Provided by: apf-client_0.8.4-1ubuntu3_amd64 bug

NAME

       afclient - active port forwarder client

SYNOPSIS

       afclient [ options ] -n servername -p portnum

DESCRIPTION

       Afclient  is  a  port  forwarding  program  designed  to  be efficient and easy to use. It
       connects to afserver to listenport (default listenport is 50126) and  after  a  successful
       authorization afclient redirects all the data to the specified destination host:port.

EXAMPLES

       afclient -n servername -p 22
         program  connects  to  servername:50126  and  redirects data to local port 22 (becomes a
       daemon)

       afclient -n servername -p 22 -v
         the same as above, but verbose mode is enabled (program won't enter daemon mode)

       afclient -n servername -r
         program connects to servername:50126 in remote administration mode

OPTIONS

       Basic options

       -n, --servername NAME
         name of the host, where afserver is running (required)

       -m, --manageport PORT
         manage port number - server must be listening on it (default: 50126)

       -d, --hostname NAME
         the name of this host/remote host - the final destination of the packets  (default:  the
       name returned by hostname function)

       -p, --portnum PORT
         the port we are forwarding connection to (required)

       --localname NAME
         local  machine  name  for  connection  with  afserver  (used to bind socket to different
       interfaces)

       --localport NAME
         local port name  for  connection  with  afserver  (used  to  bind  socket  to  different
       addressees)

       --localdesname NAME
         local  machine name for connections with destination application (used to bind socket to
       different interfaces)

       -V, --version
         display version number

       -h, --help
         prints help screen

       Authorization

       -i, --id STRING
         sends the id string to afserver

       --pass PASSWORD
         set the password used for client identification (default: no password)

       --ignorepkeys
         ignore invalid server's public keys

       Configuration

       -k, --keyfile FILE
         the name of the file with RSA key (default: client.rsa)

       -c, --cerfile
         the name of the file with certificate (default: no certificate used)

       -f, --cfgfile FILE
         the name of the file with the configuration for the afclient

       -s, --storefile
         the name of the file with stored public keys (default: known_hosts)

       -D, --dateformat FORMAT
         format of the date printed in logs (see 'man strftime' for details)  (default:  %d.%m.%Y
       %H:%M:%S)

       -K, --keep-alive N
         send keepalive packets every N seconds (default: not send keepalive packets)

       Auto-reconnection

       --ar-start
         enable auto-reconnection when afserver is not reachable on start (default: disabled)

       --ar-quit
         enable auto-reconnection after normal afserver quit (default: disabled)

       --noar
         disable auto-reconnection after premature afserver quit (default: enabled)

       -A, --ar-tries N
         try N times to reconnect (default: unlimited)

       -T, --ar-delay N
         wait N seconds between reconnect tries (default: 5)

       Modes

       -u, --udpmode
         udp mode - client will use udp protocol to communicate with the hostname:portnum

       -U, --reverseudp
         reverse  udp  forwarding.  Udp  packets  will  be forwarded from hostname:portnum to the
       server name:manageport

       -r, --remoteadmin
         remote administration mode. (using '-p PORT' will force afclient to use port rather than
       stdin-stdout)

       Logging

       -o, --log LOGCMD
         log choosen information to file/socket

       -v, --verbose
         to  be  verbose  -  program  won't  enter the daemon mode (use several times for greater
       effect)

       IP family

       -4, --ipv4
         use ipv4 only

       -6, --ipv6
         use ipv6 only

       Modules

       -l, --load
         load a module for user's packets filtering

       -L, --Load
         load a module for service's packets filtering

       HTTP/HTTPS PROXY

       -S, --use-https
         use https proxy instead of http proxy

       -P, --proxyname
         the name of the machine with proxy server

       -X, --proxyport
         the port used by proxy server (default: 8080)

       -C, --pa-cred U:P
         the user (U) and password (P) used in proxy authorization

       -B, --pa-t-basic
         the Basic type of proxy authorization (default)

REMOTE ADMINISTRATION

       Remote administration mode is enabled by '-r,  --remoteadmin'  option.  Required  options:
       '-n, --servername NAME'

       After  successful  authorization  stdin/stdout  are used to communicate with user. All the
       commands parsing is done by afserver.  Commands guaranteed to be available:

       help
         display help

       lcmd
         lists available commands

       quit
         quit connection

       For list of all available commands take a look at afserver(1).

       When '-p, --portnum PORT' is used, afclient listens for connection from user at NAME:PORT.
       NAME is set by '-d, --hostname' option or hostname() function, when the option is missing.

       When user quits (close the connection or send 'quit' command), afclient exits.

LOGCMD FORMAT

       LOGCMD has the following synopsis: target,description,msgdesc

       Where target is file or sock

       description is filename or host,port

       and msgdesc is the subset of:

       LOG_T_ALL,  LOG_T_USER,  LOG_T_CLIENT,  LOG_T_INIT,  LOG_T_MANAGE,  LOG_T_MAIN, LOG_I_ALL,
       LOG_I_CRIT, LOG_I_DEBUG, LOG_I_DDEBUG, LOG_I_INFO, LOG_I_NOTICE, LOG_I_WARNING, LOG_I_ERR

       written without spaces.

         Example:

         file,logfile,LOG_T_USER,LOG_T_CLIENT,LOG_I_INFO,LOG_I_NOTICE

MODULES

       Afclient can use external  modules  for  user's  packets  filtering  ('-l,   --load')  and
       service's packets filtering ('-L, --Load').  Module file has to declare three functions:

       char* info(void);

         info() return values:
         - info about module

         Example:

         char*
         info(void)
         {
           return "Module tester v0.1";
         }

       int allow(char* host, char* port);

         allow() return values:
         0 - allow to connect
         !0 - drop the connection

         Example:

         int
         allow(char* host, char* port)
         {
           return 0; /* allow to connect */
         }

       int filter(char* host, unsigned char* message, int* length);

         filter() return values:
         0 - allow to transfer
         1 - drop the packet
         2 - drop the connection
         3 - release the module
         4 - drop the packet and release the module
         5 - drop the connection and release the module

         Example:

         int
         filter(char* host, unsigned char* message, int* length)
         {
           int i;
           for (i = 1; i < *length; ++i) {
             if (message[i-1] == 'M') {
               if (message[i] == '1') {
                 return 1; /* ignored */
               }
               if (message[i] == '2') {
                 return 2; /* dropped */
               }
               if (message[i] == '3') {
                 return 3; /* release */
               }
               if (message[i] == '4') {
                 return 4; /* ignored + release */
               }
               if (message[i] == '5') {
                 return 5; /* dropped + release */
               }
             }
           }
           return 0; /* allow to transfer */
         }

       Modules have to be compiled with -fPIC -shared options.

SEE ALSO

       afclient.conf(5), afserver(1), afserver.conf(5)

BUGS

       Afclient is still under development. There are no known open bugs at the moment.

REPORTING BUGS

       Please report bugs to <jeremian [at] poczta.fm>

AUTHOR

       Jeremian <jeremian [at] poczta.fm>

CONTRIBUTIONS

       Alex  Dyatlov  <alex  [at]  gray-world.net>,  Simon  <scastro  [at] entreelibre.com>, Ilia
       Perevezentsev <iliaper [at] mail.ru>, Marco Solari  <marco.solari  [at]  koinesistemi.it>,
       and Joshua Judson Rosen <rozzin [at] geekspace.com>

LICENSE

       Active  Port  Forwarder  is  distributed under the terms of the GNU General Public License
       v2.0 and is copyright (C) 2003-2007 jeremian  <jeremian  [at]  poczta.fm>.  See  the  file
       COPYING for details.