aboutsummaryrefslogtreecommitdiff
path: root/network/ipxnet/README
blob: 1b7786bbf587ce0fcfbe7c5181b427c50af832b0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
ipxnet (tunnel IPX over TCP/IP)

Host a standalone IPX network over tcp for old DOS games running in
dosbox.

For more information, see "https://www.dosbox.com/wiki/connectivity". Note
that the "Start IPX server" step is unnecessary when using this build
of ipxnet.

There are two use cases for ipxnet, with two separate executables:

- Users start the daemon as needed, and kill it when they're done. For
  this, there's no need for an init script. The executable for users is
  called "ipxnet". It logs to standard output only, and doesn't detach
  from the terminal. The officially assigned UDP port number can't be
  used, as it's port 213 and normal users can't bind to ports below 1024.

- Persistent daemon, that starts at boot and runs until shutdown. The
  executable for this is "ipxnet-system", but you don't normally run it
  directly. Instead, there's an init script. To make ipxnet start at boot:

  # chmod 755 /etc/rc.d/rc.ipxnet

...then edit /etc/rc.d/rc.local and add:

  if [ -x /etc/rc.d/rc.ipxnet ]; then
     /etc/rc.d/rc.ipxnet start
  fi

The default UDP port for ipxnet-system is 213. To change this, edit
/etc/rc.d/rc.ipxnet.conf, then run "/etc/rc.d/rc.ipxnet restart" if the
daemon is already running.

The ipxnet-system log file is /var/log/ipxnet.log. It will not be
overwritten when the package is reinstalled.

The ipxnet-system binary is installed setuid nobody and setgid nogroup
by default. If you want to change this, set IPXUSER and/or IPXGROUP
in the SlackBuild's environment. It's a bad idea to run this as root,
since it hasn't been audited for security. If you're really paranoid,
you probably will want to create a dedicated ipxnet user and group.

ipxnet-system also has the cap_net_bind_service capability set, meaning
it must be installed on a filesystem that supports capabilities (this
includes but is not limited to ext2/3/4 and reiserfs v3). This is required
for it to run as "nobody" yet be able to bind to low-numbered ports,
and is a much safer alternative to running it as root.