On Tue, 06 Jun 2017 08:18:15 -0600 "Theo de Raadt" <dera...@openbsd.org> wrote:
> > For a few years I have been running nc from inetd together with pf > > redirect rules to reach LAN servers via their public IP adresses > > from LAN: > > > > # cat /etc/inetd.conf > > 127.0.0.1:20080 stream tcp nowait proxy /usr/bin/nc nc -w 20 > > PR.IV.AT.E 80 127.0.0.1:20443 stream tcp nowait proxy /usr/bin/nc > > nc -w 20 PR.IV.AT.E 443 > > > > Now that proxy user is gone in 6.1, what would be appropriate > > account to run nc under? Is nobody OK? Something else? > > > > Or is there a better way to accomplish this? > > A user of your own you create. > > Never reuse a user intended for another purpose. > > Take a glance at the ptrace manual page. > Thank you for your help. I created dedicated user for this purpose, taking _ftp_proxy as starting point: _nc_proxy:*:20080:20080::0:0:NC Proxy Daemon:/nonexistent:/sbin/nologin I have read ptrace manual. But I guess I need to read much MUCH more if I want to comprehend it :) Best regards, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
