From 0c8be907e970ced85ada96e4bac7f48332f05897 Mon Sep 17 00:00:00 2001
From: Vladimir Dubrovin <3proxy@3proxy.ru>
Date: Fri, 10 Apr 2026 15:01:43 +0300
Subject: [PATCH] -Ne / -Ni options added to specify external / internal NAT
address
---
doc/html/man8/socks.8.html | 66 ++++++++++++++++++++++++--------------
man/socks.8 | 14 ++++++--
src/proxymain.c | 4 ++-
src/socks.c | 20 ++++++++++--
src/structures.h | 2 ++
src/version.h | 2 ++
6 files changed, 78 insertions(+), 30 deletions(-)
diff --git a/doc/html/man8/socks.8.html b/doc/html/man8/socks.8.html
index 9bc808d..3a462df 100644
--- a/doc/html/man8/socks.8.html
+++ b/doc/html/man8/socks.8.html
@@ -57,11 +57,11 @@ connections and UDP portmapping.
cellspacing="0" cellpadding="0">
|
-
+ |
-I |
- |
+ |
@@ -69,11 +69,11 @@ connections and UDP portmapping.
only. |
|
-
+ |
-d |
- |
+ |
@@ -81,11 +81,11 @@ only. |
console and run in the background.
|
-
+ |
-t |
- |
+ |
@@ -93,11 +93,11 @@ console and run in the background. |
start/stop/accept error records.
|
-
+ |
-u |
- |
+ |
@@ -105,11 +105,11 @@ start/stop/accept error records. |
authentication
|
-
+ |
-e |
- |
+ |
@@ -120,25 +120,43 @@ connections. By default, the system will decide which
address to use in accordance with the routing table. |
|
-
+ |
- -N |
- |
+-Ne
+ |
External NAT address 3proxy
-reports to client for BIND and UDPASSOC. By default, the
-external address is reported. It’s only useful in the
-case of IP-IP NAT (will not work for PAT). |
+reports to client for CONNECT/BIND. This is external address
+of NAT between 3proxy and destination server. By default,
+the external address is reported. It’s only useful in
+the case of IP-IP NAT and does not work with port
+translation.
|
-
+ |
+
+
+ -Ni |
+ |
+
+
+
+ Internal NAT address 3proxy
+reports to client for UDPASSOC. This is external address of
+the NAT between 3proxy and the client, client uses to
+connect to 3proxy. By default, the internal address is
+reported. It’s only useful in the case of IP-IP NAT
+and does not work with port translation. |
+
+ |
+
-i |
- |
+ |
@@ -147,11 +165,11 @@ proxy accepts connections to. By default, connections to any
interface are accepted. It´s usually unsafe. |
|
-
+ |
-p |
- |
+ |
@@ -159,11 +177,11 @@ interface are accepted. It´s usually unsafe. |
incoming connections. Default is 1080.
|
-
+ |
-l |
- |
+ |
@@ -173,11 +191,11 @@ Under Unix, if ´@´ preceeds
logfile, syslog is used for logging. |
|
-
+ |
-S |
- |
+ |
diff --git a/man/socks.8 b/man/socks.8
index a3d6946..ccaaea8 100644
--- a/man/socks.8
+++ b/man/socks.8
@@ -33,10 +33,18 @@ from. External IP must be specified if you need incoming connections.
By default, the system will decide which address to use in accordance
with the routing table.
.TP
-.B -N
-External NAT address 3proxy reports to client for BIND and UDPASSOC.
+.B -Ne
+External NAT address 3proxy reports to client for CONNECT/BIND.
+This is external address of NAT between 3proxy and destination server.
By default, the external address is reported. It's only useful in the case
-of IP-IP NAT (will not work for PAT).
+of IP-IP NAT and does not work with port translation.
+.TP
+.B -Ni
+Internal NAT address 3proxy reports to client for UDPASSOC.
+This is external address of the NAT between 3proxy and the client, client
+uses to connect to 3proxy.
+By default, the internal address is reported. It's only useful in the case
+of IP-IP NAT and does not work with port translation.
