rsync - Building Internet Firewalls, 2nd Edition

22.6. File Synchronization

22.6.2. rsync

rsyncis a synchronization protocol that uses checksums to determinedifferences (instead of relying on modification dates) and doespartial file transfers (transferring only the differences instead ofthe entire files). rsync was developed by AndrewTridgell and Paul Mackerras.

rsync may either be run likerdist on top of a remote shell protocol(preferably ssh but rsh isalso possible), or use its own daemon, rsyncd.rsyncd does authentication but does not encryptthe data being transferred. rsyncd is useful ifyou are interested in using rsync to distributepublicly available files; it allows you to usersync like FTP, without allowing remote shellaccess to the Internet. It is arguably more secure than FTP (itprovides less functionality) and will certainly be more efficient insituations where people need to transfer updated files repeatedly. Ifyou are transferring confidential data, you should usersync over SSH instead of usingrsyncd.

22.6.2.1. Packet filtering characteristics of rsync

rsync is generally run over SSH, although it ispossible to run it over rsh if you are notconcerned with security. Packet filtering characteristics of SSH andrsh are discussed in Chapter 18, "Remote Access to Hosts". The dedicated rsyncdaemon, rsyncd, uses TCP port 873.

DirectionSourceAddr.Dest.Addr.ProtocolSourcePortDest.PortACKSetNotesInExtIntTCP>1023873[162]

 

Request, external client to internal serverOutIntExtTCP873>1023YesResponse, internal server to external clientOutIntExtTCP>1023873[162]Request, internal client to external serverInExtIntTCP873>1023YesResponse, external server to internal client

 

[162]ACK will not be set on the first packet(establishing connection) but will be set on the rest.

 

22.6.2.2. Proxying characteristics of rsync

rsync is normally run over SSH orrsh; proxying characteristics of these protocolsare discussed in Chapter 18, "Remote Access to Hosts". Thersync client provides support for using an HTTPproxy for rsync connections, as long as the HTTPproxy is willing to connect to port 873. (For more information aboutHTTP proxies, see "Proxying Characteristics of HTTP" inChapter 15, "The World Wide Web".) rsync's ownprotocol is straightforward to proxy and could also easily be usedwith SOCKS, for instance. However, since rsyncdis not terribly widespread, proxies for it are not available. Youwill need to set them up yourself.

 

22.6.2.3. Network address translation characteristics of rsync

rsync is normally run over SSH orrsh; network address translation characteristicsof these protocols are discussed in Chapter 18, "Remote Access to Hosts".rsync's own protocol does not use embeddedIP addresses and should function through a network addresstranslation system without problems.

[相关问题]

全局常用配置说明

模块常用配置说明

客户端常用参数

for Windows (cygwin)

远程shell模式和rsync守护进程模式

Building Internet Firewalls, 2nd Edition