Site Navigation

FreeBSD Manual Pages

   man apropos
 
   All Sections 1 - General Commands 2 - System Calls 3 - Subroutines 4 - Special Files 5 - File Formats 6 - Games 7 - Macros and Conventions 8 - Maintenance Commands 9 - Kernel Interface n - New Commands FreeBSD 14.0-CURRENT FreeBSD 13.2-RELEASE FreeBSD 13.2-RELEASE and Ports FreeBSD 13.2-STABLE FreeBSD 13.1-RELEASE FreeBSD 13.1-RELEASE and Ports FreeBSD 13.0-RELEASE FreeBSD 13.0-RELEASE and Ports FreeBSD 12.4-RELEASE FreeBSD 12.4-RELEASE and Ports FreeBSD 12.4-STABLE FreeBSD 12.3-RELEASE FreeBSD 12.3-RELEASE and Ports FreeBSD 12.2-RELEASE FreeBSD 12.2-RELEASE and Ports FreeBSD 12.1-RELEASE FreeBSD 12.1-RELEASE and Ports FreeBSD 12.0-RELEASE FreeBSD 12.0-RELEASE and Ports FreeBSD 11.4-RELEASE FreeBSD 11.4-RELEASE and Ports FreeBSD 11.3-RELEASE FreeBSD 11.3-RELEASE and Ports FreeBSD 11.2-RELEASE FreeBSD 11.2-RELEASE and Ports FreeBSD 11.1-RELEASE FreeBSD 11.1-RELEASE and Ports FreeBSD 11.0-RELEASE FreeBSD 11.0-RELEASE and Ports FreeBSD 10.4-RELEASE FreeBSD 10.4-RELEASE and Ports FreeBSD 10.3-RELEASE FreeBSD 10.3-RELEASE and Ports FreeBSD 10.2-RELEASE FreeBSD 10.2-RELEASE and Ports FreeBSD 10.1-RELEASE FreeBSD 10.1-RELEASE and Ports FreeBSD 10.0-RELEASE FreeBSD 10.0-RELEASE and Ports FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE and Ports FreeBSD 9.2-RELEASE FreeBSD 9.2-RELEASE and Ports FreeBSD 9.1-RELEASE FreeBSD 9.1-RELEASE and Ports FreeBSD 9.0-RELEASE FreeBSD 9.0-RELEASE and Ports FreeBSD 8.4-RELEASE FreeBSD 8.4-RELEASE and Ports FreeBSD 8.3-RELEASE FreeBSD 8.3-RELEASE and Ports FreeBSD 8.2-RELEASE FreeBSD 8.2-RELEASE and Ports FreeBSD 8.1-RELEASE FreeBSD 8.1-RELEASE and Ports FreeBSD 8.0-RELEASE FreeBSD 8.0-RELEASE and Ports FreeBSD 7.4-RELEASE FreeBSD 7.4-RELEASE and Ports FreeBSD 7.3-RELEASE FreeBSD 7.3-RELEASE and Ports FreeBSD 7.2-RELEASE FreeBSD 7.2-RELEASE and Ports FreeBSD 7.1-RELEASE FreeBSD 7.1-RELEASE and Ports FreeBSD 7.0-RELEASE FreeBSD 6.4-RELEASE FreeBSD 6.4-RELEASE and Ports FreeBSD 6.3-RELEASE FreeBSD 6.3-RELEASE and Ports FreeBSD 6.2-RELEASE FreeBSD 6.1-RELEASE FreeBSD 6.0-RELEASE FreeBSD 6.0-RELEASE and Ports FreeBSD 5.5-RELEASE FreeBSD 5.5-RELEASE and Ports FreeBSD 5.4-RELEASE FreeBSD 5.4-RELEASE and Ports FreeBSD 5.3-RELEASE FreeBSD 5.3-RELEASE and Ports FreeBSD 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE and Ports FreeBSD 5.2-RELEASE FreeBSD 5.2-RELEASE and Ports FreeBSD 5.1-RELEASE FreeBSD 5.0-RELEASE FreeBSD 4.11-RELEASE FreeBSD 4.11-RELEASE and