NAME¶

afclient - active port forwarder client

SYNOPSIS¶

afclient [ options ] -n servername -p portnum

DESCRIPTION¶

Afclient is a port forwarding program designed to be efficient and easy to use. It connects to afserver to listenport (default listenport is 50126) and after a successful authorization afclient redirects all the data to the specified destination host:port.

EXAMPLES¶

afclient -n servername -p 22
program connects to servername:50126 and redirects data to local port 22 (becomes a daemon) afclient -n servername -p 22 -v
the same as above, but verbose mode is enabled (program won't enter daemon mode) afclient -n servername -r
program connects to servername:50126 in remote administration mode

OPTIONS¶

Basic options -n, --servername NAME
name of the host, where afserver is running (required) -m, --manageport PORT
manage port number - server must be listening on it (default: 50126) -d, --hostname NAME
the name of this host/remote host - the final destination of the packets (default: the name returned by hostname function) -p, --portnum PORT
the port we are forwarding connection to (required) --localname NAME
local machine name for connection with afserver (used to bind socket to different interfaces) --localport NAME
local port name for connection with afserver (used to bind socket to different addressees) --localdesname NAME
local machine name for connections with destination application (used to bind socket to different interfaces) -V, --version
display version number -h, --help
prints help screen Authorization -i, --id STRING
sends the id string to afserver --pass PASSWORD
set the password used for client identification (default: no password) --ignorepkeys
ignore invalid server's public keys Configuration -k, --keyfile FILE
the name of the file with RSA key (default: client.rsa) -c, --cerfile
the name of the file with certificate (default: no certificate used) -f, --cfgfile FILE
the name of the file with the configuration for the afclient -s, --storefile
the name of the file with stored public keys (default: known_hosts) -D, --dateformat FORMAT
format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S) -K, --keep-alive N
send keepalive packets every N seconds (default: not send keepalive packets) Auto-reconnection --ar-start
enable auto-reconnection when afserver is not reachable on start (default: disabled) --ar-quit
enable auto-reconnection after normal afserver quit (default: disabled) --noar
disable auto-reconnection after premature afserver quit (default: enabled) -A, --ar-tries N
try N times to reconnect (default: unlimited) -T, --ar-delay N
wait N seconds between reconnect tries (default: 5) Modes -u, --udpmode
udp mode - client will use udp protocol to communicate with the hostname:portnum -U, --reverseudp
reverse udp forwarding. Udp packets will be forwarded from hostname:portnum to the server name:manageport -r, --remoteadmin
remote administration mode. (using '-p PORT' will force afclient to use port rather than stdin-stdout) Logging -o, --log LOGCMD
log choosen information to file/socket -v, --verbose
to be verbose - program won't enter the daemon mode (use several times for greater effect) IP family -4, --ipv4
use ipv4 only -6, --ipv6
use ipv6 only Modules -l, --load
load a module for user's packets filtering -L, --Load
load a module for service's packets filtering HTTP/HTTPS PROXY -S, --use-https
use https proxy instead of http proxy -P, --proxyname
the name of the machine with proxy server -X, --proxyport
the port used by proxy server (default: 8080) -C, --pa-cred U:P
the user (U) and password (P) used in proxy authorization -B, --pa-t-basic
the Basic type of proxy authorization (default)

REMOTE ADMINISTRATION¶

Remote administration mode is enabled by '-r, --remoteadmin' option. Required options: '-n, --servername NAME' After successful authorization stdin/stdout are used to communicate with user. All the commands parsing is done by afserver. Commands guaranteed to be available: help
display help lcmd
lists available commands quit
quit connection For list of all available commands take a look at afserver(1). When '-p, --portnum PORT' is used, afclient listens for connection from user at NAME:PORT. NAME is set by '-d, --hostname' option or hostname() function, when the option is missing. When user quits (close the connection or send 'quit' command), afclient exits.

LOGCMD FORMAT¶

LOGCMD has the following synopsis: target,description,msgdesc Where target is file or sock description is filename or host,port and msgdesc is the subset of: LOG_T_ALL, LOG_T_USER, LOG_T_CLIENT, LOG_T_INIT, LOG_T_MANAGE, LOG_T_MAIN, LOG_I_ALL, LOG_I_CRIT, LOG_I_DEBUG, LOG_I_DDEBUG, LOG_I_INFO, LOG_I_NOTICE, LOG_I_WARNING, LOG_I_ERR written without spaces.
Example:
file,logfile,LOG_T_USER,LOG_T_CLIENT,LOG_I_INFO,LOG_I_NOTICE

MODULES¶

Afclient can use external modules for user's packets filtering ('-l, --load') and service's packets filtering ('-L, --Load'). Module file has to declare three functions: char* info(void);
info() return values:
- info about module
Example:
char*
info(void)
{
return "Module tester v0.1";
} int allow(char* host, char* port);
allow() return values:
0 - allow to connect
!0 - drop the connection
Example:
int
allow(char* host, char* port)
{
return 0; /* allow to connect */
} int filter(char* host, unsigned char* message, int* length);
filter() return values:
0 - allow to transfer
1 - drop the packet
2 - drop the connection
3 - release the module
4 - drop the packet and release the module
5 - drop the connection and release the module
Example:
int
filter(char* host, unsigned char* message, int* length)
{
int i;
for (i = 1; i < *length; ++i) {
if (message[i-1] == 'M') {
if (message[i] == '1') {
return 1; /* ignored */
}
if (message[i] == '2') {
return 2; /* dropped */
}
if (message[i] == '3') {
return 3; /* release */
}
if (message[i] == '4') {
return 4; /* ignored + release */
}
if (message[i] == '5') {
return 5; /* dropped + release */
}
}
}
return 0; /* allow to transfer */
} Modules have to be compiled with -fPIC -shared options.

SEE ALSO¶

afclient.conf(5), afserver(1), afserver.conf(5)

BUGS¶

Afclient is still under development. There are no known open bugs at the moment.

REPORTING BUGS¶

Please report bugs to <jeremian [at] poczta.fm>

AUTHOR¶

Jeremian <jeremian [at] poczta.fm>

CONTRIBUTIONS¶

Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru>, Marco Solari <marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen <rozzin [at] geekspace.com>

LICENSE¶

Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.