SYNOPSIS

afclient [ options ] -n servername -p portnum

DESCRIPTION

Afclient is a port forwarding program designed to be efficient and easy to use. It connects to afserver to listenport (default listenport is 50126) and after a successful authorization afclient redirects all the data to the specified destination host:port.

EXAMPLES

afclient -n servername -p 22

  program connects to servername:50126 and redirects data to local port 22 (becomes a daemon)

afclient -n servername -p 22 -v

  the same as above, but verbose mode is enabled (program won't enter daemon mode)

afclient -n servername -r

  program connects to servername:50126 in remote administration mode

OPTIONS

Basic options

-n, --servername NAME

  name of the host, where

afserver is running (required)

-m, --manageport PORT

  manage port number - server must be listening on it (default: 50126)

-d, --hostname NAME

  the name of this host/remote host - the final destination of the packets (default: the name returned by hostname function)

-p, --portnum PORT

  the port we are forwarding connection to (required)

--localname NAME

  local machine name for connection with afserver (used to bind socket to different interfaces)

--localport NAME

  local port name for connection with afserver (used to bind socket to different addressees)

--localdesname NAME

  local machine name for connections with destination application (used to bind socket to different interfaces)

-V, --version

  display version number

-h, --help

  prints help screen

Authorization

-i, --id STRING

  sends the id string to afserver

--pass PASSWORD

  set the password used for client identification (default: no password)

--ignorepkeys

  ignore invalid server's public keys

Configuration

-k, --keyfile FILE

  the name of the file with RSA key (default: client.rsa)

-c, --cerfile

  the name of the file with certificate (default: no certificate used)

-f, --cfgfile FILE

  the name of the file with the configuration for the

afclient

-s, --storefile

  the name of the file with stored public keys (default: known_hosts)

-D, --dateformat FORMAT

  format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S)

-K, --keep-alive N

  send keepalive packets every N seconds (default: not send keepalive packets)

Auto-reconnection

--ar-start

  enable auto-reconnection when afserver is not reachable on start (default: disabled)

--ar-quit

  enable auto-reconnection after normal afserver quit (default: disabled)

--noar

  disable auto-reconnection after premature afserver quit (default: enabled)

-A, --ar-tries N

  try N times to reconnect (default: unlimited)

-T, --ar-delay N

  wait N seconds between reconnect tries (default: 5)

Modes

-u, --udpmode

  udp mode - client will use udp protocol to communicate with the hostname:portnum

-U, --reverseudp

  reverse udp forwarding. Udp packets will be forwarded from hostname:portnum to the server name:manageport

-r, --remoteadmin

  remote administration mode. (using '-p PORT' will force afclient to use port rather than stdin-stdout)

Logging

-o, --log LOGCMD

  log choosen information to file/socket

-v, --verbose

  to be verbose - program won't enter the daemon mode (use several times for greater effect)

IP family

-4, --ipv4

  use ipv4 only

-6, --ipv6

  use ipv6 only

Modules

-l, --load

  load a module for user's packets filtering

-L, --Load

  load a module for service's packets filtering

HTTP/HTTPS PROXY

-S, --use-https

  use https proxy instead of http proxy

-P, --proxyname

  the name of the machine with proxy server

-X, --proxyport

  the port used by proxy server (default: 8080)

-C, --pa-cred U:P

  the user (U) and password (P) used in proxy authorization

-B, --pa-t-basic

  the Basic type of proxy authorization (default)

REMOTE ADMINISTRATION

Remote administration mode is enabled by '-r, --remoteadmin' option. Required options: '-n, --servername NAME'

After successful authorization stdin/stdout are used to communicate with user. All the commands parsing is done by afserver. Commands guaranteed to be available:

help

  display help

lcmd

  lists available commands

quit

  quit connection

For list of all available commands take a look at afserver(1).

When '-p, --portnum PORT' is used, afclient listens for connection from user at NAME:PORT. NAME is set by '-d, --hostname' option or hostname() function, when the option is missing.

When user quits (close the connection or send 'quit' command), afclient exits.

LOGCMD FORMAT

LOGCMD has the following synopsis: target,description,msgdesc

Where target is file or sock

description is filename or host,port

and msgdesc is the subset of:

LOG_T_ALL, LOG_T_USER, LOG_T_CLIENT, LOG_T_INIT, LOG_T_MANAGE, LOG_T_MAIN, LOG_I_ALL, LOG_I_CRIT, LOG_I_DEBUG, LOG_I_DDEBUG, LOG_I_INFO, LOG_I_NOTICE, LOG_I_WARNING, LOG_I_ERR

written without spaces.

  Example:
  file,logfile,LOG_T_USER,LOG_T_CLIENT,LOG_I_INFO,LOG_I_NOTICE

MODULES

Afclient can use external modules for user's packets filtering ('-l, --load') and service's packets filtering ('-L, --Load'). Module file has to declare three functions:

char* info(void);

  info() return values:
  - info about module
  Example:
  char*
  info(void)
  {
    return "Module tester v0.1";
  }

int allow(char* host, char* port);

  allow() return values:
  0 - allow to connect
  !0 - drop the connection
  Example:
  int
  allow(char* host, char* port)
  {
    return 0; /* allow to connect */
  }

int filter(char* host, unsigned char* message, int* length);

  filter() return values:
  0 - allow to transfer
  1 - drop the packet
  2 - drop the connection
  3 - release the module
  4 - drop the packet and release the module
  5 - drop the connection and release the module
  Example:
  int
  filter(char* host, unsigned char* message, int* length)
  {
    int i;
    for (i = 1; i < *length; ++i) {
      if (message[i-1] == 'M') {
        if (message[i] == '1') {
          return 1; /* ignored */
        }
        if (message[i] == '2') {
          return 2; /* dropped */
        }
        if (message[i] == '3') {
          return 3; /* release */
        }
        if (message[i] == '4') {
          return 4; /* ignored + release */
        }
        if (message[i] == '5') {
          return 5; /* dropped + release */
        }
      }
    }
    return 0; /* allow to transfer */
  }

Modules have to be compiled with -fPIC -shared options.

RELATED TO afclient…

BUGS

Afclient is still under development. There are no known open bugs at the moment.

REPORTING BUGS

Please report bugs to <jeremian [at] poczta.fm>

AUTHOR

Jeremian <jeremian [at] poczta.fm>

CONTRIBUTIONS

Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru>, Marco Solari <marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen <rozzin [at] geekspace.com>

LICENSE

Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.