Ports FreeBSD 4.10-RELEASE FreeBSD 4.10-RELEASE and Ports FreeBSD 4.9-RELEASE FreeBSD 4.9-RELEASE and Ports FreeBSD 4.8-RELEASE FreeBSD 4.8-RELEASE and Ports FreeBSD 4.7-RELEASE FreeBSD 4.6.2-RELEASE FreeBSD 4.6.2-RELEASE and Ports FreeBSD 4.6-RELEASE FreeBSD 4.6-RELEASE and Ports FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE and Ports FreeBSD 4.4-RELEASE FreeBSD 4.3-RELEASE FreeBSD 4.3-RELEASE and Ports FreeBSD 4.2-RELEASE FreeBSD 4.2-RELEASE and Ports FreeBSD 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE and Ports FreeBSD 4.1-RELEASE FreeBSD 4.0-RELEASE FreeBSD 3.5.1-RELEASE FreeBSD 3.5.1-RELEASE and Ports FreeBSD 3.5-RELEASE and Ports FreeBSD 3.4-RELEASE FreeBSD 3.4-RELEASE and Ports FreeBSD 3.3-RELEASE FreeBSD 3.2-RELEASE FreeBSD 3.1-RELEASE FreeBSD 3.0-RELEASE FreeBSD 2.2.8-RELEASE FreeBSD 2.2.8-RELEASE and Ports FreeBSD 2.2.7-RELEASE FreeBSD 2.2.6-RELEASE FreeBSD 2.2.5-RELEASE FreeBSD 2.2.2-RELEASE FreeBSD 2.2.1-RELEASE FreeBSD 2.1.7.1-RELEASE FreeBSD 2.1.6.1-RELEASE FreeBSD 2.1.5-RELEASE FreeBSD 2.1.0-RELEASE FreeBSD 2.0.5-RELEASE FreeBSD 2.0-RELEASE FreeBSD 1.1.5.1-RELEASE FreeBSD 1.1-RELEASE FreeBSD 1.0-RELEASE FreeBSD Ports 13.2 FreeBSD Ports 13.1 FreeBSD Ports 13.0 FreeBSD Ports 12.4 FreeBSD Ports 12.3 FreeBSD Ports 12.2 FreeBSD Ports 12.1 FreeBSD Ports 12.0 FreeBSD Ports 11.4 FreeBSD Ports 11.3 FreeBSD Ports 11.2 FreeBSD Ports 11.1 FreeBSD Ports 11.0 FreeBSD Ports 10.4 FreeBSD Ports 10.3 FreeBSD Ports 10.2 FreeBSD Ports 10.1 FreeBSD Ports 10.0 FreeBSD Ports 9.3 FreeBSD Ports 9.2 FreeBSD Ports 9.1 FreeBSD Ports 9.0 FreeBSD Ports 8.4 FreeBSD Ports 8.3 FreeBSD Ports 8.2 FreeBSD Ports 8.1 FreeBSD Ports 8.0 FreeBSD Ports 7.4 FreeBSD Ports 7.3 FreeBSD Ports 7.2 FreeBSD Ports 7.1 FreeBSD Ports 7.0 FreeBSD Ports 6.4 FreeBSD Ports 6.3 FreeBSD Ports 6.2 FreeBSD Ports 6.0 FreeBSD Ports 5.5 FreeBSD Ports 5.4 FreeBSD Ports 5.3 FreeBSD Ports 5.2.1 FreeBSD Ports 5.2 FreeBSD Ports 5.1 FreeBSD Ports 4.11 FreeBSD Ports 4.10 FreeBSD Ports 4.9 FreeBSD Ports 4.8 FreeBSD Ports 4.7 FreeBSD Ports 4.6.2 FreeBSD Ports 4.6 FreeBSD Ports 4.5 FreeBSD Ports 4.3 FreeBSD Ports 4.2 FreeBSD Ports 4.1.1 FreeBSD Ports 3.5.1 FreeBSD Ports 3.5 FreeBSD Ports 3.4 FreeBSD Ports 2.2.8 4.4BSD Lite2 4.3BSD NET/2 4.3BSD Reno 2.11 BSD 2.10 BSD 2.9.1 BSD 2.8 BSD 386BSD 0.1 386BSD 0.0 CentOS 7.1 CentOS 7.0 CentOS 6.6 CentOS 6.5 CentOS 6.4 CentOS 6.3 CentOS 6.2 CentOS 6.1 CentOS 6.0 CentOS 5.11 CentOS 5.10 CentOS 5.9 CentOS 5.8 CentOS 5.7 CentOS 5.6 CentOS 5.5 CentOS 