summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README255
1 files changed, 213 insertions, 42 deletions
diff --git a/README b/README
index 8901699..0e49c3e 100644
--- a/README
+++ b/README
@@ -1,11 +1,11 @@
-AF - Active Port Forwarder v0.5.5 - README
-Copyright (C) 2003,2004 jeremian - <jeremian [at] poczta.fm>
-===================
+AF - Active Port Forwarder 0.6 - README
+Copyright (C) 2003,2004,2005 jeremian - <jeremian [at] poczta.fm>
+=================================================================
================================================================================
GRAY-WORLD.NET / Active Port Forwarder
-==========================
+======================================
The Active Port Forwarder program is part of the Gray-World.net projects.
@@ -29,10 +29,12 @@ INTRO
2. USAGE
2.1 afserver
2.2 afclient
-3. EXAMPLES
- 3.1 tcp mode
- 3.2 reverse udp mode
-4. BUGS/PROBLEMS
+3. REMOTE ADMINISTRATION
+4. MODULES
+5. EXAMPLES
+ 5.1 tcp mode
+ 5.2 reverse udp mode
+6. BUGS/PROBLEMS
NOTES
@@ -71,8 +73,10 @@ Multiple clients allow to create more sophisticated tunneling scheme.
1. Download the compressed sources from http://www.gray-world.net/pr_af.shtml
2. Unpack them with tar zxvf
-3. Type "make".
-4. If something goes wrong - mail the author or post a message on
+3. Type "./configure"
+4. Type "make"
+5. Type "make install" while logged as root
+6. If something goes wrong - mail the author or post a message on
http://gray-world.net/board/
1.2 Required libs
@@ -86,9 +90,7 @@ Multiple clients allow to create more sophisticated tunneling scheme.
1. Linux:
Gentoo, Slackware, Mandrake - built without any problems
-2. Freebsd:
- 4.4, 4.9 - have to use patch from project homepage
-3. Windows:
+2. Windows:
win32 - cygwin version is available on the project homepage
================================================================================
@@ -100,53 +102,75 @@ Multiple clients allow to create more sophisticated tunneling scheme.
2.1 afserver
------------
- Options:
+ Basic options:
+
-n, --hostname - it's used when creating listening sockets
- (default: name returned by hostname function)
+ (default: '')
-l, --listenport - listening port number - users connect
to it (default: 50127)
-m, --manageport - manage port number - second part of the active
port forwarder connects to it (default: 50126)
+ -h, --help - prints this help
+
+ Authorization:
+
+ --pass - set the password used for client identification
+ (default: no password)
+
+ Configuration:
+
+ -c, --cerfile - the name of the file with certificate
+ (default: cacert.pem)
+ -k, --keyfile - the name of the file with RSA key (default: server.rsa)
+ -f, --cfgfile - the name of the file with the configuration for the
+ active forwarder (server)
+ -D, --dateformat - format of the date printed in logs (see 'man strftime'
+ for details) (default: %d.%m.%Y %H:%M:%S)
+
-t, --timeout - the timeout value for the client's connection
(default: 5)
-u, --users - the amount of users allowed to use this server
(default: 5)
-C, --clients - the number of allowed clients to use this server
(default: 1)
+ -r, --realm - set the realm name (default: none)
+ -R, --raclients - the number of allowed clients in remote administration
+ mode to use this server (default: 1)
-U, --usrpcli - the number of allowed users per client (default: $users)
- -M, --climode - strategy used for connecting users with clients (default: 1)
+ -M, --climode - strategy used for connecting users with clients
+ (default: 1)
Available strategies:
1. fill first client before go to next
- -c, --cerfile - the name of the file with certificate
- (default: cacert.pem)
- -k, --keyfile - the name of the file with RSA key (default: server.rsa)
- -f, --cfgfile - the name of the file with the configuration for the
- active forwarder (server)
- -p, --proto - type of server (tcp|udp) - for which protocol it will be
- operating (default: tcp)
+ -p, --proto - type of server (tcp|udp) - for which protocol it will
+ be operating (default: tcp)
+ -b, --baseport - listenports are temporary and differ for each client
+ --nossl - ssl is not used for transferring data (but it's still
+ used to establish a connection) (default: ssl is used)
+ --nozlib - zlib is not used for compressing data (default:
+ zlib is used)
+ --dnslookups - try to obtain dns names of the computers rather than
+ their numeric IP
+
+ Logging:
+
-O, --heavylog - logging everything to a logfile
-o, --lightlog - logging some data to a logfile
+ -S, --heavysocklog - logging everything to a localport
+ -s, --lightsocklog - logging some data to a localport
-v, --verbose - to be verbose - program won't enter the daemon mode
(use several times for greater effect)
- --nossl - ssl is not used for transfering data (but it's still
- used to establish a connection) (default: ssl is used)
- --nozlib - zlib is not used for compressing data (default:
- zlib is used)
- --pass - set the password used for client identification
- (default: no password)
+ IP family:
-4, --ipv4 - use ipv4 only
-6, --ipv6 - use ipv6 only
- -h, --help - prints this help
-
2.2 afclient
------------
- Options:
- -h, --help - prints this help
+ Basic options:
+
-n, --servername - where the second part of the active
port forwarder is running (required)
-m, --manageport - manage port number - server must be
@@ -155,30 +179,174 @@ Multiple clients allow to create more sophisticated tunneling scheme.
