Provided by: apf-client_0.8.4-1ubuntu3_amd64
NAME
afclient - active port forwarder client
SYNOPSIS
afclient [ options ] -n servername -p portnum
DESCRIPTION
Afclient is a port forwarding program designed to be efficient and easy to use. It connects to afserver to listenport (default listenport is 50126) and after a successful authorization afclient redirects all the data to the specified destination host:port.
EXAMPLES
afclient -n servername -p 22 program connects to servername:50126 and redirects data to local port 22 (becomes a daemon) afclient -n servername -p 22 -v the same as above, but verbose mode is enabled (program won't enter daemon mode) afclient -n servername -r program connects to servername:50126 in remote administration mode
OPTIONS
Basic options -n, --servername NAME name of the host, where afserver is running (required) -m, --manageport PORT manage port number - server must be listening on it (default: 50126) -d, --hostname NAME the name of this host/remote host - the final destination of the packets (default: the name returned by hostname function) -p, --portnum PORT the port we are forwarding connection to (required) --localname NAME local machine name for connection with afserver (used to bind socket to different interfaces) --localport NAME local port name for connection with afserver (used to bind socket to different addressees) --localdesname NAME local machine name for connections with destination application (used to bind socket to different interfaces) -V, --version display version number -h, --help prints help screen Authorization -i, --id STRING sends the id string to afserver --pass PASSWORD set the password used for client identification (default: no password) --ignorepkeys ignore invalid server's public keys Configuration -k, --keyfile FILE the name of the file with RSA key (default: client.rsa) -c, --cerfile the name of the file with certificate (default: no certificate used) -f, --cfgfile FILE the name of the file with the configuration for the afclient -s, --storefile the name of the file with stored public keys (default: known_hosts) -D, --dateformat FORMAT format of the date printed in logs (see 'man strftime' for details) (default: %d.%m.%Y %H:%M:%S) -K, --keep-alive N send keepalive packets every N seconds (default: not send keepalive packets) Auto-reconnection --ar-start enable auto-reconnection when afserver is not reachable on start (default: disabled) --ar-quit enable auto-reconnection after normal afserver quit (default: disabled) --noar disable auto-reconnection after premature afserver quit (default: enabled) -A, --ar-tries N try N times to reconnect (default: unlimited) -T, --ar-delay N wait N seconds between reconnect tries (default: 5) Modes -u, --udpmode udp mode - client will use udp protocol to communicate with the hostname:portnum -U, --reverseudp reverse udp forwarding. Udp packets will be forwarded from hostname:portnum to the server name:manageport -r, --remoteadmin remote administration mode. (using '-p PORT' will force afclient to use port rather than stdin-stdout) Logging -o, --log LOGCMD log choosen information to file/socket -v, --verbose to be verbose - program won't enter the daemon mode (use several times for greater effect) IP family -4, --ipv4 use ipv4 only -6, --ipv6 use ipv6 only Modules -l, --load load a module for user's packets filtering -L, --Load load a module for service's packets filtering HTTP/HTTPS PROXY -S, --use-https use https proxy instead of http proxy -P, --proxyname the name of the machine with proxy server -X, --proxyport the port used by proxy server (default: 8080) -C, --pa-cred U:P the user (U) and password (P) used in proxy authorization -B, --pa-t-basic the Basic type of proxy authorization (default)
REMOTE ADMINISTRATION
Remote administration mode is enabled by '-r, --remoteadmin' option. Required options: '-n, --servername NAME' After successful authorization stdin/stdout are used to communicate with user. All the commands parsing is done by afserver. Commands guaranteed to be available: help display help lcmd lists available commands quit quit connection For list of all available commands take a look at afserver(1). When '-p, --portnum PORT' is used, afclient listens for connection from user at NAME:PORT. NAME is set by '-d, --hostname' option or hostname() function, when the option is missing. When user quits (close the connection or send 'quit' command), afclient exits.
LOGCMD FORMAT
LOGCMD has the following synopsis: target,description,msgdesc Where target is file or sock description is filename or host,port and msgdesc is the subset of: LOG_T_ALL, LOG_T_USER, LOG_T_CLIENT, LOG_T_INIT, LOG_T_MANAGE, LOG_T_MAIN, LOG_I_ALL, LOG_I_CRIT, LOG_I_DEBUG, LOG_I_DDEBUG, LOG_I_INFO, LOG_I_NOTICE, LOG_I_WARNING, LOG_I_ERR written without spaces. Example: file,logfile,LOG_T_USER,LOG_T_CLIENT,LOG_I_INFO,LOG_I_NOTICE
MODULES
Afclient can use external modules for user's packets filtering ('-l, --load') and service's packets filtering ('-L, --Load'). Module file has to declare three functions: char* info(void); info() return values: - info about module Example: char* info(void) { return "Module tester v0.1"; } int allow(char* host, char* port); allow() return values: 0 - allow to connect !0 - drop the connection Example: int allow(char* host, char* port) { return 0; /* allow to connect */ } int filter(char* host, unsigned char* message, int* length); filter() return values: 0 - allow to transfer 1 - drop the packet 2 - drop the connection 3 - release the module 4 - drop the packet and release the module 5 - drop the connection and release the module Example: int filter(char* host, unsigned char* message, int* length) { int i; for (i = 1; i < *length; ++i) { if (message[i-1] == 'M') { if (message[i] == '1') { return 1; /* ignored */ } if (message[i] == '2') { return 2; /* dropped */ } if (message[i] == '3') { return 3; /* release */ } if (message[i] == '4') { return 4; /* ignored + release */ } if (message[i] == '5') { return 5; /* dropped + release */ } } } return 0; /* allow to transfer */ } Modules have to be compiled with -fPIC -shared options.
SEE ALSO
afclient.conf(5), afserver(1), afserver.conf(5)
BUGS
Afclient is still under development. There are no known open bugs at the moment.
REPORTING BUGS
Please report bugs to <jeremian [at] poczta.fm>
AUTHOR
Jeremian <jeremian [at] poczta.fm>
CONTRIBUTIONS
Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru>, Marco Solari <marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen <rozzin [at] geekspace.com>
LICENSE
Active Port Forwarder is distributed under the terms of the GNU General Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian [at] poczta.fm>. See the file COPYING for details.