summaryrefslogtreecommitdiff
path: root/docs/en/README
diff options
context:
space:
mode:
Diffstat (limited to 'docs/en/README')
-rw-r--r--docs/en/README284
1 files changed, 243 insertions, 41 deletions
diff --git a/docs/en/README b/docs/en/README
index fb52e60..e9ded51 100644
--- a/docs/en/README
+++ b/docs/en/README
@@ -1,4 +1,4 @@
-AF - Active Port Forwarder v0.5.3 - README
+AF - Active Port Forwarder v0.5.4 - README
Copyright (C) 2003,2004 jeremian - <jeremian [at] poczta.fm>
===================
@@ -7,85 +7,287 @@ Copyright (C) 2003,2004 jeremian - <jeremian [at] poczta.fm>
GRAY-WORLD.NET / Active Port Forwarder
==========================
- The Active Port Forwarder program is part of the Gray-World.net projects.
+ The Active Port Forwarder program is part of the Gray-World.net projects.
Our Gray-World Team presents on the http://gray-world.net website the projects
- and publications we are working on which are related to the NACS (Network
- Access Control System) bypassing research field and to the computer and
+ and publications we are working on which are related to the NACS (Network
+ Access Control System) bypassing research field and to the computer and
network security topics.
================================================================================
+=======
+SUMMARY
+=======
-Active port forwarder is a software for secure port forwarding.
-It uses ssl for increasing security of communication between server and client.
+INTRO
-Af is dedicated for people, who don't have external ip number and want to
+1. INSTALLATION
+ 1.1 Instructions
+ 1.2 Required libs
+ 1.3 Tested platforms
+2. USAGE
+ 2.1 afserver
+ 2.2 afclient
+3. EXAMPLES
+ 3.1 tcp mode
+ 3.2 reverse udp mode
+4. BUGS/PROBLEMS
+
+NOTES
+
+THANKS
+
+================================================================================
+
+=====
+INTRO
+=====
+
+Active port forwarder is a software tool for secure port forwarding.
+It uses ssl to increase security of communication between a server and a client.
+Originally, it was developed to forward data point to point. However, the need
+for bypassing firewalls in order to connect to internally located computers
+influenced the further development of the project.
+
+AF is dedicated for people, who don't have an external ip number and want to
make some services available across the net.
-Moreover, zlib is used to compress transfered data.
+Moreover, zlib is used to compress the transferred data.
+
+Using one, permanent data/control channel with flow control / packet buffering
+provides good performance and reasonably small latency.
+
+================================================================================
+
+===============
+1. INSTALLATION
+===============
+
+ 1.1 Instructions
+ ----------------
+
+1. Download the compressed sources from http://www.gray-world.net/pr_af.shtml
+2. Unpack them with tar zxvf
+3. Type "make".
