address  of
	      the  client  that	 connected,  FROM and TO are the listener port
	      (and address, if specified) and target address and port, IN  and
	      OUT  are the bytes read and written, and DURATION	is the connec-
	      tion duration in microseconds.

       If the session file is "-", it writes the session  to  standard	output
       (implies	-n).

       -d     turns  on	 debugging output (implies -n).	 Additional -d options
	      add more output.

       -n Stops
	      plug from	running	as a daemon or logging errors to  syslog.  Er-
	      rors in this mode	are displayed on standard error.

       -i interface
	      Bind  the	 plug  to  the named interface,	for use	on multi-homed
	      hosts.

       -p interface
	      Bind the source port of the proxied connection to	the named  in-
	      terface, for use on multi-homed hosts.

       -h host:port
	      Connect via an HTTPS proxy on host:port. Note that when using -h
	      and -p, the -p option specifies the interface to bind to for the
	      connection  to the HTTPS proxy, since there is no	way to control
	      what the HTTPS proxy might do.

       -a accept_rule
	      Accept connections that match the	rule. Currently, the  rule  is
	      an ip address and	an optional subnet, e.g.  -a 192.168.2.0/24 to
	      accept  connections  from	 the  Class-C  subnet 192.168.2. All 4
	      octets of	the address must be provided. If no rules  are	speci-
	      fied connections are allowed from	any address.

       -t timeout
	      Timeout for forced connections, after no attempts	in this	period
	      it  will connect to a new	(pseudo-)randomly selected server. The
	      default is 1 hour.

       -o     Direct all connections to	the  first  valid  server  instead  of
	      load-balancing.

       -r retry
	      Timeout  for downed servers; if specified, then a	dead server is
	      retried after this many seconds.	If not specified, then a  dead
	      server stays out of the pool until all have failed or plugdaemon
	      is restarted, then all are retried again.

       -V     Prints version and exits.

EXAMPLES
       On a firewall at	192.168.0.14, to proxy an NNTP connection through to a
       host at 10.0.3.15:

       plug -i 192.168.0.14 119	10.0.3.15

       On  an  client,	to  forward an SSH connection through an HTTP proxy at
       192.168.0.101 port 8008

       plug -i 127.0.0.1 2022 -h 192.168.0.101:8008 customer.example.com:22

       To forward an AIM connection through the	same proxy:

       plug -h 192.168.0.101:8008 9898 toc.oscar.aol.com:9898

       (then tell your AIM client to connect to	localhost port 9898)

BUGS
       Plugdaemon only accepts numeric IP addresses and	services.

       The syntax is rather clumsy, but	I'm deferring  cleanup	until  version
       3.0.  The main thing I'd	like to	do is get rid of the -i	option and al-
       low any of the following	forms for the source: port, :port, *:port, ad-
       dress:port, or source/interface (to specify  the	 outgoing  interface).
       As  well	 as  regularise	the various flags other	people have added that
       I've kept to keep from breaking their scripts.

SECURITY FEATURES
       Plugdaemon only accepts numeric IP addresses and	services.

       I don't call gethostbyname anywhere to keep someone  from  managing  to
       fake  it	 out by	spoofing the firewall, but I think that	there's	places
       this would be a minor risk, so 3.0 will probably	add that as a compile-
       time option.

LICENSE
       Plugdaemon is released under a "Berkeley" style license.	See  the  file
       LICENSE	for details.  (tip me if you like this program,	e-gold account
       172426)

AUTHOR
       Peter da	Silva <peter@taronga.com>

				   FIREWALL			       PLUG(1)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=plug&sektion=1&manpath=FreeBSD+Ports+15.0>

home | help