afclient(1) afclient(1)
NAME
afclient - active port forwarder client
SYNOPSIS
afclient [ options ] -n servername -p portnum
DESCRIPTION
Afclient is a port forwarding program designed to be efficient and easy
to use. It connects to afserver to listenport (default listenport is
50126) and after a successful authorization afclient redirects all the
data to the specified destination host:port.
EXAMPLES
afclient -n servername -p 22
program connects to servername:50126 and redirects data to local port
22 (becomes a daemon)
afclient -n servername -p 22 -v
the same as above, but verbose mode is enabled (program won't enter
daemon mode)
afclient -n servername -r
program connects to servername:50126 in remote administration mode
OPTIONS
Basic options
-n, --servername NAME
name of the host, where afserver is running (required)
-m, --manageport PORT
manage port number - server must be listening on it (default: 50126)
-d, --hostname NAME
the name of this host/remote host - the final destination of the
packets (default: the name returned by hostname function)
-p, --portnum PORT
the port we are forwarding connection to (required)
--localname NAME
local machine name for connection with afserver (used to bind socket
to different interfaces)
--localport NAME
local port name for connection with afserver (used to bind socket to
different addressees)
--localdesname NAME
local machine name for connections with destination application (used
to bind socket to different interfaces)
-V, --version
display version number
-h, --help
prints help screen
Authorization
-i, --id STRING
sends the id string to afserver
--pass PASSWORD
set the password used for client identification (default: no pass-
word)
--ignorepkeys
ignore invalid server's public keys
Configuration
-k, --keyfile FILE
the name of the file with RSA key (default: client.rsa)
-f, --cfgfile FILE
the name of the file with the configuration for the afclient
-s, --storefile
the name of the file with stored public keys (default: known_hosts)
-D, --dateformat FORMAT
format of the date printed in logs (see 'man strftime' for details)
(default: %d.%m.%Y %H:%M:%S)
-K, --keep-alive N
send keepalive packets every N seconds (default: not send keepalive
packets)
Auto-reconnection
--ar-start
enable auto-reconnection when afserver is not reachable on start
(default: disabled)
--ar-quit
enable auto-reconnection after normal afserver quit (default: dis-
abled)
--noar
disable auto-reconnection after premature afserver quit (default:
enabled)
-A, --ar-tries N
try N times to reconnect (default: unlimited)
-T, --ar-delay N
wait N seconds between reconnect tries (default: 5)
Modes
-u, --udpmode
udp mode - client will use udp protocol to communicate with the host-
name:portnum
-U, --reverseudp
reverse udp forwarding. Udp packets will be forwarded from host-
name:portnum to the server name:manageport
-r, --remoteadmin
remote administration mode. (using '-p PORT' will force afclient to
use port rather than stdin-stdout)
Logging
-o, --log LOGCMD
log choosen information to file/socket
-v, --verbose
to be verbose - program won't enter the daemon mode (use several
times for greater effect)
IP family
-4, --ipv4
use ipv4 only
-6, --ipv6
use ipv6 only
Modules
-l, --load
load a module for user's packets filtering
-L, --Load
load a module for service's packets filtering
HTTP/HTTPS PROXY
-S, --use-https
use https proxy instead of http proxy
-P, --proxyname
the name of the machine with proxy server
-X, --proxyport
the port used by proxy server (default: 8080)
-C, --pa-cred U:P
the user (U) and password (P) used in proxy authorization
-B, --pa-t-basic
the Basic type of proxy authorization (default)
REMOTE ADMINISTRATION
Remote administration mode is enabled by '-r, --remoteadmin' option.
Required options: '-n, --servername NAME'
After successful authorization stdin/stdout are used to communicate
with user. All the commands parsing is done by afserver. Commands
guaranteed to be available:
help
display help
lcmd
lists available commands
quit
quit connection
For list of all available commands take a look at afserver(1).
When '-p, --portnum PORT' is used, afclient listens for connection from
user at NAME:PORT. NAME is set by '-d, --hostname' option or hostname()
function, when the option is missing.
When user quits (close the connection or send 'quit' command), afclient
exits.
LOGCMD FORMAT
LOGCMD has the following synopsis: target,description,msgdesc
Where target is file or sock
description is filename or host,port
and msgdesc is the subset of:
LOG_T_ALL, LOG_T_USER, LOG_T_CLIENT, LOG_T_INIT, LOG_T_MANAGE,
LOG_T_MAIN, LOG_I_ALL, LOG_I_CRIT, LOG_I_DEBUG, LOG_I_DDEBUG,
LOG_I_INFO, LOG_I_NOTICE, LOG_I_WARNING, LOG_I_ERR
written without spaces.
Example:
file,logfile,LOG_T_USER,LOG_T_CLIENT,LOG_I_INFO,LOG_I_NOTICE
MODULES
Afclient can use external modules for user's packets filtering ('-l,
--load') and service's packets filtering ('-L, --Load'). Module file
has to declare three functions:
char* info(void);
info() return values:
- info about module
Example:
char*
info(void)
{
return "Module tester v0.1";
}
int allow(char* host, char* port);
allow() return values:
0 - allow to connect
!0 - drop the connection
Example:
int
allow(char* host, char* port)
{
return 0; /* allow to connect */
}
int filter(char* host, unsigned char* message, int* length);
filter() return values:
0 - allow to transfer
1 - drop the packet
2 - drop the connection
3 - release the module
4 - drop the packet and release the module
5 - drop the connection and release the module
Example:
int
filter(char* host, unsigned char* message, int* length)
{
int i;
for (i = 1; i < *length; ++i) {
if (message[i-1] == 'M') {
if (message[i] == '1') {
return 1; /* ignored */
}
if (message[i] == '2') {
return 2; /* dropped */
}
if (message[i] == '3') {
return 3; /* release */
}
if (message[i] == '4') {
return 4; /* ignored + release */
}
if (message[i] == '5') {
return 5; /* dropped + release */
}
}
}
return 0; /* allow to transfer */
}
Modules have to be compiled with -fPIC -shared options.
SEE ALSO
afclient.conf(5), afserver(1), afserver.conf(5)
BUGS
Afclient is still under development. There are no known open bugs at
the moment.
REPORTING BUGS
Please report bugs to <jeremian [at] poczta.fm>
AUTHOR
Jeremian <jeremian [at] poczta.fm>
CONTRIBUTIONS
Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at] entreeli-
bre.com>, Ilia Perevezentsev <iliaper [at] mail.ru> and Marco Solari
<marco.solari [at] koinesistemi.it>
LICENSE
Active Port Forwarder is distributed under the terms of the GNU General
Public License v2.0 and is copyright (C) 2003-2006 jeremian <jeremian
[at] poczta.fm>. See the file COPYING for details.
Jeremian apf 0.8.2 afclient(1)