5.4 CentOS 4.8 CentOS 3.9 Darwin 8.0.1/ppc Darwin 7.0.1 Darwin 6.0.2/x86 Darwin 1.4.1/x86 Darwin 1.3.1/x86 Debian 8.1.0 Debian 7.8.0 Debian 6.0.10 Debian 5.0.10 Debian 4.0.9 Debian 3.1.8 Debian 2.2.7 HP-UX 11.22 HP-UX 11.20 HP-UX 11.11 HP-UX 11.00 HP-UX 10.20 HP-UX 10.10 HP-UX 10.01 HP-UX 9.07 HP-UX 8.07 IRIX 6.5.30 Inferno 4th Edition Linux Slackware 3.1 MACH 2.5/i386 Minix 2.0 NetBSD 9.3 NetBSD 9.2 NetBSD 9.1 NetBSD 9.0 NetBSD 8.2 NetBSD 8.1 NetBSD 8.0 NetBSD 7.1 NetBSD 7.0 NetBSD 6.1.5 NetBSD 6.0 NetBSD 5.1 NetBSD 5.0 NetBSD 4.0.1 NetBSD 4.0 NetBSD 3.1 NetBSD 3.0 NetBSD 2.1 NetBSD 2.0.2 NetBSD 2.0 NetBSD 1.6.2 NetBSD 1.6.1 NetBSD 1.6 NetBSD 1.5.3 NetBSD 1.5.2 NetBSD 1.5.1 NetBSD 1.5 NetBSD 1.4.3 NetBSD 1.4.2 NetBSD 1.4.1 NetBSD 1.4 NetBSD 1.3.3 NetBSD 1.3.2 NetBSD 1.3.1 NetBSD 1.3 NetBSD 1.2.1 NetBSD 1.2 NetBSD 1.1 NetBSD 1.0 NeXTSTEP 3.3 OpenBSD 7.3 OpenBSD 7.2 OpenBSD 7.1 OpenBSD 7.0 OpenBSD 6.9 OpenBSD 6.8 OpenBSD 6.7 OpenBSD 6.6 OpenBSD 6.5 OpenBSD 6.4 OpenBSD 6.3 OpenBSD 6.2 OpenBSD 6.1 OpenBSD 6.0 OpenBSD 5.9 OpenBSD 5.8 OpenBSD 5.7 OpenBSD 5.6 OpenBSD 5.5 OpenBSD 5.4 OpenBSD 5.3 OpenBSD 5.2 OpenBSD 5.1 OpenBSD 5.0 OpenBSD 4.9 OpenBSD 4.8 OpenBSD 4.7 OpenBSD 4.6 OpenBSD 4.5 OpenBSD 4.4 OpenBSD 4.3 OpenBSD 4.2 OpenBSD 4.1 OpenBSD 4.0 OpenBSD 3.9 OpenBSD 3.8 OpenBSD 3.7 OpenBSD 3.6 OpenBSD 3.5 OpenBSD 3.4 OpenBSD 3.3 OpenBSD 3.2 OpenBSD 3.1 OpenBSD 3.0 OpenBSD 2.9 OpenBSD 2.8 OpenBSD 2.7 OpenBSD 2.6 OpenBSD 2.5 OpenBSD 2.4 OpenBSD 2.3 OpenBSD 2.2 OpenBSD 2.1 OpenBSD 2.0 OpenDarwin 7.2.1 OpenDarwin 6.6.1/x86 OSF1 V5.1/alpha OSF1 V4.0/alpha OSF1 V1.0/mips OpenDarwin 20030208pre4/ppc OpenDarwin 6.6.2/x86 OpenStep 4.2 Plan 9 Red Hat 8.0 Red Hat 7.3 Red Hat 7.2 Red Hat 7.1 Red Hat 7.0 Red Hat 6.2 Red Hat 6.1 Red Hat 5.2 Red Hat 5.0 Red Hat 4.2 Red Hat 9 Rhapsody DR1 Rhapsody DR2 Sun UNIX 0.4 SunOS 5.10 SunOS 5.9 SunOS 5.8 SunOS 5.7 SunOS 5.6 SunOS 5.5.1 SunOS 4.1.3 SuSE 11.3 SuSE 11.2 SuSE 11.1 SuSE 11.0 SuSE 10.3 SuSE 10.2 SuSE 10.1 SuSE 10.0 SuSE 9.3 SuSE 9.2 SuSE 8.2 SuSE 8.1 SuSE 8.0 SuSE 7.3 SuSE 7.2 SuSE 7.1 SuSE 7.0 SuSE 6.4 SuSE 6.3 SuSE 6.1 SuSE 6.0 SuSE 5.3 SuSE 5.2 SuSE 5.0 SuSE 4.3 SuSE ES 10 SP1 ULTRIX 4.2 Ultrix-32 2.0/VAX Unix Seventh Edition X11R7.4 X11R7.3.2 X11R7.2 X11R6.9.0 X11R6.8.2 X11R6.7.0 XFree86 4.8.0 XFree86 4.7.0 XFree86 4.6.0 XFree86 4.5.0 XFree86 4.4.0 XFree86 4.3.0 XFree86 4.2.99.3 XFree86 4.2.0 XFree86 4.1.0 XFree86 4.0.2 XFree86 4.0.1 XFree86 4.0 XFree86 3.3.6 XFree86 3.3 XFree86 2.1 All Architectures html pdf ascii