+4. If something goes wrong - mail the author or post a message on
+ http://gray-world.net/board/
+
+ 1.2 Required libs
+ -----------------
+
+1. openssl - http://www.openssl.org/
+2. zlib - http://www.gzip.org/zlib/
+
+ 1.3 Tested platforms
+ --------------------
+
+1. Linux:
+ Gentoo, Slackware, Mandrake - built without any problems
+2. Freebsd:
+ 4.4, 4.9 - have to use patch from project homepage
+3. Windows:
+ win32 - cygwin version is available on the project homepage
+
+================================================================================
+
+========
+2. USAGE
+========
+
+ 2.1 afserver
+ ------------
+
+ Options:
+ -h, --help - prints this help
+ -n, --hostname - it's used when creating listening sockets
+ (default: name returned by hostname function)
+ -l, --listenport - listening port number - users connect
+ to it (default: 50127)
+ -m, --manageport - manage port number - second part of the active
+ port forwarder connects to it (default: 50126)
+ -u, --users - the amount of users allowed to use this server
+ (default: 5)
+ -c, --cerfile - the name of the file with certificate
+ (default: cacert.pem)
+ -k, --keyfile - the name of the file with RSA key (default: server.rsa)
+ -f, --cfgfile - the name of the file with the configuration for the
+ active forwarder (server)
+ -p, --proto - type of server (tcp|udp) - for which protocol it will be
+ operating (default: tcp)
+ -O, --heavylog - logging everything to a logfile
+ -o, --lightlog - logging some data to a logfile
+ -v, --verbose - to be verbose - program won't enter the daemon mode
+ (use several times for greater effect)
+ --nossl - ssl is not used for transferring data (but it's still
+ used to establish a connection) (default: ssl is used)
+ --nozlib - zlib is not used for compressing data (default:
+ zlib is used)
+ --pass - set the password used for client identification
+ (default: no password)
+ -4, --ipv4 - use ipv4 only
+ -6, --ipv6 - use ipv6 only
-EXAMPLE 1:
+ 2.2 afclient
+ ------------
-The use of it is extremely simple. Let's suppose we want to create http server on
-our computer and we are behind masquerade or firewall:
+ Options:
+ -h, --help - prints this help
+ -n, --servername - where the second part of the active
+ port forwarder is running (required)
+ -m, --manageport - manage port number - server must be
+ listening on it (default: 50126)
+ -d, --hostname - the name of this host/remote host - the final
+ destination of the packets (default: the name
+ returned by hostname function)
+ -p, --portnum - the port we are forwarding the connection to (required)
+ -k, --keyfile - the name of the file with RSA key (default: client.rsa)
+ -u, --udpmode - udp mode - client will use udp protocol to
+ communicate with the hostname
+ -U, --reverseudp - reverse udp forwarding. Udp packets will be forwarded
+ from hostname:portnum (-p) to the server name:portnum
+ (-m)
+ -O, --heavylog - logging everything to a logfile
+ -o, --lightlog - logging some data to a logfile
+ -v, --verbose - to be verbose - program won't enter the daemon mode
+ (use several times for greater effect)
+ --pass - set the password used for client identification
+ (default: no password)
+ -4, --ipv4 - use ipv4 only
+ -6, --ipv6 - use ipv6 only
+ -l, --load - load a module for packets filtering
+
+================================================================================
+
+===========
+3. EXAMPLES
+===========
+
+ 3.1 tcp mode
+ ------------
+
+ local network |FireWall| Internet
+ ||
+ || User 1
+ || /(tcp)
+ AF Client <---Encrypted/Compressed channel---> AF Server
+ / || | \(tcp)
+ /(tcp) || (tcp)| User 2
+ / || \
+ Http server || User 3
+ ||
-1) We have to find some machine on the net with external ip and shell account.
-2) Use make to compile everything on that machine. (you can freely remove afclient
- and client.rsa files)
+The use of it is extremely simple. Let's suppose we want to create a http server
+on our computer and we are behind a masquerade or a firewall:
-3) You can edit config file or just type from the console: (to use config type -f <cfgfile>)
- $ ./afserver
+1) We have to find some machine on the net with an external ip and a shell
+ account.
+
+2) Use "make" to compile everything on that machine. (you can freely remove the
+ afclient and client.rsa files)
+
+3) You can edit the config file or just type from the console (to use the config
+ type -f <cfgfile>) :
+ $ ./afserver
This will work, if you want to use default values:
- - hostname will be taken from hostname function (it would be ideally, if there is
- appropriate registration in /etc/hosts)
+ - hostname will be taken from hostname function (it would be ideally, if
+ there is appropriate registration in /etc/hosts)
- server will be listening for users on port 50127
- server will be listening for client on port 50126
- server will be for maximum 5 users
- server will forward tcp packets
- there will be no logging and no verbose messages
- there will be no password identification
+ - ip protocol family will be unspecified
-4) We use make on our machine (we can delete everything apart afclient and client.rsa)
+4) We use "make" on our machine (we can delete everything apart from afclient
+ and client.rsa)
5) We are typing from the console:
- $ ./afclient -n <name of the server> -p 80
- Where <name of the server> is a string like : 'bastion.univ.gda.pl' or '153.19.7.200'
+ $ ./afclient -n <name of the server> -p 80
+ Where <name of the server> is a string like : 'bastion.univ.gda.pl' or
+ '153.19.7.200'
+
+6) We can now enter with a web-browser to: <name of the server>:50127 and we
+ will enter to our computer in the fact.
