diff options
Diffstat (limited to 'README')
| -rw-r--r-- | README | 255 |
1 files changed, 213 insertions, 42 deletions
@@ -1,11 +1,11 @@ -AF - Active Port Forwarder v0.5.5 - README -Copyright (C) 2003,2004 jeremian - <jeremian [at] poczta.fm> -=================== +AF - Active Port Forwarder 0.6 - README +Copyright (C) 2003,2004,2005 jeremian - <jeremian [at] poczta.fm> +================================================================= ================================================================================ GRAY-WORLD.NET / Active Port Forwarder -========================== +====================================== The Active Port Forwarder program is part of the Gray-World.net projects. @@ -29,10 +29,12 @@ INTRO 2. USAGE 2.1 afserver 2.2 afclient -3. EXAMPLES - 3.1 tcp mode - 3.2 reverse udp mode -4. BUGS/PROBLEMS +3. REMOTE ADMINISTRATION +4. MODULES +5. EXAMPLES + 5.1 tcp mode + 5.2 reverse udp mode +6. BUGS/PROBLEMS NOTES @@ -71,8 +73,10 @@ Multiple clients allow to create more sophisticated tunneling scheme. 1. Download the compressed sources from http://www.gray-world.net/pr_af.shtml 2. Unpack them with tar zxvf -3. Type "make". -4. If something goes wrong - mail the author or post a message on +3. Type "./configure" +4. Type "make" +5. Type "make install" while logged as root +6. If something goes wrong - mail the author or post a message on http://gray-world.net/board/ 1.2 Required libs @@ -86,9 +90,7 @@ Multiple clients allow to create more sophisticated tunneling scheme. 1. Linux: Gentoo, Slackware, Mandrake - built without any problems -2. Freebsd: - 4.4, 4.9 - have to use patch from project homepage -3. Windows: +2. Windows: win32 - cygwin version is available on the project homepage ================================================================================ @@ -100,53 +102,75 @@ Multiple clients allow to create more sophisticated tunneling scheme. 2.1 afserver ------------ - Options: + Basic options: + -n, --hostname - it's used when creating listening sockets - (default: name returned by hostname function) + (default: '') -l, --listenport - listening port number - users connect to it (default: 50127) -m, --manageport - manage port number - second part of the active port forwarder connects to it (default: 50126) + -h, --help - prints this help + + Authorization: + + --pass - set the password used for client identification + (default: no password) + + Configuration: + + -c, --cerfile - the name of the file with certificate + (default: cacert.pem) + -k, --keyfile - the name of the file with RSA key (default: server.rsa) + -f, --cfgfile - the name of the file with the configuration for the + active forwarder (server) + -D, --dateformat - format of the date printed in logs (see 'man strftime' + for details) (default: %d.%m.%Y %H:%M:%S) + -t, --timeout - the timeout value for the client's connection (default: 5) -u, --users - the amount of users allowed to use this server (default: 5) -C, --clients - the number of allowed clients to use this server (default: 1) + -r, --realm - set the realm name (default: none) + -R, --raclients - the number of allowed clients in remote administration + mode to use this server (default: 1) -U, --usrpcli - the number of allowed users per client (default: $users) - -M, --climode - strategy used for connecting users with clients (default: 1) + -M, --climode - strategy used for connecting users with clients + (default: 1) Available strategies: 1. fill first client before go to next - -c, --cerfile - the name of the file with certificate - (default: cacert.pem) - -k, --keyfile - the name of the file with RSA key (default: server.rsa) - -f, --cfgfile - the name of the file with the configuration for the - active forwarder (server) - -p, --proto - type of server (tcp|udp) - for which protocol it will be - operating (default: tcp) + -p, --proto - type of server (tcp|udp) - for which protocol it will + be operating (default: tcp) + -b, --baseport - listenports are temporary and differ for each client + --nossl - ssl is not used for transferring data (but it's still + used to establish a connection) (default: ssl is used) + --nozlib - zlib is not used for compressing data (default: + zlib is used) + --dnslookups - try to obtain dns names of the computers rather than + their numeric IP + + Logging: + -O, --heavylog - logging everything to a logfile -o, --lightlog - logging some data to a logfile + -S, --heavysocklog - logging everything to a localport + -s, --lightsocklog - logging some data to a localport -v, --verbose - to be verbose - program won't enter the daemon mode (use several times for greater effect) - --nossl - ssl is not used for transfering data (but it's still - used to establish a connection) (default: ssl is used) - --nozlib - zlib is not used for compressing data (default: - zlib is used) - --pass - set the password used for client identification - (default: no password) + IP family: -4, --ipv4 - use ipv4 only -6, --ipv6 - use ipv6 only - -h, --help - prints this help - 2.2 afclient ------------ - Options: - -h, --help - prints this help + Basic options: + -n, --servername - where the second part of the active port forwarder is running (required) -m, --manageport - manage port number - server must be @@ -155,30 +179,174 @@ Multiple clients allow to create more sophisticated tunneling scheme. destination of the packets (default: the name returned by hostname function) -p, --portnum - the port we are forwarding connection to (required) - -k, --keyfile - the name of the file with RSA key (default: (none)) + -h, --help - prints this help + + Authorization: + + -i, --id - send the id string to afserver + --pass - set the password used for client identification + (default: no password) + + Configuration: + + -k, --keyfile - the name of the file with RSA key (default: client.rsa) + -D, --dateformat - format of the date printed in logs (see 'man strftime' + for details) (default: %d.%m.%Y %H:%M:%S) + + Modes: + -u, --udpmode - udp mode - client will use udp protocol to communicate with the hostname -U, --reverseudp - reverse udp forwarding. Udp packets will be forwarded from hostname:portnum (-p) to the server name:portnum (-m) + -r, --remoteadmin - remote administration mode. (using '-p #port' will + force afclient to use port rather then stdin-stdout) + + Logging: + -O, --heavylog - logging everything to a logfile -o, --lightlog - logging some data to a logfile + -S, --heavysocklog - logging everything to a localport + -s, --lightsocklog - logging some data to a localport -v, --verbose - to be verbose - program won't enter the daemon mode (use several times for greater effect) - --pass - set the password used for client identification - (default: no password) + + IP family: + -4, --ipv4 - use ipv4 only -6, --ipv6 - use ipv6 only + + Modules: + -l, --load - load a module for user's packets filtering -L, --Load - load a module for service's packets filtering ================================================================================ +======================== +3. REMOTE ADMINISTRATION +======================== + +Afclient can be started in remote administration mode by '-r, --remoteadmin' +option. Required option: '-n, --servername NAME'. + +After successful authorization stdin/stdout is used to communicate with user. +All the commands parsing is done by afserver. + +Currently available commands are: + + help + display help + + lcmd + lists available commands + + info + prints info about server + + rshow + display realms + + cshow X + display clients in X realm + + ushow X + display users in X realm + + quit + quit connection + +Afclient with '-p, --portnum PORT' option listens for connection from user at +NAME:PORT. NAME is set by '-d, --hostname' option or hostname() function, when +the option is missing. + +When user quits (close the connection or send 'quit' command), afclient exits. + +================================================================================ + +========== +4. MODULES +========== + +Afclient can use external modules for user's packets filtering ('-l, --load') +and service's packets filtering ('-L, --Load'). Module file has to declare three +functions: + +char* info(void); + + info() return values: + - info about module + + Example: + + char* + info(void) + { + return "Module tester v0.1"; + } + +int allow(char* host, char* port); + + allow() return values: + 0 - allow to connect + !0 - drop the connection + + Example: + + int + allow(char* host, char* port) + { + return 0; /* allow to connect */ + } + +int filter(char* host, unsigned char* message, int* length); + + filter() return values: + 0 - allow to transfer + 1 - drop the packet + 2 - drop the connection + 3 - release the module + 4 - drop the packet and release the module + 5 - drop the connection and release the module + + Example: + + int + filter(char* host, unsigned char* message, int* length) + { + int i; + for (i = 1; i < *length; ++i) { + if (message[i-1] == 'M') { + if (message[i] == '1') { + return 1; /* ignored */ + } + if (message[i] == '2') { + return 2; /* dropped */ + } + if (message[i] == '3') { + return 3; /* release */ + } + if (message[i] == '4') { + return 4; /* ignored + release */ + } + if (message[i] == '5') { + return 5; /* dropped + release */ + } + } + } + return 0; /* allow to transfer */ + } + +Modules have to be compiled with '-fPIC -shared' options. + +================================================================================ + =========== -3. EXAMPLES +5. EXAMPLES =========== - 3.1 tcp mode + 5.1 tcp mode ------------ local network |FireWall| Internet @@ -227,7 +395,7 @@ on our computer and we are behind a masquerade or a firewall: 6) We can now enter with a web-browser to: <name of the server>:50127 and we will enter to our computer in the fact. - 3.2 reverse udp mode + 5.2 reverse udp mode -------------------- local network |FireWall| Internet @@ -266,7 +434,7 @@ server on our computer (udp port 27960 on our machine): ================================================================================ ================ -4. BUGS/PROBLEMS +6. BUGS/PROBLEMS ================ There are no known/open bugs at the moment. @@ -297,12 +465,15 @@ THANKS Thanks to Ilia Perevezentsev <iliaper [at] mail.ru> who read and corrected the README file. + Thanks to Marco Solari <marco.solari [at] koinesistemi.it> for a lot of +requests, suggestions and ideas. + And thanks for using this software! LICENSE ------- Active Port Forwarder is distributed under the terms of the GNU General - Public License v2.0 and is copyright (c) 2003,2004 jeremian <jeremian [at] - poczta.fm>. See the file COPYING for details. + Public License v2.0 and is copyright (C) 2003,2004,2005 jeremian <jeremian + [at] poczta.fm>. See the file COPYING for details. |