mirror of
https://github.com/3proxy/3proxy.git
synced 2026-04-28 15:10:12 +08:00
Update mans
Some checks are pending
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
C/C++ CI MacOS / ${{ matrix.target }} (macos-15) (push) Waiting to run
C/C++ CI Windows / ${{ matrix.target }} (windows-2022) (push) Waiting to run
C/C++ CI cmake / ${{ matrix.target }} (macos-15) (push) Waiting to run
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
C/C++ CI cmake / ${{ matrix.target }} (windows-2022) (push) Waiting to run
Some checks are pending
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
C/C++ CI Linux / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
C/C++ CI MacOS / ${{ matrix.target }} (macos-15) (push) Waiting to run
C/C++ CI Windows / ${{ matrix.target }} (windows-2022) (push) Waiting to run
C/C++ CI cmake / ${{ matrix.target }} (macos-15) (push) Waiting to run
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-24.04-arm) (push) Waiting to run
C/C++ CI cmake / ${{ matrix.target }} (ubuntu-latest) (push) Waiting to run
C/C++ CI cmake / ${{ matrix.target }} (windows-2022) (push) Waiting to run
This commit is contained in:
Vladimir Dubrovin
parent
319a74de06
commit
6c3c5f31a2
@ -84,10 +84,10 @@ smtpp</b> [options] <b><br>
|
|||||||
ftppr</b> [options] <b><br>
|
ftppr</b> [options] <b><br>
|
||||||
admin</b> [options] <b><br>
|
admin</b> [options] <b><br>
|
||||||
dnspr</b> [options] <b><br>
|
dnspr</b> [options] <b><br>
|
||||||
tcppm</b> [options] <SRCPORT> <DSTADDR>
|
tcppm</b> [options] <i><SRCPORT> <DSTADDR>
|
||||||
<DSTPORT> <b><br>
|
<DSTPORT></i> <b><br>
|
||||||
udppm</b> [options] <SRCPORT> <DSTADDR>
|
udppm</b> [options] <i><SRCPORT> <DSTADDR>
|
||||||
<DSTPORT> <br>
|
<DSTPORT></i> <br>
|
||||||
Descriptions: <b><br>
|
Descriptions: <b><br>
|
||||||
proxy</b> HTTP/HTTPS proxy (default port 3128) <b><br>
|
proxy</b> HTTP/HTTPS proxy (default port 3128) <b><br>
|
||||||
socks</b> SOCKS 4/4.5/5 proxy (default port 1080) <b><br>
|
socks</b> SOCKS 4/4.5/5 proxy (default port 1080) <b><br>
|
||||||
@ -111,15 +111,14 @@ specified for syntax compatibility. <b><br>
|
|||||||
udppm</b> UDP portmapper</p>
|
udppm</b> UDP portmapper</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em">Options: <b><br>
|
<p style="margin-left:6%; margin-top: 1em">Options: <b><br>
|
||||||
-pNUMBER</b> change default server port to NUMBER <b><br>
|
-p</b><i>NUMBER</i> change default server port to NUMBER
|
||||||
-n</b> disable NTLM authentication (required if passwords
|
<b><br>
|
||||||
are stored in Unix crypt format). <b><br>
|
|
||||||
-n1</b> enable NTLMv1 authentication. <b><br>
|
-g(</b><i>GRACE_TRAFF</i><b>,</b><i>GRACE_NUM</i><b>,</b><i>GRACE_DELAY</i>)
|
||||||
-g(GRACE_TRAFF,GRACE_NUM,GRACE_DELAY)</b> delay GRACE_DELAY
|
delay GRACE_DELAY milliseconds before polling if average
|
||||||
milliseconds before polling if average polling size is below
|
polling size is below GRACE_TRAFF bytes and GRACE_NUM read
|
||||||
GRACE_TRAFF bytes and GRACE_NUM read operations in a single
|
operations in a single direction are detected within 1
|
||||||
direction are detected within 1 second. Useful to minimize
|
second. Useful to minimize polling <b>-s</b> <br>
|
||||||
polling <b>-s</b> <br>
|
|
||||||
(for admin) secure, allow only secure operations, currently
|
(for admin) secure, allow only secure operations, currently
|
||||||
only traffic counters view without ability to reset. <br>
|
only traffic counters view without ability to reset. <br>
|
||||||
(for dnspr) simple, do not use resolver and 3proxy cache,
|
(for dnspr) simple, do not use resolver and 3proxy cache,
|
||||||
@ -142,35 +141,37 @@ packed in IPv6 in IPV6_V6ONLY compatible way. <b><br>
|
|||||||
resolvable <b><br>
|
resolvable <b><br>
|
||||||
-64</b> Resolve IPv4 addresses if IPv6 address is not
|
-64</b> Resolve IPv4 addresses if IPv6 address is not
|
||||||
resolvable <b><br>
|
resolvable <b><br>
|
||||||
-RHOST:port</b> listen on given local HOST:port for incoming
|
-R</b><i>HOST</i><b>:</b><i>port</i> listen on given local
|
||||||
connections instead of making remote outgoing connection.
|
HOST:port for incoming connections instead of making remote
|
||||||
Can be used with another 3proxy service running -r option
|
outgoing connection. Can be used with another 3proxy service
|
||||||
for connect back functionality. Most commonly used with
|
running -r option for connect back functionality. Most
|
||||||
tcppm. HOST can be given as IP or hostname, useful in case
|
commonly used with tcppm. HOST can be given as IP or
|
||||||
of dynamic DNS. <b><br>
|
hostname, useful in case of dynamic DNS. <b><br>
|
||||||
-rHOST:port</b> connect to given remote HOST:port instead of
|
-r</b><i>HOST</i><b>:</b><i>port</i> connect to given remote
|
||||||
listening local connection on -p or default port. Can be
|
HOST:port instead of listening local connection on -p or
|
||||||
used with another 3proxy service running -R option for
|
default port. Can be used with another 3proxy service
|
||||||
connect back functionality. Most commonly used with proxy or
|
running -R option for connect back functionality. Most
|
||||||
socks. HOST can be given as IP or hostname, useful in case
|
commonly used with proxy or socks. HOST can be given as IP
|
||||||
of dynamic DNS. <b><br>
|
or hostname, useful in case of dynamic DNS. <b><br>
|
||||||
-ocOPTIONS, -osOPTIONS, -olOPTIONS, -orOPTIONS,
|
-oc</b><i>OPTIONS</i><b>, -os</b><i>OPTIONS</i><b>,
|
||||||
-oROPTIONS</b> options for proxy-to-client (oc),
|
-ol</b><i>OPTIONS</i><b>, -or</b><i>OPTIONS</i><b>,
|
||||||
proxy-to-server (os), proxy listening (ol), connect back
|
-oR</b><i>OPTIONS</i> options for proxy-to-client
|
||||||
client (or), connect back listening (oR) sockets. Options
|
(<b>-oc</b>), proxy-to-server (<b>-os</b>), proxy listening
|
||||||
like TCP_CORK, TCP_NODELAY, TCP_DEFER_ACCEPT, TCP_QUICKACK,
|
(<b>-ol</b>), connect back client (<b>-or</b>), connect back
|
||||||
TCP_TIMESTAMPS, USE_TCP_FASTOPEN, SO_REUSEADDR,
|
listening (<b>-oR</b>) sockets. Options like TCP_CORK,
|
||||||
SO_REUSEPORT, SO_PORT_SCALABILITY, SO_REUSE_UNICASTPORT,
|
TCP_NODELAY, TCP_DEFER_ACCEPT, TCP_QUICKACK, TCP_TIMESTAMPS,
|
||||||
SO_KEEPALIVE, SO_DONTROUTE may be supported depending on OS.
|
USE_TCP_FASTOPEN, SO_REUSEADDR, SO_REUSEPORT,
|
||||||
<b><br>
|
SO_PORT_SCALABILITY, SO_REUSE_UNICASTPORT, SO_KEEPALIVE,
|
||||||
-DiINTERFACE, -DeINTERFACE</b> bind internal interface /
|
SO_DONTROUTE may be supported depending on OS. <b><br>
|
||||||
external interface to given INTERFACE (e.g. eth0) if
|
-Di</b><i>INTERFACE</i><b>, -De</b><i>INTERFACE</i> bind
|
||||||
SO_BINDTODEVICE is supported by the system. You may need to
|
internal (<b>-Di</b>) / external (<b>-De</b>) interface to
|
||||||
run as root or have CAP_NET_RAW capability in order to bind
|
given INTERFACE (e.g. eth0) if <b>SO_BINDTODEVICE</b> is
|
||||||
to an interface, depending on the system, so this option may
|
supported by the system. You may need to run as root or have
|
||||||
|
<b>CAP_NET_RAW</b> capability in order to bind to an
|
||||||
|
interface, depending on the system, so this option may
|
||||||
require root privileges and can be incompatible with some
|
require root privileges and can be incompatible with some
|
||||||
configuration commands like chroot and setuid (and daemon if
|
configuration commands like <b>chroot</b> and <b>setuid</b>
|
||||||
setcap is used). <b><br>
|
(and <b>daemon</b> if setcap is used). <b><br>
|
||||||
-e</b> External address. IP address of the interface the
|
-e</b> External address. IP address of the interface the
|
||||||
proxy should initiate connections from. External IP must be
|
proxy should initiate connections from. External IP must be
|
||||||
specified if you need incoming connections. By default the
|
specified if you need incoming connections. By default the
|
||||||
@ -207,10 +208,10 @@ proxy access must be authenticated, you can specify username
|
|||||||
as proxy_username:proxy_password:POP3_username@pop3server
|
as proxy_username:proxy_password:POP3_username@pop3server
|
||||||
<br>
|
<br>
|
||||||
DNS proxy resolves any types of records but only hostnames
|
DNS proxy resolves any types of records but only hostnames
|
||||||
are cached. It requires nserver/nscache to be configured. If
|
are cached. It requires <b>nserver</b>/<b>nscache</b> to be
|
||||||
nserver is configured as TCP, redirections are applied on
|
configured. If <b>nserver</b> is configured as TCP,
|
||||||
connection, so parent proxy may be used to resolve names to
|
redirections are applied on connection, so parent proxy may
|
||||||
IP. <br>
|
be used to resolve names to IP. <br>
|
||||||
FTP proxy can be used as FTP server in any FTP client or
|
FTP proxy can be used as FTP server in any FTP client or
|
||||||
configured as FTP proxy on a client with FTP proxy support.
|
configured as FTP proxy on a client with FTP proxy support.
