To listen on a port for server connections, rather than client connections, change the type of the <bind> tag to servers, for example:
<bind address="" port="7000-7004" type="servers" transport="openssl">
The values have the following meanings:
- address - specifies which address ports bind to. Leaving this field blank binds the port to all IPs available.
- port - The port number to bind to. You may specify a port range here, e.g. "6667-6669,7000,7001". If you do this, the server will count each port within your range as a seperate binding, making the above example equivalent to five seperate bind tags. A failure on one port in the range does not prevent the entire range from being bound, just that one port number.
- type - should be set to 'servers'. The servers type is a a TCP based connection but of a different format than that used for clients.
- transport - If you have either of the SSL modules (m_ssl_gnutls or m_ssl_openssl) loaded, or the compression module (m_ziplink) loaded then you may make use of this optional value. Setting it to 'openssl', 'zip' or 'gnutls' indicates that the port should accept connections using the given transport name only. Transports are layers which sit on top of a socket and change the way data is sent and received, e.g. encryption, compression, and other such things. Because this may not be limited in use to just encryption, the 'ssl' value used for client ports does not exist for servers, and this value is used instead.
<link name="hub.penguin.org"
ipaddr="penguin.box.com"
port="7000"
allowmask="69.58.44.0/24"
autoconnect="300"
failover="hub.other.net"
timeout="15"
transport="gnutls"
bind="1.2.3.4"
sendpass="outgoing!password"
recvpass="incoming!password">
This tag defines which servers can link to this one, and which servers this server may create outbound links to. The values have the following meanings:
- name - The name is the canonical name of the server, does not have to resolve - but it is expected to be set in the remote servers connection info.
- ipaddr - Valid host or ip address for remote server. These hosts are resolved on rehash, and cached, if you specify a hostname, so if you find that your server is still trying to connect to an old IP after you have updated your dns, try rehashing and then attempting the connect again.
- port - The TCP port for the remote server.
- sendpass - Password to send to create an outbound connection from this server.
- recvpass - Password to receive to accept an inbound connection to this server.
- autoconnect - This optional setting sets the server to autoconnect. Where the value is the number of seconds between attempts. e.g. 300 is equal to 5 minutes.
- transport - If defined, this is a transport name implemented by another module. Transports are layers on top of plaintext connections, which alter them in certain ways. Currently the three supported transports are 'zip', 'openssl' and 'gnutls' which are types of SSL encryption and compression. If you define a transport, both ends of the connection must use a compatible transport for the link to succeed OpenSSL and GnuTLS are compatible with each other.
- hidden - When using m_spanningtree.so for linking. you may set this to 'yes', and if you do, the IP address/hostname of this connection will NEVER be shown to any opers on the network. In /STATS c its address will show as *@<hidden>, and during CONNECT and inbound connections, its IP will show as <hidden> UNLESS the connection fails (e.g. due to a bad password or servername).
- allowmask - When this is defined, it indicates a range of IP addresses to allow for this link (You may use CIDR or wildcard form for this address). e.g. if your server is going to connect to you from the range 1.2.3.1 through 1.2.3.255, put 1.2.3.0/24 into this value. If it is not defined, then only the ipaddr field of the server shall be allowed.
- failover - If you define this option, it must be the name of a different link tag in your configuration. This option causes the ircd to attempt a connection to the failover link in the event that the connection to this server fails. For example, you could define two hub uplinks to a leaf server, and set an american server to autoconnect, with a european hub as its failover. In this situation, your ircd will only try the link to the european hub if the american hub is unreachable. Note that for the intents and purposes of this option, an unreachable server is one which DOES NOT ANSWER THE CONNECTION. If the server answers the connection with accept(), EVEN IF THE CREDENTIALS ARE INVALID, the failover link will not be tried! Failover settings will also apply to autoconnected servers as well as manually connected ones.
- timeout - If this is defined, then outbound connections will time out if they are not connected within this many seconds. If this is not defined, the default of ten seconds is used.
- bind - The IP to bind an outgoing connection to. If not defined, connections bind to the first server IP on the box, and if none of these are defined, then the socket is bound to INADDR_ANY.
To u:line a server (give it extra privilages required for running services, Q, etc) you must include the <uline server> tag as shown in the example below. You can have as many of these as you like.
<uline server="server.name">
Extra options values
InspIRCd adds the following extra values to <options> in your configuration file:
<options hidesplits="no"
flatlinks="no"
hideulines="no"
announcets="yes"
disablehmac="no"
quietbursts="no"
serverpingfreq="120">
These extra values have the following meanings:
- hidesplits - When set to 'yes', will hide split server names from non-opers. Non-opers will see '*.net *.split' instead of the server names in the quit message, identical to the way IRCu displays them.
- flatlinks - When this value is set to true, yes or 1, /MAP and /LINKS will be flattened when shown to a non-oper.
- hideulines - When this value is set to true, yes or 1, then U-lined servers will be hidden in /LINKS and /MAP. For non opers. Please be aware that this will also hide any leaf servers of a U-lined server, e.g. jupes.
- announcets - If this value is defined to 'yes', 'true' or '1', then if a channel's timestamp is updated the users on the channel will be informed of the change via a server notice to the channel with the old and new TS values in the timestamp. If you think this is just pointless noise, define the value to 0.
- disablehmac - If this value is set to a true value, then HMAC authentication is disabled on all servers. DO NOT USE unless you are having authentication issues.
- quietbursts - If this value is set, then connect notices, xline notices etc are not shown in bursts, which is useful for large nets where this data may flood off opers.
- serverpingfreq - This value represents the number of seconds between server PING messages, and defaults to 120 seconds (two minutes).
Configuration notes
WARNING: Unlike other ircds, u:lining a server allows ALL users on that server to operoverride modes. This should only be used for services and protected oper servers!
Note regarding transport settings
If you define any transports, you must load the modules for these transports BEFORE you load m_spanningtree, e.g. place them above it in the configuration file. Currently this means the three modules m_ssl_gnutls, m_ziplink and m_ssl_openssl, depending on which you choose to use.
|
