Skip to content

Latest commit

 

History

History
153 lines (109 loc) · 4.81 KB

udpxd.pod

File metadata and controls

153 lines (109 loc) · 4.81 KB
Raw

NAME

udpxd - A general purpose UDP relay/port forwarder/proxy

SYNOPSIS

Usage: udpxd [-lbdfpvhV]

Options:
--listen     -l <ip:port>     listen for incoming requests
--bind       -b <ip[:port]>   bind ip used for outgoing requests
                              specify port for promiscuous mode
--to         -t <ip:port>     destination to forward requests to
--daemon     -d               daemon mode, fork into background
--pidfile    -p <file>        pidfile, default: /var/run/udpxd.pid
--user       -u <user>        run as user (only in daemon mode)
--chroot     -c <path>        chroot to <path> (only in daemon mode)
--help       -h -?            print help message
--version    -V               print program version
--verbose    -v               enable verbose logging

DESCRIPTION

udpxd can be used to forward or proxy UDP client traffic to another port on another system. It also supports binding to a specific ip address which will be used as the source for outgoing packets.

It listens on the ip address and port specified with -l and waits for incoming udp packets. If one arrives, it sends it to the destination specified with -t. Responses will be sent back accordingly.

If -b has not been specified, udpxd uses the operating systems default (e.g. routing) as the source where it sends requests packets out. If -b has been specified, then it binds to the given ip address and uses this as the source address.

In any case, udpxd behaves like a proxy. The receiving end (-t) only sees the source ip address of the outgoing interface of the system running udpxd or the address specified with -b.

The options -l and -t are mandatory.

If the option -d has been specified, udpxd forks into the background and becomes a daemon. It writes it pidfile to /var/run/udpxd.pid, which can be changed with the -p option. If started as root, it also drops privileges to the user nobody or the user specified with -u and chroots to /var/empty or the directory specified with -c. udpxd will log to syslog facility user.info if -v is specified and if running in daemon mode.

Caution: if not running in daemon mode, udpxd does not drop its privileges and will continue to run as root (if started as root).

Udpxd supports ip version 4 and 6, it doesn't support hostnames, -l, -t and -b must be ip addresses. In order to specify an ipv6 address and a port, use:

-l [::1]:53

that is, surround the ipv6 address with brackets.

Port forwardings can be mixed:

listen | forward to
-------+-----------
ipv4   | ipv4
ipv6   | ipv4
ipv4   | ipv6
ipv6   | ipv6

EXAMPLES

Let's say you operate a multihomed unix system named 'foo' with two interfaces: eth0 on the inside, eth1 on the outside:

foo:
 eth0: 192.168.1.1
 eth1: 10.0.0.1

And let's say, you have a client in network 10.0.0.0/24 who whiches to reach an ntp server in network 192.168.1.0/24; and you dont operate a firewall, nat or routing on 'foo'. Run udpxd like this:

udpxd -l 10.0.0.1:123 -t 192.168.1.199:123

Now, if a client with the source ip address 10.0.0.110 sends a ntp request to 10.0.0.1:123, udpxd will forward that packet to 192.168.1.199:123 with the source ip address 192.168.1.1 (because this is where the route points to: eth0). Responses from the ntp server will reach udpxd, which in turn sends them back to the client, where they arrive with the source address (and port) where udpxd is listening.

As you can see, udpxd can be used to implement hiding nat for udp services in user space.

Another example would be, if 'foo' has multiple ip addresses on eth0 (aliases) and you don't want to use the primary address of the interface for outgoing packets.

foo, again:
 eth0: 192.168.1.1,192.168.1.45
 eth0: 10.0.0.1

In order to use 192.168.1.45 as the source ip address, use the -b parameter:

udpxd -l 10.0.0.1:123 -t 192.168.1.199:123 -b 192.168.1.45

In this case for the client everything looks as before, but the ntp server on the other end will see ntp requests coming from 192.168.1.45 instead.

Here we listen on the ip v6 loopback address and forward traffic to another ip v6 destination address:

udpxd -l [::1]:53 -t [2001:4860:4860::8888]:53

Or, we could listen on an ip v4 address and forward to an ip v6 address:

udpxd -l 192.168.1.1:53 -t [2001:4860:4860::8888]:53

FILES

/var/run/udpxd.pid: created if running in daemon mode (-d).

BUGS

In order to report a bug, unexpected behavior, feature requests or to submit a patch, please open an issue on github: https://github.com/TLINDEN/udpxd/issues.

LICENSE

This software is licensed under the GNU GENERAL PUBLIC LICENSE version 3.

Copyright (c) 2015-2017 by T. v. Dein.

This software uses uthash (bundled), which is Copyright (c) 2003-2013 by Troy D. Hanson.

AUTHORS

T.v.Dein tom AT vondein DOT org