|
||||||
Username format is one of <br>
|
Username format is one of <br>
|
||||||
@ -224,11 +225,11 @@ authentication use proxyuser:proxypassword:FTPuser as FTP
|
|||||||
username, otherwise do not change original FTP user name</p>
|
username, otherwise do not change original FTP user name</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>include</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>include</b>
|
||||||
<path> <br>
|
<i><path></i> <br>
|
||||||
Include config file</p>
|
Include config file</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>config</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>config</b>
|
||||||
<path> <br>
|
<i><path></i> <br>
|
||||||
Path to configuration file to use on 3proxy restart or to
|
Path to configuration file to use on 3proxy restart or to
|
||||||
save configuration.</p>
|
save configuration.</p>
|
||||||
|
|
||||||
@ -244,20 +245,20 @@ using it.</p>
|
|||||||
End of configuration</p>
|
End of configuration</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>log</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>log</b>
|
||||||
[[@|&]logfile] [<LOGTYPE>] <br>
|
[[@|&]<i>logfile</i>] [<i><LOGTYPE></i>] <br>
|
||||||
sets logfile for all gateways <br>
|
sets logfile for all gateways <br>
|
||||||
@ (for Unix) use syslog, filename is used as ident name <br>
|
@ (for Unix) use syslog, filename is used as ident name <br>
|
||||||
& use ODBC, filename consists of comma-delimited
|
& use ODBC, filename consists of comma-delimited
|
||||||
datasource,username,password (username and password are
|
datasource,username,password (username and password are
|
||||||
optional) <br>
|
optional) <br>
|
||||||
radius - use RADIUS for logging <br>
|
radius - use RADIUS for logging <br>
|
||||||
LOGTYPE is one of: <br>
|
LOGTYPE is one of: <b><br>
|
||||||
c Minutely <br>
|
c</b> Minutely <b><br>
|
||||||
H Hourly <br>
|
H</b> Hourly <b><br>
|
||||||
D Daily <br>
|
D</b> Daily <b><br>
|
||||||
W Weekly (starting from Sunday) <br>
|
W</b> Weekly (starting from Sunday) <b><br>
|
||||||
M Monthly <br>
|
M</b> Monthly <b><br>
|
||||||
Y Annually <br>
|
Y</b> Annually <br>
|
||||||
if logfile is not specified logging goes to stdout. You can
|
if logfile is not specified logging goes to stdout. You can
|
||||||
specify individual logging options for gateway by using -l
|
specify individual logging options for gateway by using -l
|
||||||
option in gateway configuration. <br>
|
option in gateway configuration. <br>
|
||||||
@ -270,12 +271,12 @@ Grinwitch time zone for all time-based format
|
|||||||
specificators.</p>
|
specificators.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>rotate</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>rotate</b>
|
||||||
<n> <br>
|
<i><n></i> <br>
|
||||||
how many archived log files to keep</p>
|
how many archived log files to keep</p>
|
||||||
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>logformat</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>logformat</b>
|
||||||
<format> <br>
|
<i><format></i> <br>
|
||||||
Format for log record. First symbol in format must be L
|
Format for log record. First symbol in format must be L
|
||||||
(local time) or G (absolute Grinwitch time). It can be
|
(local time) or G (absolute Grinwitch time). It can be
|
||||||
preceeded with -XXX+Y where XXX is list of characters to be
|
preceeded with -XXX+Y where XXX is list of characters to be
|
||||||
@ -332,7 +333,8 @@ l_service, l_in, l_out, l_descr) values (´%d-%m-%Y
|
|||||||
´%T´)"</p>
|
´%T´)"</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>logdump</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>logdump</b>
|
||||||
<in_traffic_limit> <out_traffic_limit> <br>
|
<i><in_traffic_limit> <out_traffic_limit></i>
|
||||||
|
<br>
|
||||||
Immediately creates additional log records if given amount
|
Immediately creates additional log records if given amount
|
||||||
of incoming/outgoing traffic is achieved for connection,
|
of incoming/outgoing traffic is achieved for connection,
|
||||||
without waiting for connection to finish. It may be useful
|
without waiting for connection to finish. It may be useful
|
||||||
@ -341,7 +343,7 @@ server shutdown.</p>
|
|||||||
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>delimchar</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>delimchar</b>
|
||||||
<char> <br>
|
<i><char></i> <br>
|
||||||
Sets the delimiter character used to separate username from
|
Sets the delimiter character used to separate username from
|
||||||
hostname in proxy authentication strings (e.g. for FTP, POP3
|
hostname in proxy authentication strings (e.g. for FTP, POP3
|
||||||
proxies). Default is ´@´. For example, to use
|
proxies). Default is ´@´. For example, to use
|
||||||
@ -349,48 +351,50 @@ proxies). Default is ´@´. For example, to use
|
|||||||
to contain the ´@´ character.</p>
|
to contain the ´@´ character.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>archiver</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>archiver</b>
|
||||||
<ext> <commandline> <br>
|
<i><ext> <commandline></i> <br>
|
||||||
Archiver to use for log files. <ext> is file extension
|
Archiver to use for log files. <ext> is file extension
|
||||||
produced by archiver. Filename will be last argument to
|
produced by archiver. Filename will be last argument to
|
||||||
archiver, optionally you can use %A as produced archive name
|
archiver, optionally you can use %A as produced archive name
|
||||||
and %F as filename.</p>
|
and %F as filename.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>timeouts</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>timeouts</b>
|
||||||
<BYTE_SHORT> <BYTE_LONG> <STRING_SHORT>
|
<i><BYTE_SHORT> <BYTE_LONG> <STRING_SHORT>
|
||||||
<STRING_LONG> <CONNECTION_SHORT>
|
<STRING_LONG> <CONNECTION_SHORT>
|
||||||
<CONNECTION_LONG> <DNS> <CHAIN>
|
<CONNECTION_LONG> <DNS> <CHAIN>
|
||||||
<CONNECT> <CONNECTBACK> <br>
|
<CONNECT> <CONNECTBACK></i> <br>
|
||||||
Sets timeout values, defaults 1, 5, 30, 60, 180, 1800, 15,
|
Sets timeout values, defaults 1, 5, 30, 60, 180, 1800, 15,
|
||||||
60, 15, 5. <br>
|
60, 15, 5. <b><br>
|
||||||
BYTE_SHORT short timeout for single byte, is usually used
|
BYTE_SHORT</b> short timeout for single byte, is usually
|
||||||
for receiving single byte from stream. <br>
|
used for receiving single byte from stream. <b><br>
|
||||||
BYTE_LONG long timeout for single byte, is usually used for
|
BYTE_LONG</b> long timeout for single byte, is usually used
|
||||||
receiving first byte in frame (for example first byte in
|
for receiving first byte in frame (for example first byte in
|
||||||
socks request). <br>
|
socks request). <b><br>
|
||||||
STRING_SHORT short timeout, for character string within
|
STRING_SHORT</b> short timeout, for character string within
|
||||||
stream (for example to wait between 2 HTTP headers) <br>
|
stream (for example to wait between 2 HTTP headers) <b><br>
|
||||||
STRING_LONG long timeout, for first string in stream (for
|
STRING_LONG</b> long timeout, for first string in stream
|
||||||
example to wait for HTTP request). <br>
|
(for example to wait for HTTP request). <b><br>
|
||||||
CONNECTION_SHORT inactivity timeout for short connections
|
CONNECTION_SHORT</b> inactivity timeout for short
|
||||||
(HTTP, POP3, etc). <br>
|
connections (HTTP, POP3, etc). <b><br>
|
||||||
CONNECTION_LONG inactivity timeout for long connection
|
CONNECTION_LONG</b> inactivity timeout for long connection
|
||||||
(SOCKS, portmappers, etc). <br>
|
(SOCKS, portmappers, etc). <b><br>
|
||||||
DNS timeout for DNS request before requesting next server
|
DNS</b> timeout for DNS request before requesting next
|
||||||
|
server <b><br>
|
||||||
|
CHAIN</b> timeout for reading data from chained connection
|
||||||
<br>
|
<br>
|
||||||
CHAIN timeout for reading data from chained connection <br>
|
|
||||||
default timeouts 1 5 30 60 180 1800 15 60 15 5</p>
|
default timeouts 1 5 30 60 180 1800 15 60 15 5</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>maxseg</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>maxseg</b>
|
||||||
<value> <br>
|
<i><value></i> <br>
|
||||||
Sets TCP maximum segment size (MSS) for outgoing
|
Sets TCP maximum segment size (MSS) for outgoing
|
||||||
connections. This can be used to work around path MTU
|
connections. This can be used to work around path MTU
|
||||||
discovery issues or to optimize traffic for specific network
|
discovery issues or to optimize traffic for specific network
|
||||||
conditions.</p>
|
conditions.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>radius</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>radius</b>
|
||||||
<NAS_SECRET>
|
<i><NAS_SECRET>
|
||||||
<radius_server_1[:port][/local_address_1]>
|
<radius_server_1</i>[:<i>port</i>][/<i>local_address_1</i>]
|
||||||
<radius_server_2[:port][/local_address_2]> <br>
|
<i><radius_server_2</i>[:<i>port</i>][/<i>local_address_2</i>]
|
||||||
|
<br>
|
||||||
Configures RADIUS servers to be used for logging and
|
Configures RADIUS servers to be used for logging and
|
||||||
authentication (log and auth types must be set to radius).
|
authentication (log and auth types must be set to radius).