.TP
.B -i
Internal address. IP address the proxy accepts connections to.
diff --git a/src/proxymain.c b/src/proxymain.c
index aa6aec8..9bd58b5 100644
--- a/src/proxymain.c
+++ b/src/proxymain.c
@@ -427,7 +427,9 @@ int MODULEMAINFUNC (int argc, char** argv){
}
break;
case 'N':
- getip46(46, (unsigned char *)argv[i]+2, (struct sockaddr *)&srv.extNat);
+ if(argv[i][3] == 'e') getip46(46, (unsigned char *)argv[i]+3, (struct sockaddr *)&srv.extNat);
+ else if(argv[i][3] == 'i') getip46(46, (unsigned char *)argv[i]+3, (struct sockaddr *)&srv.intNat);
+ else getip46(46, (unsigned char *)argv[i]+2, (struct sockaddr *)&srv.extNat);
break;
case 'p':
*SAPORT(&srv.intsa) = htons(atoi(argv[i]+2));
diff --git a/src/socks.c b/src/socks.c
index 431fc64..aee6d38 100644
--- a/src/socks.c
+++ b/src/socks.c
@@ -274,7 +274,21 @@ CLEANRET:
sasize = sizeof(sin);
if(command != 3 && param->remsock != INVALID_SOCKET) param->srv->so._getsockname(param->sostate, param->remsock, (struct sockaddr *)&sin, &sasize);
- else param->srv->so._getsockname(param->sostate, param->clisock, (struct sockaddr *)&sin, &sasize);
+ if(!SAISNULL(¶m->srv->extNat)){
+ uint16_t port;
+ port = *SAPORT(&sin);
+ sin = param->srv->extNat;
+ *SAPORT(&sin) = port;
+ }
+ else {
+ param->srv->so._getsockname(param->sostate, param->clisock, (struct sockaddr *)&sin, &sasize);
+ if(!SAISNULL(¶m->srv->intNat)){
+ uint16_t port;
+ port = *SAPORT(&sin);
+ sin = param->srv->intNat;
+ *SAPORT(&sin) = port;
+ }
+ }
#if SOCKSTRACE > 0
myinet_ntop(*SAFAMILY(&sin), &sin, tracebuf, SASIZE(&sin));
fprintf(stderr, "Sending confirmation to client with code %d for %s with %s:%hu\n",
@@ -518,7 +532,9 @@ struct proxydef childdef = {
1080,
0,
S_SOCKS,
- "-N(EXTERNAL_IP) External NAT address to report to client for BIND\n"
+ "-Ne(EXTERNAL_IP) External NAT address (between 3proxy and destination server) to report to client for CONNECT / BIND\n"
+ "-Ni(INTERNAL_IP) Internal NAT address (between client and 3proxy) to report to client for UDPASSOC\n"
+ "NAT is required to map IP-to-IP without port translation\n"
};
#include "proxymain.c"
#endif
diff --git a/src/structures.h b/src/structures.h
index 23c05de..d3da058 100644
--- a/src/structures.h
+++ b/src/structures.h
@@ -515,10 +515,12 @@ struct srvparam {
struct sockaddr_in6 extsa6;
struct sockaddr_in6 extsa;
struct sockaddr_in6 extNat;
+ struct sockaddr_in6 intNat;
#else
struct sockaddr_in intsa;
struct sockaddr_in extsa;
struct sockaddr_in extNat;
+ struct sockaddr_in intNat;
#endif
pthread_mutex_t counter_mutex;
struct pollfd fds;
diff --git a/src/version.h b/src/version.h
index 7ee54f2..4d1334d 100644
--- a/src/version.h
+++ b/src/version.h
@@ -9,4 +9,6 @@
#define MINOR3PROXY 5
#define SUBMINOR3PROXY 0
#define RELEASE3PROXY "3proxy-0.9.5(" BUILDDATE ")\0"
+#ifndef YEAR3PROXY
#define YEAR3PROXY "2026"
+#endif
|