# This is an example configuration file for active port forwarder (server)
# Firstly, we have to declare our files with key and certificate

cerfile	server-cert.pem

# Please note, that we can place only blank characters between words

keyfile		server.rsa

# Logging can be enabled by log option. The argument to this option must
# be in the form:
#     target,description,msgdesc

log	      file,logfile,LOG_T_ALL,LOG_I_CRIT,LOG_I_ERR,LOG_I_WARNING

# we we could also want to use sockets instead of files

#log      sock,localhost,LOG_T_ALL,LOG_I_ALL

#dateformat %Y-%m-%d %H:%M:%S

# And it's time to create forwarding targets (named realms here)

#realm indicates a new set of commands to a server
#realmname is optional
realm my realm

#options        values

#hostname  <yourhostname> #this is the name of the server (used to choose interface)
listenport    50127      #portnumber on which server is listening for users
manageport    50126     #portnumber on which server is listening for afclient
#users     5           #amount of users we are allowing to connect (>0) (default: 5)
#timeout   5          #timeout value for the client's connection (>0) (default: 5)
#maxidle   300        #the maximum idle time for the client's connection (>0) (default: disabled)
#clients   1          #number of allowed clients for this realm (>0) (default: 1)
#usrpcli   $users     #allowed users per client for this realm (>0) (default: $users)
#climode   1          #strategy used for connecting users with clients (1) (default: 1)
#proto     tcp       #type of the realm (which protocol it will forward (tcp|udp) (default: tcp)
#pass   mypassword  #this is a password used for client identification
#raclients 1         #number of allowed clients in remote administration mode (>0) (default: 1)
#nossl                #don't use ssl for data transfer
#nozlib                #don't use zlib
#baseport               #listenports are temporary and differ for each client
#audit                   #additional information about connections are logged
#dnslookups              #try to obtain dns names of the computers
#ipv4                   #use ipv4 only
#ipv6                  #use ipv6 only
#cacerfile filename  #the name of the file with CA certificates
                    # (if used, require clients to have valid certificates)
#cerdepth          #the maximum depth of valid certificate-chains

# and now the second realm

realm
listenport    50125
manageport    50124