afclient(1)
NAME
afclient - active port forwarder client
SYNOPSIS
afclient [ options ] -n servername -p portnum
DESCRIPTION
Afclient is a port forwarding program designed to be efficient and easy
to use. It connects to afserver to listenport (default listenport is
50126) and after a successful authorization afclient redirects all the
data to the specified destination host:port.
EXAMPLES
- afclient -n servername -p 22
- program connects to servername:50126 and redirects data to local port
- 22 (becomes a daemon)
- afclient -n servername -p 22 -v
- the same as above, but verbose mode is enabled (program won't enter
- daemon mode)
- afclient -n servername -r
- program connects to servername:50126 in remote administration mode
OPTIONS
Basic options
- -n, --servername NAME
- name of the host, where afserver is running (required)
- -m, --manageport PORT
- manage port number - server must be listening on it (default: 50126)
- -d, --hostname NAME
- the name of this host/remote host - the final destination of the
- packets (default: the name returned by hostname function)
- -p, --portnum PORT
- the port we are forwarding connection to (required)
- --localname NAME
- local machine name for connection with afserver (used to bind socket
- to different interfaces)
- --localport NAME
- local port name for connection with afserver (used to bind socket to
- different addressees)
- --localdesname NAME
- local machine name for connections with destination application (used
- to bind socket to different interfaces)
- -V, --version
- display version number
- -h, --help
- prints help screen
- Authorization
- -i, --id STRING
- sends the id string to afserver
- --pass PASSWORD
- set the password used for client identification (default: no pass
- word)
- --ignorepkeys
- ignore invalid server's public keys
- Configuration
- -k, --keyfile FILE
- the name of the file with RSA key (default: client.rsa)
- -c, --cerfile
- the name of the file with certificate (default: no certificate used)
- -f, --cfgfile FILE
- the name of the file with the configuration for the afclient
- -s, --storefile
- the name of the file with stored public keys (default: known_hosts)
- -D, --dateformat FORMAT
- format of the date printed in logs (see 'man strftime' for details)
- (default: %d.%m.%Y %H:%M:%S)
- -K, --keep-alive N
- send keepalive packets every N seconds (default: not send keepalive
- packets)
- Auto-reconnection
- --ar-start
- enable auto-reconnection when afserver is not reachable on start
- (default: disabled)
- --ar-quit
- enable auto-reconnection after normal afserver quit (default: dis
- abled)
- --noar
- disable auto-reconnection after premature afserver quit (default:
- enabled)
- -A, --ar-tries N
- try N times to reconnect (default: unlimited)
- -T, --ar-delay N
- wait N seconds between reconnect tries (default: 5)
- Modes
- -u, --udpmode
- udp mode - client will use udp protocol to communicate with the host
- name:portnum
- -U, --reverseudp
- reverse udp forwarding. Udp packets will be forwarded from host
- name:portnum to the server name:manageport
- -r, --remoteadmin
- remote administration mode. (using '-p PORT' will force afclient to
- use port rather than stdin-stdout)
- Logging
- -o, --log LOGCMD
- log choosen information to file/socket
- -v, --verbose
- to be verbose - program won't enter the daemon mode (use several
- times for greater effect)
- IP family
- -4, --ipv4
- use ipv4 only
- -6, --ipv6
- use ipv6 only
- Modules
- -l, --load
- load a module for user's packets filtering
- -L, --Load
- load a module for service's packets filtering
- HTTP/HTTPS PROXY
- -S, --use-https
- use https proxy instead of http proxy
- -P, --proxyname
- the name of the machine with proxy server
- -X, --proxyport
- the port used by proxy server (default: 8080)
- -C, --pa-cred U:P
- the user (U) and password (P) used in proxy authorization
- -B, --pa-t-basic
- the Basic type of proxy authorization (default)
REMOTE ADMINISTRATION
Remote administration mode is enabled by '-r, --remoteadmin' option. Required options: '-n, --servername NAME'
After successful authorization stdin/stdout are used to communicate
with user. All the commands parsing is done by afserver. Commands
guaranteed to be available:
- help
- display help
- lcmd
- lists available commands
- quit
- quit connection
- For list of all available commands take a look at afserver(1).
- When '-p, --portnum PORT' is used, afclient listens for connection from user at NAME:PORT. NAME is set by '-d, --hostname' option or hostname() function, when the option is missing.
- When user quits (close the connection or send 'quit' command), afclient exits.
LOGCMD FORMAT
LOGCMD has the following synopsis: target,description,msgdesc
Where target is file or sock
description is filename or host,port
and msgdesc is the subset of:
LOG_T_ALL, LOG_T_USER, LOG_T_CLIENT, LOG_T_INIT, LOG_T_MANAGE, LOG_T_MAIN, LOG_I_ALL, LOG_I_CRIT, LOG_I_DEBUG, LOG_I_DDEBUG, LOG_I_INFO, LOG_I_NOTICE, LOG_I_WARNING, LOG_I_ERR
- written without spaces.
- Example:
- file,logfile,LOG_T_USER,LOG_T_CLIENT,LOG_I_INFO,LOG_I_NOTICE
MODULES
Afclient can use external modules for user's packets filtering ('-l,
--load') and service's packets filtering ('-L, --Load'). Module file
has to declare three functions:
- char* info(void);
- info() return values:
- info about module - Example:
- char*
info(void)
{return "Module tester v0.1"; - }
- int allow(char* host, char* port);
allow() return values:
0 - allow to connect
!0 - drop the connection- Example:
- int
allow(char* host, char* port)
{return 0; /* allow to connect */ - }
- int filter(char* host, unsigned char* message, int* length);
filter() return values:
0 - allow to transfer
1 - drop the packet
2 - drop the connection
3 - release the module
4 - drop the packet and release the module
5 - drop the connection and release the module- Example:
- int
filter(char* host, unsigned char* message, int* length)
{int i;
for (i = 1; i < *length; ++i) {if (message[i-1] == 'M') {if (message[i] == '1') {return 1; /* ignored */}
if (message[i] == '2') {return 2; /* dropped */}
if (message[i] == '3') {return 3; /* release */}
if (message[i] == '4') {return 4; /* ignored + release */}
if (message[i] == '5') {return 5; /* dropped + release */}}}
return 0; /* allow to transfer */ - }
- Modules have to be compiled with -fPIC -shared options.
SEE ALSO
afclient.conf(5), afserver(1), afserver.conf(5)
BUGS
Afclient is still under development. There are no known open bugs at
the moment.
REPORTING BUGS
Please report bugs to <jeremian [at] poczta.fm>
AUTHOR
Jeremian <jeremian [at] poczta.fm>
CONTRIBUTIONS
Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru>, Marco Solari
<marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen <rozzin
[at] geekspace.com>
LICENSE
- Active Port Forwarder is distributed under the terms of the GNU General
Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian
[at] poczta.fm>. See the file COPYING for details.