destination of the packets (default: the name
returned by hostname function)
-p, --portnum - the port we are forwarding connection to (required)
- -k, --keyfile - the name of the file with RSA key (default: (none))
+ -h, --help - prints this help
+
+ Authorization:
+
+ -i, --id - send the id string to afserver
+ --pass - set the password used for client identification
+ (default: no password)
+
+ Configuration:
+
+ -k, --keyfile - the name of the file with RSA key (default: client.rsa)
+ -D, --dateformat - format of the date printed in logs (see 'man strftime'
+ for details) (default: %d.%m.%Y %H:%M:%S)
+
+ Modes:
+
-u, --udpmode - udp mode - client will use udp protocol to
communicate with the hostname
-U, --reverseudp - reverse udp forwarding. Udp packets will be forwarded
from hostname:portnum (-p) to the server name:portnum
(-m)
+ -r, --remoteadmin - remote administration mode. (using '-p #port' will
+ force afclient to use port rather then stdin-stdout)
+
+ Logging:
+
-O, --heavylog - logging everything to a logfile
-o, --lightlog - logging some data to a logfile
+ -S, --heavysocklog - logging everything to a localport
+ -s, --lightsocklog - logging some data to a localport
-v, --verbose - to be verbose - program won't enter the daemon mode
(use several times for greater effect)
- --pass - set the password used for client identification
- (default: no password)
+
+ IP family:
+
-4, --ipv4 - use ipv4 only
-6, --ipv6 - use ipv6 only
+
+ Modules:
+
-l, --load - load a module for user's packets filtering
-L, --Load - load a module for service's packets filtering
================================================================================
+========================
+3. REMOTE ADMINISTRATION
+========================
+
+Afclient can be started in remote administration mode by '-r, --remoteadmin'
+option. Required option: '-n, --servername NAME'.
+
+After successful authorization stdin/stdout is used to communicate with user.
+All the commands parsing is done by afserver.
+
+Currently available commands are:
+
+ help
+ display help
+
+ lcmd
+ lists available commands
+
+ info
+ prints info about server
+
+ rshow
+ display realms
+
+ cshow X
+ display clients in X realm
+
+ ushow X
+ display users in X realm
+
+ quit
+ quit connection
+
+Afclient with '-p, --portnum PORT' option listens for connection from user at
+NAME:PORT. NAME is set by '-d, --hostname' option or hostname() function, when
+the option is missing.
+
+When user quits (close the connection or send 'quit' command), afclient exits.
+
+================================================================================
+
+==========
+4. MODULES
+==========
+
+Afclient can use external modules for user's packets filtering ('-l, --load')
+and service's packets filtering ('-L, --Load'). Module file has to declare three
+functions:
+
+char* info(void);
+
+ info() return values:
+ - info about module
+
+ Example:
+
+ char*
+ info(void)
+ {
+ return "Module tester v0.1";
+ }
+
+int allow(char* host, char* port);
+
+ allow() return values:
+ 0 - allow to connect
+ !0 - drop the connection
+
+ Example:
+
+ int
+ allow(char* host, char* port)
+ {
+ return 0; /* allow to connect */
+ }
+
+int filter(char* host, unsigned char* message, int* length);
+
+ filter() return values:
+ 0 - allow to transfer
+ 1 - drop the packet
+ 2 - drop the connection
+ 3 - release the module
+ 4 - drop the packet and release the module
+ 5 - drop the connection and release the module
+
+ Example:
+
+ int
+ filter(char* host, unsigned char* message, int* length)
+ {
+ int i;
+ for (i = 1; i < *length; ++i) {
+ if (message[i-1] == 'M') {
+ if (message[i] == '1') {
+ return 1; /* ignored */
+ }
+ if (message[i] == '2') {
+ return 2; /* dropped */
+ }
+ if (message[i] == '3') {
+ return 3; /* release */
+ }
+ if (message[i] == '4') {
+ return 4; /* ignored + release */
+ }
+ if (message[i] == '5') {
+ return 5; /* dropped + release */
+ }
+ }
+ }
+ return 0; /* allow to transfer */
+ }
+
+Modules have to be compiled with '-fPIC -shared' options.
+
+================================================================================
+
===========
-3. EXAMPLES
+5. EXAMPLES
===========
- 3.1 tcp mode
+ 5.1 tcp mode
------------
local network |FireWall| Internet
@@ -227,7 +395,7 @@ on our computer and we are behind a masquerade or a firewall:
6) We can now enter with a web-browser to: <name of the server>:50127 and we
will enter to our computer in the fact.
- 3.2 reverse udp mode
+ 5.2 reverse udp mode
--------------------
local network |FireWall| Internet
@@ -266,7 +434,7 @@ server on our computer (udp port 27960 on our machine):
================================================================================
================
-4. BUGS/PROBLEMS
+6. BUGS/PROBLEMS
================
There are no known/open bugs at the moment.
@@ -297,12 +465,15 @@ THANKS
Thanks to Ilia Perevezentsev <iliaper [at] mail.ru> who read and corrected the
README file.
+ Thanks to Marco Solari <marco.solari [at] koinesistemi.it> for a lot of
+requests, suggestions and ideas.
+
And thanks for using this software!
LICENSE
-------
Active Port Forwarder is distributed under the terms of the GNU General
- Public License v2.0 and is copyright (c) 2003,2004 jeremian <jeremian [at]
- poczta.fm>. See the file COPYING for details.
+ Public License v2.0 and is copyright (C) 2003,2004,2005 jeremian <jeremian
+ [at] poczta.fm>. See the file COPYING for details.