|
||||||
port and local address to use with given server may be
|
port and local address to use with given server may be
|
||||||
@ -409,12 +413,12 @@ CONNECT), Login-TCP-Port: (requested port), Login-IPv6-Host
|
|||||||
/ Login-IP-Host: (requested IP). <br>
|
/ Login-IP-Host: (requested IP). <br>
|
||||||
Supported reply attributes for authentication:
|
Supported reply attributes for authentication:
|
||||||
Framed-IP-Address / Framed-IPv6-Address (IP to assign to
|
Framed-IP-Address / Framed-IPv6-Address (IP to assign to
|
||||||
user), Reply-Message. Use authcache to speedup
|
user), Reply-Message. Use <b>authcache</b> to speedup
|
||||||
authentication. RADIUS feature is currently
|
authentication. RADIUS feature is currently
|
||||||
experimental.</p>
|
experimental.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>nserver</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>nserver</b>
|
||||||
<ipaddr>[:port][/tcp] <br>
|
<i><ipaddr></i>[:<i>port</i>][/<i>tcp</i>] <br>
|
||||||
Nameserver to use for name resolutions. If none specified
|
Nameserver to use for name resolutions. If none specified
|
||||||
system routines for name resolution is used. Optional port
|
system routines for name resolution is used. Optional port
|
||||||
number may be specified. If optional /tcp is added to IP
|
number may be specified. If optional /tcp is added to IP
|
||||||
@ -422,33 +426,36 @@ address, name resolution is performed over TCP.</p>
|
|||||||
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>authnserver</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>authnserver</b>
|
||||||
<ipaddr>[:port][/tcp] <br>
|
<i><ipaddr></i>[:<i>port</i>][/<i>tcp</i>] <br>
|
||||||
Nameserver to use for DNS-based authentication (e.g. dnsname
|
Nameserver to use for DNS-based authentication (e.g. dnsname
|
||||||
auth type). If not specified, nserver is used. The syntax is
|
auth type). If not specified, nserver is used. The syntax is
|
||||||
the same as for nserver.</p>
|
the same as for nserver.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>nscache</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>nscache</b>
|
||||||
<cachesize> <b>nscache6</b> <cachesize> <br>
|
<i><cachesize></i> <b>nscache6</b>
|
||||||
Cache <cachesize> records for name resolution (nscache
|
<i><cachesize></i> <br>
|
||||||
for IPv4, nscache6 for IPv6). The cache size should usually
|
Cache <i><cachesize></i> records for name resolution
|
||||||
be large enough (for example, 65536).</p>
|
(<b>nscache</b> for IPv4, <b>nscache6</b> for IPv6). The
|
||||||
|
cache size should usually be large enough (for example,
|
||||||
|
65536).</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>nsrecord</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>nsrecord</b>
|
||||||
<hostname> <hostaddr> <br>
|
<i><hostname> <hostaddr></i> <br>
|
||||||
Adds static record to nscache. nscache must be enabled. If
|
Adds static record to nscache. <b>nscache</b> must be
|
||||||
0.0.0.0 is used as a hostaddr host will never resolve, it
|
enabled. If 0.0.0.0 is used as a hostaddr host will never
|
||||||
can be used to blacklist something or together with
|
resolve, it can be used to blacklist something or together
|
||||||
<b>dialer</b> command to set up UDL for dialing.</p>
|
with <b>dialer</b> command to set up UDL for dialing.</p>
|
||||||
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>fakeresolve</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>fakeresolve</b>
|
||||||
<br>
|
<br>
|
||||||
All names are resolved to the 127.0.0.2 address. Useful if
|
All names are resolved to the 127.0.0.2 address. Useful if
|
||||||
all requests are redirected to a parent proxy with http,
|
all requests are redirected to a parent proxy with
|
||||||
socks4+, connect+ or socks5+.</p>
|
<b>http</b>, <b>socks4+</b>, <b>connect+</b> or
|
||||||
|
<b>socks5+</b>.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>dialer</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>dialer</b>
|
||||||
<progname> <br>
|
<i><progname></i> <br>
|
||||||
Execute progname if external name can´t be resolved.
|
Execute progname if external name can´t be resolved.
|
||||||
Hint: if you use nscache, dialer may not work, because names
|
Hint: if you use nscache, dialer may not work, because names
|
||||||
will be resolved through cache. In this case you can use
|
will be resolved through cache. In this case you can use
|
||||||
@ -456,7 +463,7 @@ something like http://dial.right.now/ from browser to set up
|
|||||||
connection.</p>
|
connection.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>internal</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>internal</b>
|
||||||
<ipaddr> <br>
|
<i><ipaddr></i> <br>
|
||||||
sets ip address of internal interface. This IP address will
|
sets ip address of internal interface. This IP address will
|
||||||
be used to bind gateways. Alternatively you can use -i
|
be used to bind gateways. Alternatively you can use -i
|
||||||
option for individual gateways. Since 0.8 version, IPv6
|
option for individual gateways. Since 0.8 version, IPv6
|
||||||
@ -470,27 +477,29 @@ using Unix sockets, the socket file is automatically created
|
|||||||
and removed on service start/stop.</p>
|
and removed on service start/stop.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>external</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>external</b>
|
||||||
<ipaddr> <br>
|
<i><ipaddr></i> <br>
|
||||||
sets ip address of external interface. This IP address will
|
sets ip address of external interface. This IP address will
|
||||||
be source address for all connections made by proxy.
|
be source address for all connections made by proxy.
|
||||||
Alternatively you can use -e option to specify individual
|
Alternatively you can use -e option to specify individual
|
||||||
address for gateway. Since 0.8 version External or -e can be
|
address for gateway. Since 0.8 version External or <b>-e</b>
|
||||||
given twice: once with IPv4 and once with IPv6 address.</p>
|
can be given twice: once with IPv4 and once with IPv6
|
||||||
|
address.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>maxconn</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>maxconn</b>
|
||||||
<number> <br>
|
<i><number></i> <br>
|
||||||
sets the maximum number of simultaneous connections to each
|
sets the maximum number of simultaneous connections to each
|
||||||
service started after this command at the network level.
|
service started after this command at the network level.
|
||||||
Default is 100. <br>
|
Default is 100. <br>
|
||||||
To limit clients, use connlim instead. maxconn will silently
|
To limit clients, use <b>connlim</b> instead. <b>maxconn</b>
|
||||||
ignore new connections, while connlim will report back to
|
will silently ignore new connections, while <b>connlim</b>
|
||||||
the client that the connection limit has been reached.</p>
|
will report back to the client that the connection limit has
|
||||||
|
been reached.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>backlog</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>backlog</b>
|
||||||
<br>
|
<br>
|
||||||
sets the listening socket backlog of new connections.
|
sets the listening socket backlog of new connections.
|
||||||
Default is 1 + maxconn/8. Maximum value is capped by kernel
|
Default is 1 + <b>maxconn</b>/8. Maximum value is capped by
|
||||||
tunable somaxconn.</p>
|
kernel tunable somaxconn.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>service</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>service</b>
|
||||||
<br>
|
<br>
|
||||||
@ -504,35 +513,35 @@ reinstall the service.</p>
|
|||||||
<br>
|
<br>
|
||||||
Should be specified to close the console. Do not use
|
Should be specified to close the console. Do not use
|
||||||
´daemon´ with ´service´. At least
|
´daemon´ with ´service´. At least
|
||||||
under FreeBSD, ´daemon´ should precede any proxy
|
under FreeBSD, <b>daemon</b> should precede any proxy
|
||||||
service and log commands to avoid socket problems. Always
|
service and log commands to avoid socket problems. Always
|
||||||
place it in the beginning of the configuration file.</p>
|
place it in the beginning of the configuration file.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>auth</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>auth</b>
|
||||||
<authtype> [...] <br>
|
<i><authtype></i> [...] <br>
|
||||||
Type of user authorization. Currently supported: <br>
|
Type of user authorization. Currently supported: <b><br>
|
||||||
none - no authentication or authorization required. <br>
|
none</b> - no authentication or authorization required. <br>
|
||||||
Note: if auth is none, any IP-based limitation, redirection,
|
Note: if auth is none, any IP-based limitation, redirection,
|
||||||
etc. will not work. This is the default authentication type
|
etc. will not work. This is the default authentication type
|
||||||
<br>
|
<b><br>
|
||||||
iponly - authentication by access control list with username
|
iponly</b> - authentication by access control list with
|
||||||
ignored. <br>
|
username ignored. <br>
|
||||||
Appropriate for most cases <br>
|
Appropriate for most cases <b><br>
|
||||||
useronly - authentication by username without checking for
|
useronly</b> - authentication by username without checking
|
||||||
any password with authorization by ACLs. Useful for e.g.
|
for any password with authorization by ACLs. Useful for e.g.
|
||||||
SOCKSv4 proxy and icqpr (icqpr set UIN / AOL screen name as
|
SOCKSv4 proxy and icqpr (icqpr set UIN / AOL screen name as
|
||||||
a username) <br>
|
a username) <b><br>
|
||||||
dnsname - authentication by DNS hostname with authorization
|
dnsname</b> - authentication by DNS hostname with
|
||||||
by ACLs. The DNS hostname is resolved via a PTR (reverse)
|
authorization by ACLs. The DNS hostname is resolved via a
|
||||||
record and validated (the resolved name must resolve to the
|
PTR (reverse) record and validated (the resolved name must
|
||||||
same IP address). It´s recommended to use authcache by
|
resolve to the same IP address). It´s recommended to
|
||||||
IP for this authentication. NB: there is no password check;
|
use authcache by IP for this authentication. NB: there is no
|
||||||
the name may be spoofed. <br>
|
password check; the name may be spoofed. <b><br>
|
||||||
strong - username/password authentication required. It will
|
strong</b> - username/password authentication required. It
|
||||||
work with SOCKSv5, FTP, POP3 and HTTP proxy. <br>
|
will work with SOCKSv5, FTP, POP3 and HTTP proxy. <b><br>
|
||||||
cache - cached authentication, may be used with
|
cache</b> - cached authentication, may be used with
|
||||||
´authcache´. <br>
|
´authcache´. <b><br>
|
||||||
radius - authentication with RADIUS. <br>
|
radius</b> - authentication with RADIUS. <br>
|
||||||
Plugins may add additional authentication types.</p>
|
Plugins may add additional authentication types.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em">It´s
|
<p style="margin-left:6%; margin-top: 1em">It´s
|
||||||
@ -550,38 +559,39 @@ shared ones.</p>
|
|||||||
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>authcache</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>authcache</b>
|
||||||
<cachtype> <cachtime> <br>
|
<i><cachtype> <cachtime> <cachesize></i>
|
||||||
|
<br>
|
||||||
Cache authentication information for a given amount of time
|
Cache authentication information for a given amount of time
|
||||||
(cachetime) in seconds. Cachetype is one of: <br>
|
(cachetime) in seconds. cachesize limits number of cache
|
||||||
ip - after successful authentication all connections during
|
entries. Cachetype is one of: <b><br>
|
||||||
caching time from same IP are assigned to the same user,
|
ip</b> - after successful authentication all connections
|
||||||
username is not requested. <br>
|
during caching time from same IP are assigned to the same
|
||||||
ip,user username is requested and all connections from the
|
user, username is not requested. <b><br>
|
||||||
same IP are assigned to the same user without actual
|
ip,user</b> username is requested and all connections from
|
||||||
authentication. <br>
|
the same IP are assigned to the same user without actual
|
||||||
user - same as above, but IP is not checked. <br>
|
authentication. <b><br>
|
||||||
user,password - both username and password are checked
|
user</b> - same as above, but IP is not checked. <b><br>
|
||||||
against cached ones. <br>
|
user,password</b> - both username and password are checked
|
||||||
limit - limit user to use only one ip, ´ip´ and
|
against cached ones. <b><br>
|
||||||
´user´ are required <br>
|
limit</b> - limit user to use only one ip, ´ip´
|
||||||
acl - only use cached auth if user access service with same
|
and ´user´ are required <b><br>
|
||||||
ACL <br>
|
ack</b> - only use cached auth if user access service with
|
||||||
ext - cache external IP <br>
|
same ACL <b><br>
|
||||||
Use auth type ´cache´ for cached
|
ext</b> - cache external IP <br>
|
||||||
authentication</p>
|
Use auth type <b>cache</b> for cached authentication</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>allow</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>allow</b>
|
||||||
<userlist> <sourcelist> <targetlist>
|
<i><userlist> <sourcelist> <targetlist>
|
||||||
<targetportlist> <operationlist>
|
<targetportlist> <operationlist>
|
||||||
<weekdayslist> <timeperiodslist> <b><br>
|
<weekdayslist> <timeperiodslist></i> <b><br>
|
||||||
deny</b> <userlist> <sourcelist>
|
deny</b> <i><userlist> <sourcelist>
|
||||||
<targetlist> <targetportlist>
|
<targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist> <b><br>
|
<timeperiodslist></i> <b><br>
|
||||||
redirect</b> <ip> <port> <userlist>
|
redirect</b> <i><ip> <port> <userlist>
|
||||||
<sourcelist> <targetlist> <targetportlist>
|
<sourcelist> <targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist> <br>
|
<timeperiodslist></i> <br>
|
||||||
Access control entries. All lists are comma-separated, no
|
Access control entries. All lists are comma-separated, no
|
||||||
spaces are allowed. Usernames are case sensitive (if used
|
spaces are allowed. Usernames are case sensitive (if used
|
||||||
with authtype nbname username must be in uppercase). Source
|
with authtype nbname username must be in uppercase). Source
|
||||||
@ -607,27 +617,28 @@ should either bind proxy to appropriate interface only or to
|
|||||||
use ip filters.</p>
|
use ip filters.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em">Operation is one
|
<p style="margin-left:6%; margin-top: 1em">Operation is one
|
||||||
of: <br>
|
of: <b><br>
|
||||||
CONNECT establish outgoing TCP connection <br>
|
CONNECT</b> establish outgoing TCP connection <b><br>
|
||||||
BIND bind TCP port for listening <br>
|
BIND</b> bind TCP port for listening <b><br>
|
||||||
UDPASSOC make UDP association <br>
|
UDPASSOC</b> make UDP association <b><br>
|
||||||
ICMPASSOC make ICMP association (for future use) <br>
|
ICMPASSOC</b> make ICMP association (for future use) <b><br>
|
||||||
HTTP_GET HTTP GET request <br>
|
HTTP_GET</b> HTTP GET request <b><br>
|
||||||
HTTP_PUT HTTP PUT request <br>
|
HTTP_PUT</b> HTTP PUT request <b><br>
|
||||||
HTTP_POST HTTP POST request <br>
|
HTTP_POST</b> HTTP POST request <b><br>
|
||||||
HTTP_HEAD HTTP HEAD request <br>
|
HTTP_HEAD</b> HTTP HEAD request <b><br>
|
||||||
HTTP_CONNECT HTTP CONNECT request <br>
|
HTTP_CONNECT</b> HTTP CONNECT request <b><br>
|
||||||
HTTP_OTHER over HTTP request <br>
|
HTTP_OTHER</b> over HTTP request <b><br>
|
||||||
HTTP matches any HTTP request except HTTP_CONNECT <br>
|
HTTP</b> matches any HTTP request except HTTP_CONNECT
|
||||||
HTTPS same as HTTP_CONNECT <br>
|
<b><br>
|
||||||
FTP_GET FTP get request <br>
|
HTTPS</b> same as HTTP_CONNECT <b><br>
|
||||||
FTP_PUT FTP put request <br>
|
FTP_GET</b> FTP get request <b><br>
|
||||||
FTP_LIST FTP list request <br>
|
FTP_PUT</b> FTP put request <b><br>
|
||||||
FTP_DATA FTP data connection. Note: FTP_DATA requires access
|
FTP_LIST</b> FTP list request <b><br>
|
||||||
to dynamic non-privileged (1024-65535) ports on the remote
|
FTP_DATA</b> FTP data connection. Note: FTP_DATA requires
|
||||||
side. <br>
|
access to dynamic non-privileged (1024-65535) ports on the
|
||||||
FTP matches any FTP/FTP Data request <br>
|
remote side. <b><br>
|
||||||
ADMIN access to administration interface</p>
|
FTP</b> matches any FTP/FTP Data request <b><br>
|
||||||
|
ADMIN</b> access to administration interface</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em">Weekdays are
|
<p style="margin-left:6%; margin-top: 1em">Weekdays are
|
||||||
week day numbers or periods, 0 or 7 means Sunday, 1 is
|
week day numbers or periods, 0 or 7 means Sunday, 1 is
|
||||||
@ -638,8 +649,8 @@ HH:MM:SS-HH:MM:SS format. For example,
|
|||||||
hours.</p>
|
hours.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>parent</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>parent</b>
|
||||||
<weight> <type> <ip> <port>
|
<i><weight> <type> <ip> <port>
|
||||||
<username> <password> <br>
|
<username> <password></i> <br>
|
||||||
this command must follow "allow" rule. It extends
|
this command must follow "allow" rule. It extends
|
||||||
last allow rule to build proxy chain. Proxies may be
|
last allow rule to build proxy chain. Proxies may be
|
||||||
grouped. Proxy inside the group is selected randomly. If few
|
grouped. Proxy inside the group is selected randomly. If few
|
||||||
@ -668,45 +679,51 @@ pipelined (keep-alive) requests in the same connection use
|
|||||||
the same chain.</p>
|
the same chain.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em">type is one of:
|
<p style="margin-left:6%; margin-top: 1em">type is one of:
|
||||||
<br>
|
<b><br>
|
||||||
extip does not actually redirect the request; it sets the
|
extip</b> does not actually redirect the request; it sets
|
||||||
external address for this request to <ip>. It can be
|
the external address for this request to <i><ip></i>.
|
||||||
chained with another parent type. It’s useful to set
|
It can be chained with another parent type. It’s
|
||||||
the external IP based on ACL or make it random. <br>
|
useful to set the external IP based on ACL or make it
|
||||||
tcp simply redirect connection. TCP is always last in chain.
|
random. <b><br>
|
||||||
This type of proxy is a simple TCP redirection, it does not
|
tcp</b> simply redirect connection. TCP is always last in
|
||||||
support parent authentication. <br>
|
chain. This type of proxy is a simple TCP redirection, it
|
||||||
http redirect to HTTP proxy. HTTP is always the last chain.
|
does not support parent authentication. <b><br>
|
||||||
It should only be used with http (proxy) service, if used
|
http</b> redirect to HTTP proxy. HTTP is always the last
|
||||||
with different service, it works as tcp redirection. <br>
|
chain. It should only be used with http (proxy) service, if
|
||||||
pop3 redirect to POP3 proxy (only local redirection is
|
used with different service, it works as tcp redirection.
|
||||||
supported, can only be used as a first hop in chaining) <br>
|
<b><br>
|
||||||
ftp redirect to FTP proxy (only local redirection is
|
pop3</b> redirect to POP3 proxy (only local redirection is
|
||||||
supported, can only be used as a first hop in chaining) <br>
|
supported, can only be used as a first hop in chaining)
|
||||||
connect parent is HTTP CONNECT method proxy <br>
|
<b><br>
|
||||||
connect+ parent is HTTP CONNECT proxy with name resolution
|
ftp</b> redirect to FTP proxy (only local redirection is
|
||||||
(hostname is used instead of IP if available) <br>
|
supported, can only be used as a first hop in chaining)
|
||||||
socks4 parent is SOCKSv4 proxy <br>
|
<b><br>
|
||||||
socks4+ parent is SOCKSv4 proxy with name resolution
|
connect</b> parent is HTTP CONNECT method proxy <b><br>
|
||||||
(SOCKSv4a) <br>
|
connect+</b> parent is HTTP CONNECT proxy with name
|
||||||
socks5 parent is SOCKSv5 proxy <br>
|
resolution (hostname is used instead of IP if available)
|
||||||
socks5+ parent is SOCKSv5 proxy with name resolution <br>
|
<b><br>
|
||||||
socks4b parent is SOCKS4b (broken SOCKSv4 implementation
|
socks4</b> parent is SOCKSv4 proxy <b><br>
|
||||||
|
socks4+</b> parent is SOCKSv4 proxy with name resolution
|
||||||
|
(SOCKSv4a) <b><br>
|
||||||
|
socks5</b> parent is SOCKSv5 proxy <b><br>
|
||||||
|
socks5+</b> parent is SOCKSv5 proxy with name resolution
|
||||||
|
<b><br>
|
||||||
|
socks4b</b> parent is SOCKS4b (broken SOCKSv4 implementation
|
||||||
with shortened server reply; I never saw this kind of
|
with shortened server reply; I never saw this kind of
|
||||||
server, but they say there are some). Normally you should
|
server, but they say there are some). Normally you should
|
||||||
not use this option. Do not confuse this option with
|
not use this option. Do not confuse this option with
|
||||||
SOCKSv4a (socks4+). <br>
|
SOCKSv4a (<b>socks4+</b>). <b><br>
|
||||||
socks5b parent is SOCKS5b (broken SOCKSv5 implementation
|
socks5b</b> parent is SOCKS5b (broken SOCKSv5 implementation
|
||||||
with shortened server reply. I think you will never find it
|
with shortened server reply. I think you will never find it
|
||||||
useful). Never use this option unless you know exactly you
|
useful). Never use this option unless you know exactly you
|
||||||
need it. <br>
|
need it. <b><br>
|
||||||
admin redirect request to local ´admin´ service
|
admin</b> redirect request to local ´admin´
|
||||||
(with -s parameter). <br>
|
service (with -s parameter). <b><br>
|
||||||
ha send HAProxy PROXY protocol v1 header to parent proxy.
|
ha</b> send HAProxy PROXY protocol v1 header to parent
|
||||||
Must be the last in the proxy chain. Useful for passing
|
proxy. Must be the last in the proxy chain. Useful for
|
||||||
client IP information to the parent proxy. Example: parent
|
passing client IP information to the parent proxy. Example:
|
||||||
1000 ha <br>
|
parent 1000 ha <br>
|
||||||
Use "+" proxy only with "fakeresolve"
|
Use "+" proxy only with <b>fakeresolve</b>
|
||||||
option</p>
|
option</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em">IP and port are
|
<p style="margin-left:6%; margin-top: 1em">IP and port are
|
||||||
@ -748,26 +765,26 @@ HTTP proxy, local HTTP proxy parses requests and allows only
|
|||||||
GET and POST requests. <br>
|
GET and POST requests. <br>
|
||||||
parent 1000 http 1.2.3.4 0 <br>
|
parent 1000 http 1.2.3.4 0 <br>
|
||||||
Changes the external address for a given connection to
|
Changes the external address for a given connection to
|
||||||
1.2.3.4 (equivalent to -e1.2.3.4) <br>
|
1.2.3.4 (equivalent to <b>-e1.2.3.4</b>) <br>
|
||||||
Optional username and password are used to authenticate on
|
Optional username and password are used to authenticate on
|
||||||
parent proxy. Username of ´*´ means username
|
parent proxy. Username of ´*´ means username
|
||||||
must be supplied by user.</p>
|
must be supplied by user.</p>
|
||||||
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>parentretries</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>parentretries</b>
|
||||||
<number> <br>
|
<i><number></i> <br>
|
||||||
Number of retries to connect to parent proxy. Default is
|
Number of retries to connect to parent proxy. Default is
|
||||||
1.</p>
|
1.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>nolog</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>nolog</b>
|
||||||
<n> <br>
|
<i><n></i> <br>
|
||||||
extends last allow or deny command to prevent logging, e.g.
|
extends last allow or deny command to prevent logging, e.g.
|
||||||
<br>
|
<br>
|
||||||
allow * * 192.168.1.1 <br>
|
allow * * 192.168.1.1 <br>
|
||||||
nolog</p>
|
nolog</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>weight</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>weight</b>
|
||||||
<n> <br>
|
<i><n></i> <br>
|
||||||
extends last allow or deny command to set weight for this
|
extends last allow or deny command to set weight for this
|
||||||
request <br>
|
request <br>
|
||||||
allow * * 192.168.1.1 <br>
|
allow * * 192.168.1.1 <br>
|
||||||
@ -785,30 +802,31 @@ connections.</p>
|
|||||||
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>bandlimin</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>bandlimin</b>
|
||||||
<rate> <userlist> <sourcelist>
|
<i><rate> <userlist> <sourcelist>
|
||||||
<targetlist> <targetportlist>
|
<targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist> <b><br>
|
<timeperiodslist></i> <b><br>
|
||||||
nobandlimin</b> <userlist> <sourcelist>
|
nobandlimin</b> <i><userlist> <sourcelist>
|
||||||
<targetlist> <targetportlist>
|
<targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist> <b><br>
|
<timeperiodslist></i> <b><br>
|
||||||
bandlimout</b> <rate> <userlist>
|
bandlimout</b> <i><rate> <userlist>
|
||||||
<sourcelist> <targetlist> <targetportlist>
|
<sourcelist> <targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist> <b><br>
|
<timeperiodslist></i> <b><br>
|
||||||
nobandlimout</b> <userlist> <sourcelist>
|
nobandlimout</b> <i><userlist> <sourcelist>
|
||||||
<targetlist> <targetportlist>
|
<targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist> <br>
|
<timeperiodslist></i> <br>
|
||||||
bandlim sets a bandwidth limitation filter to <rate>
|
bandlim sets a bandwidth limitation filter to
|
||||||
bps (bits per second). If you want to specify bytes per
|
<i><rate></i> bps (bits per second). If you want to
|
||||||
second, multiply your value by 8. bandlim rules act in the
|
specify bytes per second, multiply your value by 8. bandlim
|
||||||
same manner as allow/deny rules, except for one thing:
|
rules act in the same manner as allow/deny rules, except for
|
||||||
bandwidth limiting is applied to all services, not to some
|
one thing: bandwidth limiting is applied to all services,
|
||||||
specific service. bandlimin and nobandlimin apply to
|
not to some specific service. <b>bandlimin</b> and
|
||||||
incoming traffic <br>
|
<b>nobandlimin</b> apply to incoming traffic <b><br>
|
||||||
bandlimout and nobandlimout apply to outgoing traffic <br>
|
bandlimout</b> and <b>nobandlimout</b> apply to outgoing
|
||||||
|
traffic <br>
|
||||||
If you want to ratelimit your clients with IPs
|
If you want to ratelimit your clients with IPs
|
||||||
192.168.10.16/30 (4 addresses) to 57600 bps, you have to
|
192.168.10.16/30 (4 addresses) to 57600 bps, you have to
|
||||||
specify 4 rules like <br>
|
specify 4 rules like <br>
|
||||||
@ -826,53 +844,54 @@ nobandlimin * * * 110 <br>
|
|||||||
before the rest of bandlim rules.</p>
|
before the rest of bandlim rules.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>connlim</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>connlim</b>
|
||||||
<rate> <period> <userlist>
|
<i><rate> <period> <userlist>
|
||||||
<sourcelist> <targetlist> <targetportlist>
|
<sourcelist> <targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist> <b><br>
|
<timeperiodslist></i> <b><br>
|
||||||
noconnlim</b> <userlist> <sourcelist>
|
noconnlim</b> <i><userlist> <sourcelist>
|
||||||
<targetlist> <targetportlist>
|
<targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist> <br>
|
<timeperiodslist></i> <br>
|
||||||
connlim sets connections rate limit per time period for
|
connlim sets connections rate limit per time period for
|
||||||
traffic pattern controlled by ACL. Period is in seconds. If
|
traffic pattern controlled by ACL. Period is in seconds. If
|
||||||
period is 0, connlim limits a number of parallel
|
period is 0, <b>connlim</b> limits a number of parallel
|
||||||
connections. <br>
|
connections. <br>
|
||||||
connlim 100 60 * 127.0.0.1 <br>
|
connlim 100 60 * 127.0.0.1 <br>
|
||||||
allows 100 connections per minute for 127.0.0.1. <br>
|
allows 100 connections per minute for 127.0.0.1. <br>
|
||||||
connlim 20 0 * 127.0.0.1 <br>
|
connlim 20 0 * 127.0.0.1 <br>
|
||||||
allows 20 simultaneous connections for 127.0.0.1. <br>
|
allows 20 simultaneous connections for 127.0.0.1. <br>
|
||||||
Like with bandlimin, if an individual limit is required per
|
Like with <b>bandlimin</b>, if an individual limit is
|
||||||
client, a separate rule must be added for every client. Like
|
required per client, a separate rule must be added for every
|
||||||
with nobandlimin, noconnlim adds an exception.</p>
|
client. Like with nobandlimin, noconnlim adds an
|
||||||
|
exception.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>counter</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>counter</b>
|
||||||
<filename> <reporttype> <reportname>
|
<i><filename> <reporttype>
|
||||||
<b><br>
|
<reportname></i> <b><br>
|
||||||
countin</b> <number> <type> <limit>
|
countin</b> <i><number> <type> <limit>
|
||||||
<userlist> <sourcelist> <targetlist>
|
<userlist> <sourcelist> <targetlist>
|
||||||
<targetportlist> <operationlist>
|
<targetportlist> <operationlist>
|
||||||
<weekdayslist> <timeperiodslist> <b><br>
|
<weekdayslist> <timeperiodslist></i> <b><br>
|
||||||
nocountin</b> <userlist> <sourcelist>
|
nocountin</b> <i><userlist> <sourcelist>
|
||||||
<targetlist> <targetportlist>
|
<targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist> <b><br>
|
<timeperiodslist></i> <b><br>
|
||||||
countout</b> <number> <type> <limit>
|
countout</b> <i><number> <type> <limit>
|
||||||
<userlist> <sourcelist> <targetlist>
|
<userlist> <sourcelist> <targetlist>
|
||||||
<targetportlist> <operationlist>
|
<targetportlist> <operationlist>
|
||||||
<weekdayslist> <timeperiodslist> <b><br>
|
<weekdayslist> <timeperiodslist></i> <b><br>
|
||||||
nocountout</b> <userlist> <sourcelist>
|
nocountout</b> <i><userlist> <sourcelist>
|
||||||
<targetlist> <targetportlist>
|
<targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist> <b><br>
|
<timeperiodslist></i> <b><br>
|
||||||
countall</b> <number> <type> <limit>
|
countall</b> <i><number> <type> <limit>
|
||||||
<userlist> <sourcelist> <targetlist>
|
<userlist> <sourcelist> <targetlist>
|
||||||
<targetportlist> <operationlist>
|
<targetportlist> <operationlist>
|
||||||
<weekdayslist> <timeperiodslist> <b><br>
|
<weekdayslist> <timeperiodslist></i> <b><br>
|
||||||
nocountall</b> <userlist> <sourcelist>
|
nocountall</b> <i><userlist> <sourcelist>
|
||||||
<targetlist> <targetportlist>
|
<targetlist> <targetportlist>
|
||||||
<operationlist> <weekdayslist>
|
<operationlist> <weekdayslist>
|
||||||
<timeperiodslist></p>
|
<timeperiodslist></i></p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em">counter,
|
<p style="margin-left:6%; margin-top: 1em">counter,
|
||||||
countin, nocountin, countout, nocountout, countall,
|
countin, nocountin, countout, nocountout, countall,
|
||||||
@ -885,48 +904,34 @@ not preserved in the counter file (that is, if the proxy is
|
|||||||
restarted, all counters with 0 are flushed); otherwise, it
|
restarted, all counters with 0 are flushed); otherwise, it
|
||||||
should be a unique sequential number which points to the
|
should be a unique sequential number which points to the
|
||||||
position of the counter within the file. Type specifies a
|
position of the counter within the file. Type specifies a
|
||||||
type of counter. Type is one of: <br>
|
type of counter. Type is one of: <b><br>
|
||||||
H - counter is reset hourly <br>
|
H</b> - counter is reset hourly <b><br>
|
||||||
D - counter is reset daily <br>
|
D</b> - counter is reset daily <b><br>
|
||||||
W - counter is reset weekly <br>
|
W</b> - counter is reset weekly <b><br>
|
||||||
M - counter is reset monthly <br>
|
M</b> - counter is reset monthly <br>
|
||||||
reporttype/reportname may be used to generate traffic
|
reporttype/reportname may be used to generate traffic
|
||||||
reports. Reporttype is one of D, W, M, H (hourly) and
|
reports. Reporttype is one of D, W, M, H (hourly) and
|
||||||
reportname specifies the filename template for reports. The
|
reportname specifies the filename template for reports. The
|
||||||
report is a text file with counter values in the format:
|
report is a text file with counter values in the format:
|
||||||
<br>
|
<i><br>
|
||||||
<COUNTERNUMBER> <TRAF> <br>
|
<COUNTERNUMBER> <TRAF></i> <br>
|
||||||
The rest of parameters is identical to
|
The rest of parameters is identical to
|
||||||
bandlim/nobandlim.</p>
|
<b>bandlim</b>/<b>nobandlim</b>.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>users</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>users</b>
|
||||||
username[:pwtype:password] ... <br>
|
<i>username</i>[:<i>pwtype</i>:<i>password</i>] ... <br>
|
||||||
pwtype is one of: <br>
|
pwtype is one of: <br>
|
||||||
none (empty) - use system authentication <br>
|
none (empty) - use system authentication <b><br>
|
||||||
CL - password is cleartext <br>
|
CL</b> - password is cleartext <b><br>
|
||||||
CR - password is crypt-style password <br>
|
CR</b> - password is crypt-style password <b><br>
|
||||||
NT - password is NT password (in hex) <br>
|
NT</b> - password is NT password (in hex) <br>
|
||||||
LM - password is LM password (in hex) <br>
|
|
||||||
example: <br>
|
example: <br>
|
||||||
users test1:CL:password1
|
users test1:CL:password1
|
||||||
"test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49." <br>
|
"test2:CR:$1$lFDGlder$pLRb4cU2D7GAT58YQvY49." <br>
|
||||||
users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63</p>
|
users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63 <br>
|
||||||
|
Note: double quotes are required because the password
|
||||||
<table width="100%" border="0" rules="none" frame="void"
|
contains a $ sign. <b><br>
|
||||||
cellspacing="0" cellpadding="0">
|
flush</b> <br>
|
||||||
<tr valign="top" align="left">
|
|
||||||
<td width="6%"></td>
|
|
||||||
|
|
||||||
|
|
||||||
<p>Note: double quotes are required because the password
|
|
||||||
contains a $ sign.</p></td>
|
|
||||||
<td width="88%"></td>
|
|
||||||
<td width="6%">
|
|
||||||
</td></tr>
|
|
||||||
</table>
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>flush</b>
|
|
||||||
<br>
|
|
||||||
empty the active access list. The access list must be
|
empty the active access list. The access list must be
|
||||||
flushed every time you create a new access list for a new
|
flushed every time you create a new access list for a new
|
||||||
service. For example: <br>
|
service. For example: <br>
|
||||||
@ -938,42 +943,43 @@ socks <br>
|
|||||||
sets different ACLs for <b>pop3p</b> and <b>socks</b></p>
|
sets different ACLs for <b>pop3p</b> and <b>socks</b></p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>system</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>system</b>
|
||||||
<command> <br>
|
<i><command></i> <br>
|
||||||
execute system command</p>
|
execute system command</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>pidfile</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>pidfile</b>
|
||||||
<filename> <br>
|
<i><filename></i> <br>
|
||||||
write pid of current process to file. It can be used to
|
write pid of current process to file. It can be used to
|
||||||
manipulate 3proxy with signals under Unix. Currently next
|
manipulate 3proxy with signals under Unix. Currently next
|
||||||
signals are available:</p>
|
signals are available:</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>monitor</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>monitor</b>
|
||||||
<filename> <br>
|
<i><filename></i> <br>
|
||||||
If file monitored changes in modification time or size,
|
If file monitored changes in modification time or size,
|
||||||
3proxy reloads configuration within one minute. Any number
|
3proxy reloads configuration within one minute. Any number
|
||||||
of files may be monitored.</p>
|
of files may be monitored.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>setuid</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>setuid</b>
|
||||||
<uid> <br>
|
<i><uid></i> <br>
|
||||||
calls setuid(uid), uid can be numeric or since 0.9 username.
|
calls setuid(uid), uid can be numeric or since 0.9 username.
|
||||||
Unix only. Warning: under some Linux kernels setuid() works
|
Unix only. Warning: under some Linux kernels setuid() works
|
||||||
for current thread only. It makes it impossible to suid for
|
for current thread only. It makes it impossible to suid for
|
||||||
all threads.</p>
|
all threads.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>setgid</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>setgid</b>
|
||||||
<gid> <br>
|
<i><gid></i> <br>
|
||||||
calls setgid(gid), gid can be numeric or since 0.9
|
calls setgid(gid), gid can be numeric or since 0.9
|
||||||
groupname. Unix only.</p>
|
groupname. Unix only.</p>
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>chroot</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>chroot</b>
|
||||||
<path> [<uid>] [<gid>] <br>
|
<i><path></i> [<i><uid></i>]
|
||||||
|
[<i><gid></i>] <br>
|
||||||
calls chroot(path) and sets gid/uid. Unix only. uid/gid
|
calls chroot(path) and sets gid/uid. Unix only. uid/gid
|
||||||
supported since 0.9, can be numeric or
|
supported since 0.9, can be numeric or
|
||||||
username/groupname</p>
|
username/groupname</p>
|
||||||
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>stacksize</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>stacksize</b>
|
||||||
<value_to_add_to_default_stack_size> <br>
|
<i><value_to_add_to_default_stack_size></i> <br>
|
||||||
Change the default size for thread stacks. May be required
|
Change the default size for thread stacks. May be required
|
||||||
in some situations, e.g. with non-default plugins, or on
|
in some situations, e.g. with non-default plugins, or on
|
||||||
some platforms (some FreeBSD versions may require adjusting
|
some platforms (some FreeBSD versions may require adjusting
|
||||||
@ -992,8 +998,8 @@ negative values.</p>
|
|||||||
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>plugin</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>plugin</b>
|
||||||
<path_to_shared_library> <function_to_call>
|
<i><path_to_shared_library>
|
||||||
[<arg1> ...] <br>
|
<function_to_call></i> [<i><arg1></i> ...] <br>
|
||||||
Loads specified library and calls given export function with
|
Loads specified library and calls given export function with
|
||||||
given arguments, as <br>
|
given arguments, as <br>
|
||||||
int functions_to_call(struct pluginlink * pl, int argc, char
|
int functions_to_call(struct pluginlink * pl, int argc, char
|
||||||
@ -1003,7 +1009,7 @@ function_to_call must return 0 in case of success, value
|
|||||||
|
|
||||||
|
|
||||||
<p style="margin-left:6%; margin-top: 1em"><b>filtermaxsize</b>
|
<p style="margin-left:6%; margin-top: 1em"><b>filtermaxsize</b>
|
||||||
<max_size_of_data_to_filter> <br>
|
<i><max_size_of_data_to_filter></i> <br>
|
||||||
If Content-length (or another data length) is greater than
|
If Content-length (or another data length) is greater than
|
||||||
the given value, no data filtering will be performed through
|
the given value, no data filtering will be performed through
|
||||||
filtering plugins to avoid data corruption and/or
|
filtering plugins to avoid data corruption and/or
|
||||||
|
|||||||
@ -198,7 +198,7 @@ with FTP proxy support, configure <i>internal_ip</i> and
|
|||||||
FTP proxy support, use <i>internal_ip</i> and <i>port</i> as
|
FTP proxy support, use <i>internal_ip</i> and <i>port</i> as
|
||||||
the FTP server. The address of the real FTP server must be
|
the FTP server. The address of the real FTP server must be
|
||||||
configured as a part of the FTP username. The format for the
|
configured as a part of the FTP username. The format for the
|
||||||
username is <i>username</i><b>@</b><i>server</i>, where
|
username is <i>username</i>@<i>server</i>, where
|
||||||
<i>server</i> is the address of the FTP server and
|
<i>server</i> is the address of the FTP server and
|
||||||
<i>username</i> is the user´s login on this FTP
|
<i>username</i> is the user´s login on this FTP
|
||||||
server. The login itself may contain an ´@´
|
server. The login itself may contain an ´@´
|
||||||
|
|||||||
@ -196,8 +196,8 @@ MUA (Mail User Agent) with POP3 support. Set the client to
|
|||||||
use <i>internal_ip</i> and <i>port</i> as a POP3 server. The
|
use <i>internal_ip</i> and <i>port</i> as a POP3 server. The
|
||||||
address of the real POP3 server must be configured as a part
|
address of the real POP3 server must be configured as a part
|
||||||
of the POP3 username. The format for the username is
|
of the POP3 username. The format for the username is
|
||||||
<i>username</i><b>@</b><i>server</i>, where <i>server</i> is
|
<i>username</i>@<i>server</i>, where <i>server</i> is the
|
||||||
the address of the POP3 server and <i>username</i> is the
|
address of the POP3 server and <i>username</i> is the
|
||||||
user´s login on this POP3 server. The login itself may
|
user´s login on this POP3 server. The login itself may
|
||||||
contain an ´@´ sign. Only cleartext
|
contain an ´@´ sign. Only cleartext
|
||||||
authentication is supported, because challenge-response
|
authentication is supported, because challenge-response
|
||||||
|
|||||||
@ -196,7 +196,7 @@ MUA (Mail User Agent) with SMTP authentication support. Set
|
|||||||
the client to use <i>internal_ip</i> and <i>port</i> as an
|
the client to use <i>internal_ip</i> and <i>port</i> as an
|
||||||
SMTP server. The address of the real SMTP server must be
|
SMTP server. The address of the real SMTP server must be
|
||||||
configured as a part of the SMTP username. The format for
|
configured as a part of the SMTP username. The format for
|
||||||
the username is <i>username</i><b>@</b><i>server</i>, where
|
the username is <i>username</i>@<i>server</i>, where
|
||||||
<i>server</i> is the address of the SMTP server and
|
<i>server</i> is the address of the SMTP server and
|
||||||
<i>username</i> is the user´s login on this SMTP
|
<i>username</i> is the user´s login on this SMTP
|
||||||
server. The login itself may contain an ´@´
|
server. The login itself may contain an ´@´
|
||||||
|
|||||||
450
man/3proxy.cfg.3
450
man/3proxy.cfg.3
@ -1,4 +1,4 @@
|
|||||||
.TH 3proxy.cfg "8" "January 2019" "3proxy 0.9" "Universal proxy server"
|
.TH 3proxy.cfg "5" "January 2019" "3proxy 0.9" "Universal proxy server"
|
||||||
.SH NAME
|
.SH NAME
|
||||||
.B 3proxy.cfg
|
.B 3proxy.cfg
|
||||||
3proxy configuration file
|
3proxy configuration file
|
||||||
@ -69,11 +69,11 @@ Recursion is not allowed.
|
|||||||
.br
|
.br
|
||||||
.B tcppm
|
.B tcppm
|
||||||
[options]
|
[options]
|
||||||
<SRCPORT> <DSTADDR> <DSTPORT>
|
\fI<SRCPORT>\fR \fI<DSTADDR>\fR \fI<DSTPORT>\fR
|
||||||
.br
|
.br
|
||||||
.B udppm
|
.B udppm
|
||||||
[options]
|
[options]
|
||||||
<SRCPORT> <DSTADDR> <DSTPORT>
|
\fI<SRCPORT>\fR \fI<DSTADDR>\fR \fI<DSTPORT>\fR
|
||||||
.br
|
.br
|
||||||
Descriptions:
|
Descriptions:
|
||||||
.br
|
.br
|
||||||
@ -119,16 +119,10 @@ UDP portmapper
|
|||||||
.br
|
.br
|
||||||
Options:
|
Options:
|
||||||
.br
|
.br
|
||||||
.B -pNUMBER
|
.B -p\fINUMBER\fR
|
||||||
change default server port to NUMBER
|
change default server port to NUMBER
|
||||||
.br
|
.br
|
||||||
.B -n
|
.B -g(\fIGRACE_TRAFF\fB,\fIGRACE_NUM\fB,\fIGRACE_DELAY\fR)
|
||||||
disable NTLM authentication (required if passwords are stored in Unix crypt format).
|
|
||||||
.br
|
|
||||||
.B -n1
|
|
||||||
enable NTLMv1 authentication.
|
|
||||||
.br
|
|
||||||
.B -g(GRACE_TRAFF,GRACE_NUM,GRACE_DELAY)
|
|
||||||
delay GRACE_DELAY milliseconds before polling if average polling size is below GRACE_TRAFF bytes and GRACE_NUM read operations in a single direction are detected within 1 second. Useful to minimize polling
|
delay GRACE_DELAY milliseconds before polling if average polling size is below GRACE_TRAFF bytes and GRACE_NUM read operations in a single direction are detected within 1 second. Useful to minimize polling
|
||||||
.B -s
|
.B -s
|
||||||
(for admin) secure, allow only secure operations, currently only traffic counters
|
(for admin) secure, allow only secure operations, currently only traffic counters
|
||||||
@ -165,18 +159,18 @@ Resolve IPv6 addresses if IPv4 address is not resolvable
|
|||||||
.B -64
|
.B -64
|
||||||
Resolve IPv4 addresses if IPv6 address is not resolvable
|
Resolve IPv4 addresses if IPv6 address is not resolvable
|
||||||
.br
|
.br
|
||||||
.B -RHOST:port
|
.B -R\fIHOST\fB:\fIport\fR
|
||||||
listen on given local HOST:port for incoming connections instead of making remote outgoing connection. Can be used with another 3proxy service running -r option for connect back functionality. Most commonly used with tcppm. HOST can be given as IP or hostname, useful in case of dynamic DNS.
|
listen on given local HOST:port for incoming connections instead of making remote outgoing connection. Can be used with another 3proxy service running -r option for connect back functionality. Most commonly used with tcppm. HOST can be given as IP or hostname, useful in case of dynamic DNS.
|
||||||
.br
|
.br
|
||||||
.B -rHOST:port
|
.B -r\fIHOST\fB:\fIport\fR
|
||||||
connect to given remote HOST:port instead of listening local connection on -p or default port. Can be used with another 3proxy service running -R option for connect back functionality. Most commonly used with proxy or socks. HOST can be given as IP or hostname, useful in case of dynamic DNS.
|
connect to given remote HOST:port instead of listening local connection on -p or default port. Can be used with another 3proxy service running -R option for connect back functionality. Most commonly used with proxy or socks. HOST can be given as IP or hostname, useful in case of dynamic DNS.
|
||||||
.br
|
.br
|
||||||
.B -ocOPTIONS, -osOPTIONS, -olOPTIONS, -orOPTIONS, -oROPTIONS
|
.B -oc\fIOPTIONS\fB, -os\fIOPTIONS\fB, -ol\fIOPTIONS\fB, -or\fIOPTIONS\fB, -oR\fIOPTIONS\fR
|
||||||
options for proxy-to-client (oc), proxy-to-server (os), proxy listening (ol), connect back client (or), connect back listening (oR) sockets.
|
options for proxy-to-client (\fB-oc\fR), proxy-to-server (\fB-os\fR), proxy listening (\fB-ol\fR), connect back client (\fB-or\fR), connect back listening (\fB-oR\fR) sockets.
|
||||||
Options like TCP_CORK, TCP_NODELAY, TCP_DEFER_ACCEPT, TCP_QUICKACK, TCP_TIMESTAMPS, USE_TCP_FASTOPEN, SO_REUSEADDR, SO_REUSEPORT, SO_PORT_SCALABILITY, SO_REUSE_UNICASTPORT, SO_KEEPALIVE, SO_DONTROUTE may be supported depending on OS.
|
Options like TCP_CORK, TCP_NODELAY, TCP_DEFER_ACCEPT, TCP_QUICKACK, TCP_TIMESTAMPS, USE_TCP_FASTOPEN, SO_REUSEADDR, SO_REUSEPORT, SO_PORT_SCALABILITY, SO_REUSE_UNICASTPORT, SO_KEEPALIVE, SO_DONTROUTE may be supported depending on OS.
|
||||||
.br
|
.br
|
||||||
.B -DiINTERFACE, -DeINTERFACE
|
.B -Di\fIINTERFACE\fB, -De\fIINTERFACE\fR
|
||||||
bind internal interface / external interface to given INTERFACE (e.g. eth0) if SO_BINDTODEVICE is supported by the system. You may need to run as root or have CAP_NET_RAW capability in order to bind to an interface, depending on the system, so this option may require root privileges and can be incompatible with some configuration commands like chroot and setuid (and daemon if setcap is used).
|
bind internal (\fB-Di\fR) / external (\fB-De\fR) interface to given INTERFACE (e.g. eth0) if \fBSO_BINDTODEVICE\fR is supported by the system. You may need to run as root or have \fBCAP_NET_RAW\fR capability in order to bind to an interface, depending on the system, so this option may require root privileges and can be incompatible with some configuration commands like \fBchroot\fR and \fBsetuid\fR (and \fBdaemon\fR if setcap is used).
|
||||||
.br
|
.br
|
||||||
.B -e
|
.B -e
|
||||||
External address. IP address of the interface the proxy should initiate connections
|
External address. IP address of the interface the proxy should initiate connections
|
||||||
@ -222,7 +216,7 @@ pop3username@pop3server. If POP3 proxy access must be authenticated, you can
|
|||||||
specify username as proxy_username:proxy_password:POP3_username@pop3server
|
specify username as proxy_username:proxy_password:POP3_username@pop3server
|
||||||
.br
|
.br
|
||||||
DNS proxy resolves any types of records but only hostnames are cached. It
|
DNS proxy resolves any types of records but only hostnames are cached. It
|
||||||
requires nserver/nscache to be configured. If nserver is configured as TCP,
|
requires \fBnserver\fR/\fBnscache\fR to be configured. If \fBnserver\fR is configured as TCP,
|
||||||
redirections are applied on connection, so parent proxy may be used to resolve
|
redirections are applied on connection, so parent proxy may be used to resolve
|
||||||
names to IP.
|
names to IP.
|
||||||
.br
|
.br
|
||||||
@ -238,14 +232,14 @@ proxy on a client with FTP proxy support. Username format is one of
|
|||||||
Please note, if you use FTP client interface for FTP proxy do not add FTPpassword and FTPServer to username, because FTP client does it for you. That is, if you use 3proxy with authentication use proxyuser:proxypassword:FTPuser as FTP username, otherwise do not change original FTP user name
|
Please note, if you use FTP client interface for FTP proxy do not add FTPpassword and FTPServer to username, because FTP client does it for you. That is, if you use 3proxy with authentication use proxyuser:proxypassword:FTPuser as FTP username, otherwise do not change original FTP user name
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B include
|
.BR include
|
||||||
<path>
|
\fI<path>\fR
|
||||||
.br
|
.br
|
||||||
Include config file
|
Include config file
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B config
|
.BR config
|
||||||
<path>
|
\fI<path>\fR
|
||||||
.br
|
.br
|
||||||
Path to configuration file to use on 3proxy restart or to save configuration.
|
Path to configuration file to use on 3proxy restart or to save configuration.
|
||||||
|
|
||||||
@ -264,8 +258,8 @@ alternate config file. Think twice before using it.
|
|||||||
End of configuration
|
End of configuration
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B log
|
.BR log
|
||||||
[[@|&]logfile] [<LOGTYPE>]
|
[[@|&]\fIlogfile\fR] [\fI<LOGTYPE>\fR]
|
||||||
.br
|
.br
|
||||||
sets logfile for all gateways
|
sets logfile for all gateways
|
||||||
.br
|
.br
|
||||||
@ -277,17 +271,17 @@ alternate config file. Think twice before using it.
|
|||||||
.br
|
.br
|
||||||
LOGTYPE is one of:
|
LOGTYPE is one of:
|
||||||
.br
|
.br
|
||||||
c Minutely
|
\fBc\fR Minutely
|
||||||
.br
|
.br
|
||||||
H Hourly
|
\fBH\fR Hourly
|
||||||
.br
|
.br
|
||||||
D Daily
|
\fBD\fR Daily
|
||||||
.br
|
.br
|
||||||
W Weekly (starting from Sunday)
|
\fBW\fR Weekly (starting from Sunday)
|
||||||
.br
|
.br
|
||||||
M Monthly
|
\fBM\fR Monthly
|
||||||
.br
|
.br
|
||||||
Y Annually
|
\fBY\fR Annually
|
||||||
.br
|
.br
|
||||||
if logfile is not specified logging goes to stdout. You can specify individual logging options for gateway by using -l
|
if logfile is not specified logging goes to stdout. You can specify individual logging options for gateway by using -l
|
||||||
option in gateway configuration.
|
option in gateway configuration.
|
||||||
@ -298,13 +292,13 @@ As with "logformat" filename must begin with \'L\' or \'G\' to specify Local or
|
|||||||
Grinwitch time zone for all time-based format specificators.
|
Grinwitch time zone for all time-based format specificators.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B rotate
|
.BR rotate
|
||||||
<n>
|
\fI<n>\fR
|
||||||
how many archived log files to keep
|
how many archived log files to keep
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B logformat
|
.BR logformat
|
||||||
<format>
|
\fI<format>\fR
|
||||||
.br
|
.br
|
||||||
Format for log record. First symbol in format must be L (local time)
|
Format for log record. First symbol in format must be L (local time)
|
||||||
or G (absolute Grinwitch time).
|
or G (absolute Grinwitch time).
|
||||||
@ -386,8 +380,8 @@ with space and all time based elemnts are in local time zone.
|
|||||||
logformat "-\'+_Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values (\'%d-%m-%Y %H:%M:%S\', \'%U\', \'%N\', %I, %O, \'%T\')"
|
logformat "-\'+_Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values (\'%d-%m-%Y %H:%M:%S\', \'%U\', \'%N\', %I, %O, \'%T\')"
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B logdump
|
.BR logdump
|
||||||
<in_traffic_limit> <out_traffic_limit>
|
\fI<in_traffic_limit>\fR \fI<out_traffic_limit>\fR
|
||||||
.br
|
.br
|
||||||
Immediately creates additional log records if given amount of incoming/outgoing
|
Immediately creates additional log records if given amount of incoming/outgoing
|
||||||
traffic is achieved for connection, without waiting for connection to finish.
|
traffic is achieved for connection, without waiting for connection to finish.
|
||||||
@ -395,56 +389,56 @@ It may be useful to prevent information about long-lasting downloads on server
|
|||||||
shutdown.
|
shutdown.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B delimchar
|
.BR delimchar
|
||||||
<char>
|
\fI<char>\fR
|
||||||
.br
|
.br
|
||||||
Sets the delimiter character used to separate username from hostname in proxy
|
Sets the delimiter character used to separate username from hostname in proxy
|
||||||
authentication strings (e.g. for FTP, POP3 proxies). Default is \'@\'. For example,
|
authentication strings (e.g. for FTP, POP3 proxies). Default is \'@\'. For example,
|
||||||
to use \'#\' instead: delimchar #. This allows usernames to contain the \'@\' character.
