interfaces.txt

伯克利做的SFTP安全文件传输协议

Starting with the 1.42 version of sftpd, it incorporates functionality
contributed by Landon Curt Noll, http://www.isthe.com/chongo/ :

    * The sftpd daemon can optionally listen for new clients on a port
      of specific interface / IP address.

    * The sftpd daemon can connect to a ftpd server on a different machine.

    * The myinetd can optionally listen for new clients on a port
      of specific interface / IP address.

The mods to sftpd extend functionality of -p port and -f port to be:

    -p Ihost:port

	Listen for new clients on 'port' for the interface 'Ihost'.
	The 'Ihost' must be one of the hostnames or IP address of the
	machine on which sftpd is running.

	Note that the Ihost: part is optional.  The ``-p port'' still
	works in the old way.

    -f Fhost:port

	Connect to an ftpd server on host 'Fhost' port 'port'.
	The 'Fhost' may be any hostname / IP address.

	Note that the Fhost: part is optional.  The ``-f port'' still
	works in the old way.

Also for myinetd, the port arg may be ``Ihost:port'' as well.

=-=

Example:

    Say you have a firewall with 2 IP addresses, 1 public and 1 private.
    Assume that the private connect is a dedicated / securite / private
    network segment to an ftp server.

    So the firewall has:

	200.100.50.25	ftp.public.foo.com
	10.1.0.1	gateway.firewall.foo.com

    And say there is an ftp server on the private network:

	10.1.0.30	ftp.private.foo.com

     The following sftpd command will allow this to work:

	sftpd -p200.100.50.25:353 -f10.1.0.30:21 ...

     Or one can run myinetd as follows:

	myinetd 200.100.50.25:353 /sbin/sftpd -s -f10.1.0.30:21 ...

A more complex example:

    Say you have a firewall with 4 IP addresses, 3 public and 1 private.
    Assume that the private connect is a dedicated / securite / private
    network segment to several ftp servers.

    So the firewall has:

	200.100.50.25	ftp.public.foo.com
	200.100.55.10	ftp.public.bar.com
	200.100.65.5	ftp.public.baz.com
	10.1.0.1	gateway.firewall.foo.com

    And say there are multiple ftp servers on the private network:

	10.1.0.30	ftp.private.foo.com
	10.1.0.31	ftp.private.bar.com
	10.1.0.32	ftp.private.baz.com

    One can run several sftpd daemons to the ftp servers from the firewall:

	sftpd -p200.100.50.25:353 -f10.1.0.30:21 -y/etc/key1 ...
	sftpd -p200.100.55.10:353 -f10.1.0.31:21 -y/etc/key2 ...
	sftpd -p200.100.65.5:353 -f10.1.0.32:21 -y/etc/key3 ...

    Or one can run multiple myinetd's as follows:

	myinetd 200.100.50.25:353 /sbin/sftpd -f10.1.0.30:21 -y/etc/key1 ...
	myinetd 200.100.55.10:353 /sbin/sftpd -f10.1.0.31:21 -y/etc/key2 ...
	myinetd 200.100.65.5:353 /sbin/sftpd -f10.1.0.32:21 -y/etc/key3 ...