+
+ 3.2 reverse udp mode
+ --------------------
-6) We can now enter with webbrowser to : <name of the server>:50127 and we will enter to our
- computer in the fact.
+ local network |FireWall| Internet
+ || (udp)
+ || User 1-------AF Client
+ || /(tcp)
+ AF Client <---Encrypted/Compressed channel---> AF Server
+ / || |
+ /(udp) || (tcp)|
+ / || /
+ Game server || AF Client-------User 2
+ || (udp)
-EXAMPLE 2:
-Let's see how to use af to forward udp packets. Suppose we want to create a game server
-on our computer (udp port 27960 on our machine):
+Let's see how to use af to forward udp packets. Suppose we want to create a game
+server on our computer (udp port 27960 on our machine):
-1) - 4) is the same like in example 1. (but we add option: -t udp)
+1) - 4) is the same like in example 1. (but we add option: -p udp)
5) We are typing from the console:
$ ./afclient -u -n <name of the server> -p 27960
- Where <name of the server> is a name (or ip) of a host where our server is running.
+ Where <name of the server> is a name (or ip) of a host where our server is
+ running.
+
+6) Connecting to our game is more complicated. The user must use afclient to do
+ this. He has to specify the server he is connecting to and the port, which
+ his program will be listening on:
+ $ ./afclient -U -d <hostname> -p <portnum> -n <name of the server> \
+ -m <server port>
+ Where <hostname> is the name of the user machine (who wants to connect to our
+ game). <portnum> is the port he will be connecting to. <name of the server>
+ is the name of the host where our server is running. <server port> is the
+ port on which the server is listening for users. In order to connect to our
+ game, the user has to connect to <hostname>:<portnum>.
+
+================================================================================
+
+================
+4. BUGS/PROBLEMS
+================
+
+There are no known/open bugs at the moment.
+
+================================================================================
+
+=====
+NOTES
+=====
+
+Active port forwarder is still under development, so please sent any comments,
+bugs notices and suggestions about it to <jeremian [at] poczta.fm>
+
+If you have some problems or want to share your opinions with others, feel free
+to post a message at http://gray-world.net/board/
+
+================================================================================
-6) Connecting to our game is more complicated. User must use afclient to do this.
- He has to specify server he is connecting to and port which his program will be listening on:
- $ ./afclient -U -d <hostname> -p <portnum> -n <name of the server> -m <server port>
- Where <hostname> is name of user machine (who wants to connect to our game). <portnum>
- is a port he will be connecting to. <name of the server> is a name of a host where our server
- is running. <server port> is a port on which server is listening for users.
- In order to connect to our game, user have to connect to <hostname>:<portnum>.
+======
+THANKS
+======
+ Big thanks to the GW Team:
-Active port forwarder is still under development, so please sent me any comments, bugs notices
-and suggestions about it to jeremian@poczta.fm
+ to Alex <alex [at] gray-world.net>
+ and Simon <scastro [at] entreelibre.com> for testing AF and a lot of advices.
+ Thanks to Ilia Perevezentsev <iliaper [at] mail.ru> who read and corrected the
+README file.
-And thanks for using this software!
+ And thanks for using this software!
LICENSE
-------
- Active Port Forwarder is distributed under the terms of the GNU General Public License
- v2.0 and is copyright (c) 2003 jeremian <jeremian [at] poczta.fm>.
- See the file COPYING for details.
+ Active Port Forwarder is distributed under the terms of the GNU General
+ Public License v2.0 and is copyright (c) 2003,2004 jeremian <jeremian [at]
+ poczta.fm>. See the file COPYING for details.