-Ne / -Ni options added to specify external / internal NAT address

2026-04-10 23:20:12 +08:00 · 2026-04-10 15:01:43 +03:00 · 2026-04-10 15:01:43 +03:00 · 0c8be907e9
commit 0c8be907e9
parent 840dd5dbdf
6 changed files with 78 additions and 30 deletions
--- a/doc/html/man8/socks.8.html
+++ b/doc/html/man8/socks.8.html
@ -57,11 +57,11 @@ connections and UDP portmapping.</p>
       cellspacing="0" cellpadding="0">
 <tr valign="top" align="left">
 <td width="6%"></td>
-<td width="3%">
+<td width="4%">


 <p style="margin-top: 1em"><b>-I</b></p></td>
-<td width="6%"></td>
+<td width="5%"></td>
 <td width="85%">


@ -69,11 +69,11 @@ connections and UDP portmapping.</p>
 only.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
-<td width="3%">
+<td width="4%">


 <p style="margin-top: 1em"><b>-d</b></p></td>
-<td width="6%"></td>
+<td width="5%"></td>
 <td width="85%">


@ -81,11 +81,11 @@ only.</p> </td></tr>
 console and run in the background.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
-<td width="3%">
+<td width="4%">


 <p style="margin-top: 1em"><b>-t</b></p></td>
-<td width="6%"></td>
+<td width="5%"></td>
 <td width="85%">


@ -93,11 +93,11 @@ console and run in the background.</p></td></tr>
 start/stop/accept error records.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
-<td width="3%">
+<td width="4%">


 <p style="margin-top: 1em"><b>-u</b></p></td>
-<td width="6%"></td>
+<td width="5%"></td>
 <td width="85%">


@ -105,11 +105,11 @@ start/stop/accept error records.</p></td></tr>
 authentication</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
-<td width="3%">
+<td width="4%">


 <p style="margin-top: 1em"><b>-e</b></p></td>
-<td width="6%"></td>
+<td width="5%"></td>
 <td width="85%">


@ -120,25 +120,43 @@ connections. By default, the system will decide which
 address to use in accordance with the routing table.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
-<td width="3%">
+<td width="4%">


-<p style="margin-top: 1em"><b>-N</b></p></td>
-<td width="6%"></td>
+<p style="margin-top: 1em"><b>-Ne</b></p></td>
+<td width="5%"></td>
 <td width="85%">


 <p style="margin-top: 1em">External NAT address 3proxy
-reports to client for BIND and UDPASSOC. By default, the
-external address is reported. It&rsquo;s only useful in the
-case of IP-IP NAT (will not work for PAT).</p></td></tr>
+reports to client for CONNECT/BIND. This is external address
+of NAT between 3proxy and destination server. By default,
+the external address is reported. It&rsquo;s only useful in
+the case of IP-IP NAT and does not work with port
+translation.</p> </td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
-<td width="3%">
+<td width="4%">
+
+
+<p style="margin-top: 1em"><b>-Ni</b></p></td>
+<td width="5%"></td>
+<td width="85%">
+
+
+<p style="margin-top: 1em">Internal NAT address 3proxy
+reports to client for UDPASSOC. This is external address of
+the NAT between 3proxy and the client, client uses to
+connect to 3proxy. By default, the internal address is
+reported. It&rsquo;s only useful in the case of IP-IP NAT
+and does not work with port translation.</p></td></tr>
+<tr valign="top" align="left">
+<td width="6%"></td>
+<td width="4%">


 <p style="margin-top: 1em"><b>-i</b></p></td>
-<td width="6%"></td>
+<td width="5%"></td>
 <td width="85%">


@ -147,11 +165,11 @@ proxy accepts connections to. By default, connections to any
 interface are accepted. It&acute;s usually unsafe.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
-<td width="3%">
+<td width="4%">


 <p style="margin-top: 1em"><b>-p</b></p></td>
-<td width="6%"></td>
+<td width="5%"></td>
 <td width="85%">


@ -159,11 +177,11 @@ interface are accepted. It&acute;s usually unsafe.</p></td></tr>
 incoming connections. Default is 1080.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
-<td width="3%">
+<td width="4%">


 <p style="margin-top: 1em"><b>-l</b></p></td>
-<td width="6%"></td>
+<td width="5%"></td>
 <td width="85%">


@ -173,11 +191,11 @@ Under Unix, if &acute;<i>@</i>&acute; preceeds
 <i>logfile</i>, syslog is used for logging.</p></td></tr>
 <tr valign="top" align="left">
 <td width="6%"></td>
-<td width="3%">
+<td width="4%">


 <p style="margin-top: 1em"><b>-S</b></p></td>
-<td width="6%"></td>
+<td width="5%"></td>
 <td width="85%">


--- a/man/socks.8
+++ b/man/socks.8
@ -33,10 +33,18 @@ from. External IP must be specified if you need incoming connections.
 By default, the system will decide which address to use in accordance
 with the routing table.
 .TP
-.B -N
-External NAT address 3proxy reports to client for BIND and UDPASSOC.
+.B -Ne
+External NAT address 3proxy reports to client for CONNECT/BIND.
+This is external address of NAT between 3proxy and destination server.
 By default, the external address is reported. It's only useful in the case
-of IP-IP NAT (will not work for PAT).
+of IP-IP NAT and does not work with port translation. 
+.TP
+.B -Ni
+Internal NAT address 3proxy reports to client for UDPASSOC.
+This is external address of the NAT between 3proxy and the client, client
+uses to connect to 3proxy.
+By default, the internal address is reported. It's only useful in the case
+of IP-IP NAT and does not work with port translation. 
 .TP
 .B -i
 Internal address. IP address the proxy accepts connections to.
--- a/src/proxymain.c
+++ b/src/proxymain.c
@ -427,7 +427,9 @@ int MODULEMAINFUNC (int argc, char** argv){
 			}
 			break;
 		 case 'N':
-			getip46(46, (unsigned char *)argv[i]+2, (struct sockaddr *)&srv.extNat);
+			if(argv[i][3] == 'e') getip46(46, (unsigned char *)argv[i]+3, (struct sockaddr *)&srv.extNat);
+			else if(argv[i][3] == 'i') getip46(46, (unsigned char *)argv[i]+3, (struct sockaddr *)&srv.intNat);
+			else getip46(46, (unsigned char *)argv[i]+2, (struct sockaddr *)&srv.extNat);
 			break;
 		 case 'p':
 			*SAPORT(&srv.intsa) = htons(atoi(argv[i]+2));
--- a/src/socks.c
+++ b/src/socks.c
@ -274,7 +274,21 @@ CLEANRET:

 	sasize = sizeof(sin);
 	if(command != 3 && param->remsock != INVALID_SOCKET) param->srv->so._getsockname(param->sostate, param->remsock, (struct sockaddr *)&sin,  &sasize);
-	else param->srv->so._getsockname(param->sostate, param->clisock, (struct sockaddr *)&sin,  &sasize);
+	if(!SAISNULL(&param->srv->extNat)){
+	    uint16_t port;
+	    port = *SAPORT(&sin);
+	    sin = param->srv->extNat;
+	    *SAPORT(&sin) = port;
+	}
+	else {
+	    param->srv->so._getsockname(param->sostate, param->clisock, (struct sockaddr *)&sin,  &sasize);
+	    if(!SAISNULL(&param->srv->intNat)){
+		uint16_t port;
+		port = *SAPORT(&sin);
+		sin = param->srv->intNat;
+		*SAPORT(&sin) = port;
+	    }
+	}    
 #if SOCKSTRACE > 0
 myinet_ntop(*SAFAMILY(&sin), &sin, tracebuf, SASIZE(&sin));
 fprintf(stderr, "Sending confirmation to client with code %d for %s with %s:%hu\n",
@ -518,7 +532,9 @@ struct proxydef childdef = {
 	1080,
 	0,
 	S_SOCKS,
-	"-N(EXTERNAL_IP) External NAT address to report to client for BIND\n"
+	"-Ne(EXTERNAL_IP) External NAT address (between 3proxy and destination server) to report to client for CONNECT / BIND\n"
+	"-Ni(INTERNAL_IP) Internal NAT address (between client and 3proxy) to report to client for UDPASSOC\n"
+	"NAT is required to map IP-to-IP without port translation\n"
 };
 #include "proxymain.c"
 #endif
--- a/src/structures.h
+++ b/src/structures.h
@ -515,10 +515,12 @@ struct srvparam {
 	struct sockaddr_in6 extsa6;
 	struct sockaddr_in6 extsa;
 	struct sockaddr_in6 extNat;
+	struct sockaddr_in6 intNat;
 #else
 	struct sockaddr_in intsa;
 	struct sockaddr_in extsa;
 	struct sockaddr_in extNat;
+	struct sockaddr_in intNat;
 #endif
 	pthread_mutex_t counter_mutex;
 	struct pollfd fds;
--- a/src/version.h
+++ b/src/version.h
@ -9,4 +9,6 @@
 #define MINOR3PROXY 5
 #define SUBMINOR3PROXY 0
 #define RELEASE3PROXY "3proxy-0.9.5(" BUILDDATE ")\0"
+#ifndef YEAR3PROXY
 #define YEAR3PROXY "2026"
+#endif