home | help

---

FAITHD(8)		  BSD System Manager's Manual		     FAITHD(8)

NAME
     faithd -- FAITH IPv6/v4 translator	daemon

SYNOPSIS
     faithd [-dp] [-f configfile] service [serverpath [serverargs]]

DESCRIPTION
     The faithd	utility	provides IPv6-to-IPv4 TCP relay.  It must be used on
     an	IPv4/v6	dual stack router.

     When faithd receives TCPv6	traffic, faithd	will relay the TCPv6 traffic
     to	TCPv4.	Destination for	relayed	TCPv4 connection will be determined by
     the last 4	octets of the original IPv6 destination.  For example, if
     3ffe:0501:4819:ffff:: is reserved for faithd, and the TCPv6 destination
     address is	3ffe:0501:4819:ffff::0a01:0101,	the traffic will be relayed to
     IPv4 destination 10.1.1.1.

     To	use faithd translation service,	an IPv6	address	prefix must be re-
     served for	mapping	IPv4 addresses into.  Kernel must be properly config-
     ured to route all the TCP connection toward the reserved IPv6 address
     prefix into the faith(4) pseudo interface,	by using route(8) command.
     Also, sysctl(8) should be used to configure net.inet6.ip6.keepfaith to 1.

     The router	must be	configured to capture all the TCP traffic toward re-
     served IPv6 address prefix, by using route(8) and sysctl(8) commands.

     The faithd	utility	needs a	special	name-to-address	translation logic, so
     that hostnames gets resolved into special IPv6 address prefix.  For
     small-scale installation, use hosts(5).  For large-scale installation, it
     is	useful to have a DNS server with special address translation support.
     An	implementation called totd is available	at
     http://www.vermicelli.pasta.cs.uit.no/ipv6/software.html.	Make sure you
     do	not propagate translated DNS records to	normal DNS cloud, it is	highly
     harmful.

   Daemon mode
     When faithd is invoked as a standalone program, faithd will daemonize it-
     self.  The	faithd utility will listen to TCPv6 port service.  If TCPv6
     traffic to	port service is	found, it relays the connection.

     Since faithd listens to TCP port service, it is not possible to run local
     TCP daemons for port service on the router, using inetd(8)	or other stan-
     dard mechanisms.  By specifying serverpath	to faithd, you can run local
     daemons on	the router.  The faithd	utility	will invoke local daemon at
     serverpath	if the destination address is local interface address, and
     will perform translation to IPv4 TCP in other cases.  You can also	spec-
     ify serverargs for	the arguments for the local daemon.

     The following options are available:

     -d	     Debugging information will	be generated using syslog(3).

     -f	configfile
	     Specify a configuration file for access control.  See below.

     -p	     Use privileged TCP	port number as source port, for	IPv4 TCP con-
	     nection toward final destination.	For relaying ftp(1), this flag
	     is	not necessary as special program code is supplied.

     The faithd	utility	will relay both	normal and out-of-band TCP data.  It
     is	capable	of emulating TCP half close as well.  The faithd utility in-
     cludes special support for	protocols used by ftp(1).  When	translating
     FTP protocol, faithd translates network level addresses in	PORT/LPRT/EPRT
     and PASV/LPSV/EPSV	commands.

     Inactive sessions will be disconnected in 30 minutes, to avoid stale ses-
     sions from	chewing	up resources.  This may	be inappropriate for some of
     the services (should this be configurable?).

   inetd mode
     When faithd is invoked via	inetd(8), faithd will handle connection	passed
     from standard input.  If the connection endpoint is in the	reserved IPv6
     address prefix, faithd will relay the connection.	Otherwise, faithd will
     invoke service-specific daemon like telnetd(8), by	using the command ar-
     gument passed from	inetd(8).

     The faithd	utility	determines operation mode by the local TCP port	num-
     ber, and enables special protocol handling	whenever necessary/possible.
     For example, if faithd is invoked via inetd(8) on FTP port, it will oper-
     ate as a FTP relay.

     The operation mode	requires special support for faithd in inetd(8).

