rsync - Building Internet Firewalls, 2nd Edition

rsync - Building Internet Firewalls, 2nd Edition

22.6. File Synchronization

22.6.2. rsync

rsync is a synchronization protocol that uses checksums to determine differences (instead of relying on modification dates) and does partial file transfers (transferring only the differences instead of the entire files). rsync was developed by Andrew Tridgell and Paul Mackerras.

rsync may either be run like rdist on top of a remote shell protocol (preferably ssh but rsh is also possible), or use its own daemon, rsyncd. rsyncd does authentication but does not encrypt the data being transferred. rsyncd is useful if you are interested in using rsync to distribute publicly available files; it allows you to use rsync like FTP, without allowing remote shell access to the Internet. It is arguably more secure than FTP (it provides less functionality) and will certainly be more efficient in situations where people need to transfer updated files repeatedly. If you are transferring confidential data, you should use rsync over SSH instead of using rsyncd.

22.6.2.1. Packet filtering characteristics of rsync

rsync is generally run over SSH, although it is possible to run it over rsh if you are not concerned with security. Packet filtering characteristics of SSH and rsh are discussed in Chapter 18, "Remote Access to Hosts". The dedicated rsync daemon, rsyncd, uses TCP port 873.

Direction SourceAddr. Dest.Addr. Protocol SourcePort Dest.Port ACKSet Notes
In Ext Int TCP >1023 873 [162]

 

Request, external client to internal server
Out Int Ext TCP 873 >1023 Yes Response, internal server to external client
Out Int Ext TCP >1023 873 [162] Request, internal client to external server
In Ext Int TCP 873 >1023 Yes Response, external server to internal client

 

[162]ACK will not be set on the first packet (establishing connection) but will be set on the rest.

 

22.6.2.2. Proxying characteristics of rsync

rsync is normally run over SSH or rsh; proxying characteristics of these protocols are discussed in Chapter 18, "Remote Access to Hosts". The rsync client provides support for using an HTTP proxy for rsync connections, as long as the HTTP proxy is willing to connect to port 873. (For more information about HTTP proxies, see "Proxying Characteristics of HTTP" in Chapter 15, "The World Wide Web".) rsync's own protocol is straightforward to proxy and could also easily be used with SOCKS, for instance. However, since rsyncd is not terribly widespread, proxies for it are not available. You will need to set them up yourself.

 

22.6.2.3. Network address translation characteristics of rsync

rsync is normally run over SSH or rsh; network address translation characteristics of these protocols are discussed in Chapter 18, "Remote Access to Hosts". rsync's own protocol does not use embedded IP addresses and should function through a network address translation system without problems.

[相关问题]

全局常用配置说明

模块常用配置说明

客户端常用参数

for Windows (cygwin)

远程shell模式和rsync守护进程模式

Building Internet Firewalls, 2nd Edition

你可能感兴趣的:(rsync)