<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> <html> <head> <title>ipsvd - examples</title> </head> <body> <a href="http://smarden.org/pape/">G. Pape</a><br> <a href="index.html">ipsvd</a><br> <hr> <h1>ipsvd - examples</h1> <hr> <a href="#tcp">TCP/IP services</a><br> <a href="#udp">UDP/IP services</a><br> <a href="#instruct"><i>ipsvd</i> instructions</a><br> <hr> <h3><a name="tcp">TCP/IP service examples</a></h3> This <tt>run</tt> script provides an <i>identd</i> service on <tt>0.0.0.0:113</tt> <pre> #!/bin/sh exec tcpsvd -l0 0 113 identd </pre> This <tt>run</tt> script provides a <a href="http://untroubled.org/mailfront/">smtpfront-qmail</a> service on <tt>192.168.2.1:25</tt>, with per-host instructions through the constant database <tt>./peers.cdb</tt>. <pre> #!/bin/sh exec 2>&1 MAXSMTPD="`cat /var/qmail/control/concurrencyincoming`" exec softlimit -m2000000 \ env SMTPGREETING=smarden.org \ MAILRULES=/etc/mailfront/smtp/mailrules \ tcpsvd -vp -uqmaild -c"$MAXSMTPD" -x./peers.cdb 192.168.2.1 25 \ smtpfront-qmail </pre> This <tt>run</tt> script provides a <a href="http://www.bincimap.org/">bincimaps</a> service on <tt>10.0.0.14:993</tt>, with per-host concurrency limit, and with per-host instructions through the directory <tt>./peers</tt>. <pre> #!/bin/sh exec 2>&1 exec tcpsvd -vvp -c40 -C10 -l0 -i./peers 10.0.0.14 993 \ bincimap-up --logtype=multilog --conf=/etc/bincimap/bincimap.conf --ssl -- \ /usr/bin/checkpw /usr/sbin/bincimapd </pre> This <tt>run</tt> script provides a <a href="http://www.bincimap.org/">bincimaps</a> service on <tt>10.0.0.14:993</tt>, but using the <a href="sslio.8.html">sslio</a> program, and so the <a href="http://www.matrixssl.org/">matrixssl</a> library, instead of <tt>bincimap</tt>'s builtin <tt>OpenSSL</tt> support. <pre> #!/bin/sh exec 2>&1 exec tcpsvd -v -c40 -l0 10.0.0.14 993 \ sslio -vv -C/imapd.pem -unobody -//etc/bincimap/bincimaps/jail \ bincimap-up --conf=/etc/bincimap/bincimap.conf -a -- \ /usr/bin/checkpw /usr/sbin/bincimapd </pre> This <tt>run</tt> script provides a <a href="http://www.qmail.org/">qmail-smtpd</a> service on <tt>192.168.14.6:25</tt>, with per-host concurrency limit, and with per-host instructions through the directory <tt>./peers</tt>. <pre> #!/bin/sh exec 2>&1 exec softlimit -m2000000 \ tcpsvd -vvh -i./peers -uqmaild \ -c40 -C'10:421 per host concurrency limit reached\r\n' \ 192.168.14.6 25 qmail-smtpd </pre> This <tt>run</tt> script provides a <a href="http://www.fefe.de/fnord/">fnord</a> <tt>https</tt> service on <tt>10.0.5.4</tt>. <pre> #!/bin/sh exec 2>&1 cd /public/10.0.5.4 exec chpst -m300000 -Uwwwuser tcpsvd -v 10.0.5.4 443 \ sslio -v -unobody -//etc/fnord/jail -C./cert.pem fnord </pre> <hr> <h3><a name="udp">UDP/IP service examples</a></h3> This <tt>run</tt> script provides a <i>talkd</i> service on <tt>192.168.1.1:517</tt> <pre> #!/bin/sh exec udpsvd -unobody:tty 192.168.1.1 517 in.talkd </pre> This <tt>run</tt> script provides a <i>tftpd</i> service on <tt>0.0.0.0:69</tt> with per-IP-address instructions through the directory <tt>/etc/tftpd/peers</tt> <pre> #!/bin/sh cd / exec 2>&1 exec udpsvd -v -lbootserver -unobody -i/etc/tftpd/peers 0 69 \ in.tftpd -s /boot/tftpboot/ </pre> <hr> <h3><a name="instruct"><i>ipsvd</i> instruction examples</a></h3> This <tt>run</tt> script provides a <i>telnetd</i> TCP/IP service, with per-IP-address <a href="ipsvd-instruct.5.html">instructions</a> through the directory <tt>./peers</tt> <pre> #!/bin/sh exec tcpsvd -i./peers 0.0.0.0 23 in.telnetd </pre> Per default any client IP address is allowed to connect to this service. To allow connections from <tt>192.168.1.17</tt>, and to deny connections from anywhere else, do <pre> # touch ./peers/192.168.1.17; chmod 644 ./peers/192.168.1.17 # touch ./peers/0; chmod 0 ./peers/0 </pre> To allow connections from <tt>192.168.3.0-255</tt>, do <pre> # touch ./peers/192.168.3; chmod 644 ./peers/192.168.3 </pre> To deny connections from <tt>10.0.*.*</tt> explicitly, do <pre> # touch ./peers/10.0; chmod 0 ./peers/10.0 </pre> To have <tt>TRUST=true</tt> set in the environment when running <i>in.telnetd</i> for a connection from <tt>192.168.14.2</tt>, do <pre> # echo '+TRUST=true' >./peers/192.168.14.2; chmod 644 ./peers/192.168.14.2 </pre> To provide a <i>sshd</i> login for connections from <tt>10.2.0.14</tt> on port 23, and the usual <i>telnetd</i> service for all others, do <pre> # echo 'sshd -i' >./peers/10.2.0.14; chmod 744 ./peers/10.2.0.14 </pre> To allow only connections from IP addresses the (dynamic) hostnames <tt>floyd.dyn.smarden.org</tt> and <tt>greg.dyn.smarden.org</tt> currently resolve to, do <pre> # echo '=floyd.dyn.smarden.org' >./peers/0 # echo '=greg.dyn.smarden.org' >>./peers/0 # chmod 644 ./peers/0 </pre> See <a href="ipsvd-instruct.5.html">ipsvd instructions</a> for details. <hr> <address><a href="mailto:pape@smarden.org"> Gerrit Pape <pape@smarden.org> </a></address> <small>$Id: examples.html,v 1.8 2004/12/01 10:44:09 pape Exp $</small> </body> </html>