   Access control
     To	prevent	malicious accesses, faithd implements a	simple address-based
     access control.  With /etc/faithd.conf (or	configfile specified by	-f),
     faithd will avoid relaying	unwanted traffic.  The faithd.conf contains
     directives	with the following format:

     o	 src/slen deny dst/dlen

	 If the	source address of a query matches src/slen, and	the translated
	 destination address matches dst/dlen, deny the	connection.

     o	 src/slen permit dst/dlen

	 If the	source address of a query matches src/slen, and	the translated
	 destination address matches dst/dlen, permit the connection.

     The directives are	evaluated in sequence, and the first matching entry
     will be effective.	 If there is no	match (if we reach the end of the
     ruleset) the traffic will be denied.

     With inetd	mode, traffic may be filtered by using access control func-
     tionality in inetd(8).

EXIT STATUS
     The faithd	utility	exits with EXIT_SUCCESS	(0) on success,	and
     EXIT_FAILURE (1) on error.

EXAMPLES
     Before invoking faithd, faith(4) interface	has to be configured properly.

     # sysctl net.inet6.ip6.accept_rtadv=0
     # sysctl net.inet6.ip6.forwarding=1
     # sysctl net.inet6.ip6.keepfaith=1
     # ifconfig	faith0 up
     # route add -inet6	3ffe:501:4819:ffff:: -prefixlen	96 ::1
     # route change -inet6 3ffe:501:4819:ffff::	-prefixlen 96 -ifp faith0

   Daemon mode samples
     To	translate telnet service, and provide no local telnet service, invoke
     faithd as follows:

     # faithd telnet

     If	you would like to provide local	telnet service via telnetd(8) on
     /usr/libexec/telnetd, use the following command line:

     # faithd telnet /usr/libexec/telnetd telnetd

     If	you would like to pass extra arguments to the local daemon:

     # faithd ftp /usr/libexec/ftpd ftpd -l

     Here are some other examples.  You	may need -p if the service checks the
     source port range.

     # faithd ssh
     # faithd telnet /usr/libexec/telnetd telnetd

   inetd mode samples
     Add the following lines into inetd.conf(5).  Syntax may vary depending
     upon your operating system.

     telnet  stream  tcp6/faith	 nowait	 root  faithd  telnetd
     ftp     stream  tcp6/faith	 nowait	 root  faithd  ftpd -l
     ssh     stream  tcp6/faith	 nowait	 root  faithd  /usr/sbin/sshd -i

     inetd(8) will open	listening sockets with enabling	kernel TCP relay sup-
     port.  Whenever connection	comes in, faithd will be invoked by inetd(8).
     If	it the connection endpoint is in the reserved IPv6 address prefix.
     The faithd	utility	will relay the connection.  Otherwise, faithd will in-
     voke service-specific daemon like telnetd(8).

   Access control samples
     The following illustrates a simple	faithd.conf setting.

     # permit anyone from 3ffe:501:ffff::/48 to	use the	translator,
     # to connect to the following IPv4	destinations:
     # - any location except 10.0.0.0/8	and 127.0.0.0/8.
     # Permit no other connections.
     #
     3ffe:501:ffff::/48	deny 10.0.0.0/8
     3ffe:501:ffff::/48	deny 127.0.0.0/8
     3ffe:501:ffff::/48	permit 0.0.0.0/0

SEE ALSO
     faith(4), route(8), sysctl(8)

     Jun-ichiro	itojun Hagino and Kazu Yamamoto, "An IPv6-to-IPv4 transport
     relay translator",	RFC3142, June 2001, ftp://ftp.isi.edu/in-
     notes/rfc3142.txt.

HISTORY
     The faithd	utility	first appeared in WIDE Hydrangea IPv6 protocol stack
     kit.

     IPv6 and IPsec support based on the KAME Project (http://www.kame.net/)
     stack was initially integrated into FreeBSD 4.0

SECURITY CONSIDERATIONS
     It	is very	insecure to use	IP-address based authentication, for connec-
     tions relayed by faithd, and any other TCP	relaying services.

     Administrators are	advised	to limit accesses to faithd using faithd.conf,
     or	by using IPv6 packet filters.  It is to	protect	faithd service from
     malicious parties and avoid theft of service/bandwidth.  IPv6 destination
     address can be limited by carefully configuring routing entries that
     points to faith(4), using route(8).  IPv6 source address needs to be fil-
     tered by using packet filters.  Documents listed in SEE ALSO have more
     discussions on this topic.

BSD				 May 17, 1998				   BSD

---

NAME | SYNOPSIS | DESCRIPTION | EXIT STATUS | EXAMPLES | SEE ALSO | HISTORY | SECURITY CONSIDERATIONS

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=faithd&sektion=8&manpath=FreeBSD+7.1-RELEASE>

home | help

---

Legal Notices | © 1995-2023 The FreeBSD Project. All rights reserved.

Contact