[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwtk-users
Subject:    [fwtk-users] plug-gw legacy syntax fix
From:       ArkanoiD <ark () eltex ! net>
Date:       2007-02-22 12:34:23
Message-ID: 20070222123423.GA18403 () eltex ! net
[Download RAW message or body]

Seems that legacy (TIS-compatible) netperm-table syntax for plug-gw
was broken.

Here is a fix.

http://milliways.chance.ru/~ark/soft/openfwtk-snapshot-feb2007-4.tar.gz

A small README is included now:

plug-gw is a simple tcp "plug proxy", which implements "circuit gateway"
for any tcp-based protocol that does not rely on ip addresses embedded
in data stream.

It supports two configuration syntax types:

a) legacy, kept for TIS fwtk compatibility:

plug-gw: port <number> <host> [<host>..] -plug-to <dst> [-port <number>] [extra options]

you may specify port number as command line argument, if there is none, getsockname()
will be used.

b) new one, similar to other OpenFWTK proxies:

plug-gw: [permit-]hosts <host> [<host>..] -plug-to <dst> [-port <number>] [extra options]

You may make a link to plug-gw giving it other name, say, my-gw, and my-gw lines will
be read from netperm-table. You may also call it with argument "-as my-gw", which leads
to similar result.

Options are:

-client-encrypt <method> (blowfish only at the moment) - use simple and ugly encryption
-client-md5key <password> - specify PSK
-server-encrypt <method> - same for server connection
-server-md5key <password> - ditto
-privport - use privileged port to originate connection
-authuser <username> - treat connection as authenticated with user name (for extended permissions)
-authreq <username> - authenticate via SSO keepalive request to authentication console
-extnd - check extended authorizetion from authsrv
-transparent - select destination from tranparency engine
-client-dscp <mark> - mark traffic for QoS-aware router
-server-dscp <mark> - same for server connection
#ifdef  USE_SSL
-ssl-client - enable ssl connection
-ssl-server - same for server
-client-verify - verify certificate
-server-verify - same for server


_______________________________________________
Fwtk-users mailing list
Fwtk-users@buoy.com
http://www.buoy.com/mailman/listinfo/fwtk-users
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic