Update documentation for connect back

2025-02-23 02:25:40 +08:00 · 2016-01-15 02:26:56 +03:00 · 2016-01-15 02:26:56 +03:00 · 1ef7308cbf
commit 1ef7308cbf
parent d1f8180eab
4 changed files with 69 additions and 14 deletions
--- a/doc/html/howtoe.html
+++ b/doc/html/howtoe.html
@ -34,7 +34,8 @@
 		<li><A HREF="#TRAFLIM">How to limit traffic amount</A>
 		<li><A HREF="#NETLIST">How to build network lists</A>
 		<li><a href="#NSCACHING">How to configure name resolution and DNS caching</a>
-		<li><a href="#IPv6">How to use IPv6</a>
+		<li><a href="#IPV6">How to use IPv6</a>
+		<li><a href="#CONNBACK">How to use connect back</a>
 	</ul>
 	<li><A HREF="#CLIENT">Client configuration</A>
 	<li><A HREF="#ADMIN">Administering and information analisys</A>
@ -762,7 +763,7 @@ connection to external networks to provider's proxy.
  adds static nsrecords. Also, static nsrecords are used for dnspr, unless -s option is specified.
  Since 0.8 version, parent proxy may be configured for dnspr.
 </p>
-  <li><a name="IPv6"><i>How to use IPv6</i></a>
+  <li><a name="IPV6"><i>How to use IPv6</i></a>
  <p>
  IPv6 is supported since 0.8. Please note, some proxy protolos, e.g. SOCKSv4,
  do not  support IPv6. SOCKSv5 supports IPv6 with special request type (must be
@ -778,6 +779,26 @@ connection to external networks to provider's proxy.
  Any service may be configured with -4, -46, -64, -6 options to specify decied
  priority for name to IPv4/IPv6 address resolution (IPv4 only, IPv4 priority,
  IPv6 priority, IPv6 only).
+  </p>	
+  <li><a name="CONNBACK"><i>How to use connect back</i></a>
+  <p>
+  In example, users needs access from external network to proxy server located
+  on the host 192.168.1.2. This host can not be accessed from external network,
+  but it has access to external network with with external address 1.1.1.1.
+  Also, user has access to the host 2.2.2.2 (IP address may be dynamic) with
+  hostname host.dyndns.example.org via external network. User needs 2 instances
+  of 3proxy, first one on the host 192.168.1.2 with config
+  <pre>
+  users user:CL:password
+  auth strong
+  allow user
+  proxy -rhost.dyndns.example.org:1234</pre>
+  second one on the host.dyndns.example.org (2.2.2.2) with config
+  <pre>
+  auth iponly
+  allow * * 1.1.1.1
+  tcppm -R0.0.0.0:1234 3128 1.1.1.1 3128</pre>
+  For browser settings proxy is host.dyndns.example.org:3128.
  </p>	
 	</ul>

--- a/doc/html/howtor.html
+++ b/doc/html/howtor.html
@ -35,6 +35,7 @@
    <li><a href="#NETLIST">Как строить списки сетей</a>
    <li><a href="#NSCACHING">Как управлять разрешением имен и кэшированием DNS</a>
    <li><a href="#IPV6">Как использовать IPv6</a>
+    <li><a href="#CONNBACK">Как использовать connect back</a>
    <li><a href="#DEMANDDIAL">Как устанавливать соединение по требованию</a>
  </ul>
  <li><a href="#CLIENT">Конфигурация и настройка клиентов</a>
@ -798,6 +799,25 @@
  Кроме того, для каждого сервиса могут быть даны опции -4, -46, -64, -6 которые
  задают приоритет разрешения имен в адреса IPv4 и IPv6 (только IPv4, приоритет IPv4, приоритет IPv6, только IPv6).
  </p>	
+  <li><a name="CONNBACK"><i>Как использовать connect back</i></a>
+  <p>
+  Например, пользователю нужен доступ к прокси-серверу, который расположен
+  на хосте 192.168.1.2 недоступном из внешней сети, но имеющем доступ во внешнюю
+  сеть с внешним адрес 1.1.1.1. Так же у него есть машина с именем host.dyndns.example.org
+  с внешним адресом 2.2.2.2. Пользователь запускает 2 экземпляра 3proxy, один на
+  хосте 192.168.1.2 с конфигурацией
+  <pre>
+  users user:CL:password
+  auth strong
+  allow user
+  proxy -rhost.dyndns.example.org:1234</pre>
+  второй на хосте host.dyndns.example.org (2.2.2.2) с конфигурацией
+  <pre>
+  auth iponly
+  allow * * 1.1.1.1
+  tcppm -R0.0.0.0:1234 3128 1.1.1.1 3128</pre>
+  В настройках браузера указывается host.dyndns.example.org:3128.
+  </p>	
  <li><a name="DEMANDDIAL"><i>Как устанавливать соединение по требованию</i></a>
  <p>
  Команда dialer задает программу, которая будет запускаться при
--- a/man/3proxy.cfg.3
+++ b/man/3proxy.cfg.3
@ -113,19 +113,30 @@ view without ability to reset).
 (for dnspr) - simple, do not use 'resolver' and 3proxy cache, always use external DNS server.
 .br
 (for udppm) - singlepacket, expect only one packet from both client and server
+.br
 .B -a
 (for proxy) - anonymous proxy (no information about client reported)
 .br
 .B -a1
 (for proxy) - anonymous proxy (random client information reported)
+.br
 .B -6
 Only resolve IPv6 addresses
+.br
 .B -4
 Only resolve IPv4 addresses
+.br
 .B -46
 Resolve IPv6 addresses if IPv4 address is not resolvable
+.br
 .B -64
 Resolve IPv4 addresses if IPv6 address is not resolvable
+.br
+.B -RHOST:port
+listen on given local HOST:port for incoming connections instead of making remote outgoing connection. Can be used with another 3proxy service running -r option for connect back functionality. Most commonly used with tcppm. HOST can be given as IP or hostname, useful in case of dynamic DNS.
+.br
+.B -rHOST:port
+connect to given remote HOST:port instead of listening local connection on -p or default port. Can be used with another 3proxy service running -R option for connect back functionality. Most commonly used with proxy or socks. HOST can be given as IP or hostname, useful in case of dynamic DNS.
 .br
 Also, all options mentioned for 
 .BR proxy (8)
@ -157,13 +168,9 @@ proxy on a client with FTP proxy support. Username format is one of
 .br
 proxyuser:proxypassword:FTPuser:FTPpassword@FTPserver
 .br
- Please note, if you use FTP client interface for FTP proxy
-do not add FTPpassword and FTPServer to username, because
-FTP client does it for you. That is, if you use 3proxy with
-authentication use
-proxyuser:proxypassword:FTPuser
-as FTP username, otherwise do not change original FTP user name	
+ Please note, if you use FTP client interface for FTP proxy do not add FTPpassword and FTPServer to username, because FTP client does it for you. That is, if you use 3proxy with authentication use proxyuser:proxypassword:FTPuser as FTP username, otherwise do not change original FTP user name

+.br
 .B include
 <path>
 .br
@ -478,6 +485,7 @@ required in ACL. It's usefull to protect access to some resources with
 password allowing passwordless access to another resources, or to use
 IP-based authentication for dedicated laptops and request username/password for
 shared ones.
+
 .br
 .B authcache
 <cachtype> <cachtime>
@ -496,6 +504,7 @@ assigned to the same user without actual authentication.
 user,password - both username and password are checked against cached ones.
 .br
 Use auth type 'cache' for cached authentication
+
 .br
 .B allow
 <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
@ -573,7 +582,9 @@ Operation is one of:
 Weeksdays are week days numbers or periods (0 or 7 means Sunday, 1 is Monday,
 1-5 means Monday through Friday). Timeperiodlists is a list of time
 periods in HH:MM:SS-HH:MM:SS format. For example, 
- 00:00:00-08:00:00,17:00:00-24:00:00
+.br
+00:00:00-08:00:00,17:00:00-24:00:00
+.br
 lists non-working hours.
 	
 .br
@ -726,6 +737,7 @@ Weight may be used for different purposes.
 .br
 .B nobandlimin
 <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
+.br
 .B bandlimout
 <rate> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
 .br
@ -750,7 +762,7 @@ addresses) to 57600 bps you have to specify 4 rules like
 .br
 bandlimin 57600 * 192.168.10.19
 .br
- and every of you clients will have 56K channel.	if you specify
+ and every of you clients will have 56K channel. If you specify
 .br
 bandlimin 57600 * 192.168.10.16/30
 .br
@ -787,6 +799,8 @@ no traffic information  on this counter is saved in file (that is
 if proxy restarted all information is loosed) overwise it should be
 unique sequential number.
 Type specifies a type of counter. Type is one of:
+.br
+ H - counter is resetted hourly
 .br
 D - counter is resetted daily
 .br
@ -799,7 +813,7 @@ Reporttype is one of D,W,M,H(hourly) and repotname specifies filename
 template for reports. Report is text file with counter values in
 format:
 .br
- <COUNTERNUMBER> <TRAF*4GB> <TRAF>
+ <COUNTERNUMBER> <TRAF>
 .br
 The rest of parameters is identical to bandlim/nobandlim.

@ -823,7 +837,7 @@ example:
 .br
 users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
 .br
-(note: double quotes are requiered because password contains $ sign).	
+Note: double quotes are requiered because password contains $ sign.	

 .br
 .B flush
--- a/src/proxymain.c
+++ b/src/proxymain.c
@ -127,8 +127,8 @@ int MODULEMAINFUNC (int argc, char** argv){
 	" -t be silent (do not log service start/stop)\n"
 	" -iIP ip address or internal interface (clients are expected to connect)\n"
 	" -eIP ip address or external interface (outgoing connection will have this)\n"
-	" -rIP:PORT Use IP:port for connect back proxy instead of listen port\n"
-	" -RPORT Use PORT to listen connect back proxy connection to pass data to\n"
+	" -rHOST:PORT Use IP:port for connect back proxy instead of listen port\n"
+	" -RHOST:PORT Use PORT to listen connect back proxy connection to pass data to\n"
 	" -4 Use IPv4 for outgoing connections\n"
 	" -6 Use IPv6 for outgoing connections\n"
 	" -46 Prefer IPv4 for outgoing connections, use both IPv4 and IPv6\n"