From 6525baae022ea244e567e52487bd7a78984ff6a5 Mon Sep 17 00:00:00 2001 From: Jakub Sławiński Date: Mon, 31 May 2004 22:05:30 +0200 Subject: v0.5.4 - Fixed: default password incompatibilities - Modified: Server listening behaviour - Added: Module support for client's packet filtering - Modified: client behaviour after unsuccessful connection - Fixed: printing ipv6 addresses - Added: IP protocol family strict choice: 'ipv4' and 'ipv6' - Added: flow control / packet buffering - Fixed: signal handling - Fixed: client freeze in udp reverse mode with zlib enabled --- README | 284 +++++++++++++++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 243 insertions(+), 41 deletions(-) (limited to 'README') diff --git a/README b/README index fb52e60..e9ded51 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -AF - Active Port Forwarder v0.5.3 - README +AF - Active Port Forwarder v0.5.4 - README Copyright (C) 2003,2004 jeremian - =================== @@ -7,85 +7,287 @@ Copyright (C) 2003,2004 jeremian - GRAY-WORLD.NET / Active Port Forwarder ========================== - The Active Port Forwarder program is part of the Gray-World.net projects. + The Active Port Forwarder program is part of the Gray-World.net projects. Our Gray-World Team presents on the http://gray-world.net website the projects - and publications we are working on which are related to the NACS (Network - Access Control System) bypassing research field and to the computer and + and publications we are working on which are related to the NACS (Network + Access Control System) bypassing research field and to the computer and network security topics. ================================================================================ +======= +SUMMARY +======= -Active port forwarder is a software for secure port forwarding. -It uses ssl for increasing security of communication between server and client. +INTRO -Af is dedicated for people, who don't have external ip number and want to +1. INSTALLATION + 1.1 Instructions + 1.2 Required libs + 1.3 Tested platforms +2. USAGE + 2.1 afserver + 2.2 afclient +3. EXAMPLES + 3.1 tcp mode + 3.2 reverse udp mode +4. BUGS/PROBLEMS + +NOTES + +THANKS + +================================================================================ + +===== +INTRO +===== + +Active port forwarder is a software tool for secure port forwarding. +It uses ssl to increase security of communication between a server and a client. +Originally, it was developed to forward data point to point. However, the need +for bypassing firewalls in order to connect to internally located computers +influenced the further development of the project. + +AF is dedicated for people, who don't have an external ip number and want to make some services available across the net. -Moreover, zlib is used to compress transfered data. +Moreover, zlib is used to compress the transferred data. + +Using one, permanent data/control channel with flow control / packet buffering +provides good performance and reasonably small latency. + +================================================================================ + +=============== +1. INSTALLATION +=============== + + 1.1 Instructions + ---------------- + +1. Download the compressed sources from http://www.gray-world.net/pr_af.shtml +2. Unpack them with tar zxvf +3. Type "make". +4. If something goes wrong - mail the author or post a message on + http://gray-world.net/board/ + + 1.2 Required libs + ----------------- + +1. openssl - http://www.openssl.org/ +2. zlib - http://www.gzip.org/zlib/ + + 1.3 Tested platforms + -------------------- + +1. Linux: + Gentoo, Slackware, Mandrake - built without any problems +2. Freebsd: + 4.4, 4.9 - have to use patch from project homepage +3. Windows: + win32 - cygwin version is available on the project homepage + +================================================================================ + +======== +2. USAGE +======== + + 2.1 afserver + ------------ + + Options: + -h, --help - prints this help + -n, --hostname - it's used when creating listening sockets + (default: name returned by hostname function) + -l, --listenport - listening port number - users connect + to it (default: 50127) + -m, --manageport - manage port number - second part of the active + port forwarder connects to it (default: 50126) + -u, --users - the amount of users allowed to use this server + (default: 5) + -c, --cerfile - the name of the file with certificate + (default: cacert.pem) + -k, --keyfile - the name of the file with RSA key (default: server.rsa) + -f, --cfgfile - the name of the file with the configuration for the + active forwarder (server) + -p, --proto - type of server (tcp|udp) - for which protocol it will be + operating (default: tcp) + -O, --heavylog - logging everything to a logfile + -o, --lightlog - logging some data to a logfile + -v, --verbose - to be verbose - program won't enter the daemon mode + (use several times for greater effect) + --nossl - ssl is not used for transferring data (but it's still + used to establish a connection) (default: ssl is used) + --nozlib - zlib is not used for compressing data (default: + zlib is used) + --pass - set the password used for client identification + (default: no password) + -4, --ipv4 - use ipv4 only + -6, --ipv6 - use ipv6 only -EXAMPLE 1: + 2.2 afclient + ------------ -The use of it is extremely simple. Let's suppose we want to create http server on -our computer and we are behind masquerade or firewall: + Options: + -h, --help - prints this help + -n, --servername - where the second part of the active + port forwarder is running (required) + -m, --manageport - manage port number - server must be + listening on it (default: 50126) + -d, --hostname - the name of this host/remote host - the final + destination of the packets (default: the name + returned by hostname function) + -p, --portnum - the port we are forwarding the connection to (required) + -k, --keyfile - the name of the file with RSA key (default: client.rsa) + -u, --udpmode - udp mode - client will use udp protocol to + communicate with the hostname + -U, --reverseudp - reverse udp forwarding. Udp packets will be forwarded + from hostname:portnum (-p) to the server name:portnum + (-m) + -O, --heavylog - logging everything to a logfile + -o, --lightlog - logging some data to a logfile + -v, --verbose - to be verbose - program won't enter the daemon mode + (use several times for greater effect) + --pass - set the password used for client identification + (default: no password) + -4, --ipv4 - use ipv4 only + -6, --ipv6 - use ipv6 only + -l, --load - load a module for packets filtering + +================================================================================ + +=========== +3. EXAMPLES +=========== + + 3.1 tcp mode + ------------ + + local network |FireWall| Internet + || + || User 1 + || /(tcp) + AF Client <---Encrypted/Compressed channel---> AF Server + / || | \(tcp) + /(tcp) || (tcp)| User 2 + / || \ + Http server || User 3 + || -1) We have to find some machine on the net with external ip and shell account. -2) Use make to compile everything on that machine. (you can freely remove afclient - and client.rsa files) +The use of it is extremely simple. Let's suppose we want to create a http server +on our computer and we are behind a masquerade or a firewall: -3) You can edit config file or just type from the console: (to use config type -f ) - $ ./afserver +1) We have to find some machine on the net with an external ip and a shell + account. + +2) Use "make" to compile everything on that machine. (you can freely remove the + afclient and client.rsa files) + +3) You can edit the config file or just type from the console (to use the config + type -f ) : + $ ./afserver This will work, if you want to use default values: - - hostname will be taken from hostname function (it would be ideally, if there is - appropriate registration in /etc/hosts) + - hostname will be taken from hostname function (it would be ideally, if + there is appropriate registration in /etc/hosts) - server will be listening for users on port 50127 - server will be listening for client on port 50126 - server will be for maximum 5 users - server will forward tcp packets - there will be no logging and no verbose messages - there will be no password identification + - ip protocol family will be unspecified -4) We use make on our machine (we can delete everything apart afclient and client.rsa) +4) We use "make" on our machine (we can delete everything apart from afclient + and client.rsa) 5) We are typing from the console: - $ ./afclient -n -p 80 - Where is a string like : 'bastion.univ.gda.pl' or '153.19.7.200' + $ ./afclient -n -p 80 + Where is a string like : 'bastion.univ.gda.pl' or + '153.19.7.200' + +6) We can now enter with a web-browser to: :50127 and we + will enter to our computer in the fact. + + 3.2 reverse udp mode + -------------------- -6) We can now enter with webbrowser to : :50127 and we will enter to our - computer in the fact. + local network |FireWall| Internet + || (udp) + || User 1-------AF Client + || /(tcp) + AF Client <---Encrypted/Compressed channel---> AF Server + / || | + /(udp) || (tcp)| + / || / + Game server || AF Client-------User 2 + || (udp) -EXAMPLE 2: -Let's see how to use af to forward udp packets. Suppose we want to create a game server -on our computer (udp port 27960 on our machine): +Let's see how to use af to forward udp packets. Suppose we want to create a game +server on our computer (udp port 27960 on our machine): -1) - 4) is the same like in example 1. (but we add option: -t udp) +1) - 4) is the same like in example 1. (but we add option: -p udp) 5) We are typing from the console: $ ./afclient -u -n -p 27960 - Where is a name (or ip) of a host where our server is running. + Where is a name (or ip) of a host where our server is + running. + +6) Connecting to our game is more complicated. The user must use afclient to do + this. He has to specify the server he is connecting to and the port, which + his program will be listening on: + $ ./afclient -U -d -p -n \ + -m + Where is the name of the user machine (who wants to connect to our + game). is the port he will be connecting to. + is the name of the host where our server is running. is the + port on which the server is listening for users. In order to connect to our + game, the user has to connect to :. + +================================================================================ + +================ +4. BUGS/PROBLEMS +================ + +There are no known/open bugs at the moment. + +================================================================================ + +===== +NOTES +===== + +Active port forwarder is still under development, so please sent any comments, +bugs notices and suggestions about it to + +If you have some problems or want to share your opinions with others, feel free +to post a message at http://gray-world.net/board/ + +================================================================================ -6) Connecting to our game is more complicated. User must use afclient to do this. - He has to specify server he is connecting to and port which his program will be listening on: - $ ./afclient -U -d -p -n -m - Where is name of user machine (who wants to connect to our game). - is a port he will be connecting to. is a name of a host where our server - is running. is a port on which server is listening for users. - In order to connect to our game, user have to connect to :. +====== +THANKS +====== + Big thanks to the GW Team: -Active port forwarder is still under development, so please sent me any comments, bugs notices -and suggestions about it to jeremian@poczta.fm + to Alex + and Simon for testing AF and a lot of advices. + Thanks to Ilia Perevezentsev who read and corrected the +README file. -And thanks for using this software! + And thanks for using this software! LICENSE ------- - Active Port Forwarder is distributed under the terms of the GNU General Public License - v2.0 and is copyright (c) 2003 jeremian . - See the file COPYING for details. + Active Port Forwarder is distributed under the terms of the GNU General + Public License v2.0 and is copyright (c) 2003,2004 jeremian . See the file COPYING for details. -- cgit v1.1