NAME
afserver - active port forwarder server
SYNOPSIS
afserver [ options ]
DESCRIPTION
Afserver is a port forwarding program designed to be efficient and easy
to use. It listens for incoming afclient connections at listenport
(default listenport is 50126). After successful client authorization,
afserver listens for incoming user connections. When a new user
connection is opened, all the data is redirected to previously
connected afclient, which redirects it to the specified destination
host:port.
EXAMPLES
afserver
program starts with default options (become a daemon)
afserver -v
verbose mode is enabled (program won’t enter daemon mode)
afserver -n localhost -l 5435 -m 6375
program will listen on localhost:5435 for users and on localhost:6375
for clients
OPTIONS
Basic options
-n, --hostname NAME
used when creating listening sockets (default: ’’)
-l, --listenport [HOST:]PORT
listening [host:]port number - users connect to it (default: 50127)
-m, --manageport [HOST:]PORT
manage [host:]port number - afclient connects to it (default: 50126)
-V, --version
display version number
-h, --help
prints help screen
Authorization
--pass PASSWORD
password used for client identification (default: no password)
Configuration
-c, --cerfile FILE
the name of the file with certificate (default: server-cert.pem)
-A, --cacerfile FILE
the name of the file with CA certificates (if used, require clients
to have valid certificates)
-d, --cerdepth
the maximum depth of valid certificate-chains
-k, --keyfile FILE
the name of the file with RSA key (default: server.rsa)
-f, --cfgfile FILE
the name of the file with the configuration for the afserver
-D, --dateformat FORMAT
format of the date printed in logs (see ’man strftime’ for details)
(default: %d.%m.%Y %H:%M:%S)
-t, --timeout N
the timeout value for the client’s connection (default: 5)
--maxidle N
the maximum idle time for the client’s connection (default: disabled)
-u, --users N
the amount of users allowed to use this server (default: 5)
-C, --clients N
the number of allowed clients to use this server (default: 1)
-r, --realm
set the realm name (default: none)
-R, --raclients N
the number of allowed clients in remote administration mode to use
this server (default: 1)
-U, --usrpcli N
the number of allowed users per client (default: $users)
-M, --climode N
strategy used to connect users with clients (default: 1)
Available strategies:
1. fill first client before go to next
-p, --proto TYPE
type of server (tcp|udp) - what protocol it will be operating for
(default: tcp)
-b, --baseport
listenports are temporary and differ for each client
-a, --audit
additional information about connections are logged
--nossl
ssl is not used to transfer data (but it’s still used to establish a
connection) (default: ssl is used)
--nozlib
zlib is not used to compress data (default: zlib is used)
--dnslookups
try to obtain dns names of the computers rather than their numeric IP
Logging
-o, --log LOGCMD
log choosen information to file/socket
-v, --verbose
to be verbose - program won’t enter the daemon mode (use several
times for greater effect)
IP family
-4, --ipv4
use ipv4 only
-6, --ipv6
use ipv6 only
HTTP PROXY
-P, --enableproxy
enable http proxy mode
REMOTE ADMINISTRATION
Currently available commands are:
help
display help
lcmd
lists available commands
info
prints info about server
rshow
display realms
cshow X
display clients in X realm
ushow X
display users in X realm
quit
quit connection
timeout N X
set timeout value in X realm
audit {0|1} X
set audit mode in X realm
dnslookups {0|1} X
set dnslookups mode in X realm
dateformat S
set dateformat
kuser S
kick user named S
kclient N
kick client with number N
LOGCMD FORMAT
LOGCMD has the following synopsis: target,description,msgdesc
Where target is file or sock
description is filename or host,port
and msgdesc is the subset of:
LOG_T_ALL, LOG_T_USER, LOG_T_CLIENT, LOG_T_INIT, LOG_T_MANAGE,
LOG_T_MAIN, LOG_I_ALL, LOG_I_CRIT, LOG_I_DEBUG, LOG_I_DDEBUG,
LOG_I_INFO, LOG_I_NOTICE, LOG_I_WARNING, LOG_I_ERR
written without spaces.
Example:
file,filename,LOG_T_ALL,LOG_I_CRIT,LOG_I_ERR,LOG_I_WARNING
SEE ALSO
afserver.conf(5), afclient(1), afclient.conf(5)
BUGS
Afserver is still under development. There are no known open bugs at
the moment.
REPORTING BUGS
Please report bugs to <jeremian [at] poczta.fm>
AUTHOR
Jeremian <jeremian [at] poczta.fm>
CONTRIBUTIONS
Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at]
entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru> Marco
Solari <marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen
<rozzin [at] geekspace.com>
LICENSE
Active Port Forwarder is distributed under the terms of the GNU General
Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian
[at] poczta.fm>. See the file COPYING for details.