|
to use \'#\' instead: delimchar #. This allows usernames to contain the \'@\' character.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B archiver
|
.BR archiver
|
||||||
<ext> <commandline>
|
\fI<ext>\fR \fI<commandline>\fR
|
||||||
.br
|
.br
|
||||||
Archiver to use for log files. <ext> is file extension produced by
|
Archiver to use for log files. <ext> is file extension produced by
|
||||||
archiver. Filename will be last argument to archiver, optionally you
|
archiver. Filename will be last argument to archiver, optionally you
|
||||||
can use %A as produced archive name and %F as filename.
|
can use %A as produced archive name and %F as filename.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B timeouts
|
.BR timeouts
|
||||||
<BYTE_SHORT> <BYTE_LONG> <STRING_SHORT> <STRING_LONG> <CONNECTION_SHORT> <CONNECTION_LONG> <DNS> <CHAIN> <CONNECT> <CONNECTBACK>
|
\fI<BYTE_SHORT>\fR \fI<BYTE_LONG>\fR \fI<STRING_SHORT>\fR \fI<STRING_LONG>\fR \fI<CONNECTION_SHORT>\fR \fI<CONNECTION_LONG>\fR \fI<DNS>\fR \fI<CHAIN>\fR \fI<CONNECT>\fR \fI<CONNECTBACK>\fR
|
||||||
.br
|
.br
|
||||||
Sets timeout values, defaults 1, 5, 30, 60, 180, 1800, 15, 60, 15, 5.
|
Sets timeout values, defaults 1, 5, 30, 60, 180, 1800, 15, 60, 15, 5.
|
||||||
.br
|
.br
|
||||||
BYTE_SHORT short timeout for single byte, is usually used for receiving single byte from stream.
|
\fBBYTE_SHORT\fR short timeout for single byte, is usually used for receiving single byte from stream.
|
||||||
.br
|
.br
|
||||||
BYTE_LONG long timeout for single byte, is usually used for receiving first byte in frame (for example first byte in socks request).
|
\fBBYTE_LONG\fR long timeout for single byte, is usually used for receiving first byte in frame (for example first byte in socks request).
|
||||||
.br
|
.br
|
||||||
STRING_SHORT short timeout, for character string within stream (for example to wait between 2 HTTP headers)
|
\fBSTRING_SHORT\fR short timeout, for character string within stream (for example to wait between 2 HTTP headers)
|
||||||
.br
|
.br
|
||||||
STRING_LONG long timeout, for first string in stream (for example to wait for HTTP request).
|
\fBSTRING_LONG\fR long timeout, for first string in stream (for example to wait for HTTP request).
|
||||||
.br
|
.br
|
||||||
CONNECTION_SHORT inactivity timeout for short connections (HTTP, POP3, etc).
|
\fBCONNECTION_SHORT\fR inactivity timeout for short connections (HTTP, POP3, etc).
|
||||||
.br
|
.br
|
||||||
CONNECTION_LONG inactivity timeout for long connection (SOCKS, portmappers, etc).
|
\fBCONNECTION_LONG\fR inactivity timeout for long connection (SOCKS, portmappers, etc).
|
||||||
.br
|
.br
|
||||||
DNS timeout for DNS request before requesting next server
|
\fBDNS\fR timeout for DNS request before requesting next server
|
||||||
.br
|
.br
|
||||||
CHAIN timeout for reading data from chained connection
|
\fBCHAIN\fR timeout for reading data from chained connection
|
||||||
.br
|
.br
|
||||||
default timeouts 1 5 30 60 180 1800 15 60 15 5
|
default timeouts 1 5 30 60 180 1800 15 60 15 5
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B maxseg
|
.BR maxseg
|
||||||
<value>
|
\fI<value>\fR
|
||||||
.br
|
.br
|
||||||
Sets TCP maximum segment size (MSS) for outgoing connections. This can be used
|
Sets TCP maximum segment size (MSS) for outgoing connections. This can be used
|
||||||
to work around path MTU discovery issues or to optimize traffic for specific
|
to work around path MTU discovery issues or to optimize traffic for specific
|
||||||
network conditions.
|
network conditions.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B radius
|
.BR radius
|
||||||
<NAS_SECRET> <radius_server_1[:port][/local_address_1]> <radius_server_2[:port][/local_address_2]>
|
\fI<NAS_SECRET>\fR \fI<radius_server_1\fR[:\fIport\fR][/\fIlocal_address_1\fR]\fR \fI<radius_server_2\fR[:\fIport\fR][/\fIlocal_address_2\fR]\fR
|
||||||
.br
|
.br
|
||||||
Configures RADIUS servers to be used for logging and authentication (log and auth types
|
Configures RADIUS servers to be used for logging and authentication (log and auth types
|
||||||
must be set to radius). port and local address to use with given server may be specified.
|
must be set to radius). port and local address to use with given server may be specified.
|
||||||
@ -463,11 +457,11 @@ Login-IPv6-Host / Login-IP-Host: (requested IP).
|
|||||||
.br
|
.br
|
||||||
Supported reply attributes for authentication:
|
Supported reply attributes for authentication:
|
||||||
Framed-IP-Address / Framed-IPv6-Address (IP to assign to user), Reply-Message.
|
Framed-IP-Address / Framed-IPv6-Address (IP to assign to user), Reply-Message.
|
||||||
Use authcache to speedup authentication. RADIUS feature is currently experimental.
|
Use \fBauthcache\fR to speedup authentication. RADIUS feature is currently experimental.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B nserver
|
.BR nserver
|
||||||
<ipaddr>[:port][/tcp]
|
\fI<ipaddr>\fR[:\fIport\fR][/\fItcp\fR]
|
||||||
.br
|
.br
|
||||||
Nameserver to use for name resolutions. If none specified
|
Nameserver to use for name resolutions. If none specified
|
||||||
system routines for name resolution is
|
system routines for name resolution is
|
||||||
@ -476,27 +470,27 @@ If optional /tcp is added to IP address, name resolution is
|
|||||||
performed over TCP.
|
performed over TCP.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B authnserver
|
.BR authnserver
|
||||||
<ipaddr>[:port][/tcp]
|
\fI<ipaddr>\fR[:\fIport\fR][/\fItcp\fR]
|
||||||
.br
|
.br
|
||||||
Nameserver to use for DNS-based authentication (e.g. dnsname auth type).
|
Nameserver to use for DNS-based authentication (e.g. dnsname auth type).
|
||||||
If not specified, nserver is used. The syntax is the same as for nserver.
|
If not specified, nserver is used. The syntax is the same as for nserver.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B nscache
|
.BR nscache
|
||||||
<cachesize>
|
\fI<cachesize>\fR
|
||||||
.B nscache6
|
.BR nscache6
|
||||||
<cachesize>
|
\fI<cachesize>\fR
|
||||||
.br
|
.br
|
||||||
Cache <cachesize> records for name resolution (nscache for IPv4,
|
Cache \fI<cachesize>\fR records for name resolution (\fBnscache\fR for IPv4,
|
||||||
nscache6 for IPv6). The cache size should usually be large enough
|
\fBnscache6\fR for IPv6). The cache size should usually be large enough
|
||||||
(for example, 65536).
|
(for example, 65536).
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B nsrecord
|
.BR nsrecord
|
||||||
<hostname> <hostaddr>
|
\fI<hostname>\fR \fI<hostaddr>\fR
|
||||||
.br
|
.br
|
||||||
Adds static record to nscache. nscache must be enabled. If 0.0.0.0
|
Adds static record to nscache. \fBnscache\fR must be enabled. If 0.0.0.0
|
||||||
is used as a hostaddr host will never resolve, it can be used to
|
is used as a hostaddr host will never resolve, it can be used to
|
||||||
blacklist something or together with
|
blacklist something or together with
|
||||||
.B dialer
|
.B dialer
|
||||||
@ -506,11 +500,11 @@ command to set up UDL for dialing.
|
|||||||
.B fakeresolve
|
.B fakeresolve
|
||||||
.br
|
.br
|
||||||
All names are resolved to the 127.0.0.2 address. Useful if all requests are
|
All names are resolved to the 127.0.0.2 address. Useful if all requests are
|
||||||
redirected to a parent proxy with http, socks4+, connect+ or socks5+.
|
redirected to a parent proxy with \fBhttp\fR, \fBsocks4+\fR, \fBconnect+\fR or \fBsocks5+\fR.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B dialer
|
.BR dialer
|
||||||
<progname>
|
\fI<progname>\fR
|
||||||
.br
|
.br
|
||||||
Execute progname if external name can\'t be resolved.
|
Execute progname if external name can\'t be resolved.
|
||||||
Hint: if you use nscache, dialer may not work, because names will
|
Hint: if you use nscache, dialer may not work, because names will
|
||||||
@ -519,8 +513,8 @@ http://dial.right.now/ from browser to set up connection.
|
|||||||
|
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B internal
|
.BR internal
|
||||||
<ipaddr>
|
\fI<ipaddr>\fR
|
||||||
.br
|
.br
|
||||||
sets ip address of internal interface. This IP address will be used
|
sets ip address of internal interface. This IP address will be used
|
||||||
to bind gateways. Alternatively you can use -i option for individual
|
to bind gateways. Alternatively you can use -i option for individual
|
||||||
@ -535,30 +529,30 @@ Unix sockets are supported with the syntax
|
|||||||
is automatically created and removed on service start/stop.
|
is automatically created and removed on service start/stop.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B external
|
.BR external
|
||||||
<ipaddr>
|
\fI<ipaddr>\fR
|
||||||
.br
|
.br
|
||||||
sets ip address of external interface. This IP address will be source
|
sets ip address of external interface. This IP address will be source
|
||||||
address for all connections made by proxy. Alternatively you can use -e
|
address for all connections made by proxy. Alternatively you can use -e
|
||||||
option to specify individual address for gateway. Since 0.8 version
|
option to specify individual address for gateway. Since 0.8 version
|
||||||
External or -e can be given twice: once with IPv4 and once with IPv6 address.
|
External or \fB-e\fR can be given twice: once with IPv4 and once with IPv6 address.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B maxconn
|
.BR maxconn
|
||||||
<number>
|
\fI<number>\fR
|
||||||
.br
|
.br
|
||||||
sets the maximum number of simultaneous connections to each service
|
sets the maximum number of simultaneous connections to each service
|
||||||
started after this command at the network level. Default is 100.
|
started after this command at the network level. Default is 100.
|
||||||
.br
|
.br
|
||||||
To limit clients, use connlim instead. maxconn will silently ignore
|
To limit clients, use \fBconnlim\fR instead. \fBmaxconn\fR will silently ignore
|
||||||
new connections, while connlim will report back to the client that
|
new connections, while \fBconnlim\fR will report back to the client that
|
||||||
the connection limit has been reached.
|
the connection limit has been reached.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B backlog
|
.B backlog
|
||||||
.br
|
.br
|
||||||
sets the listening socket backlog of new connections. Default is
|
sets the listening socket backlog of new connections. Default is
|
||||||
1 + maxconn/8. Maximum value is capped by kernel tunable somaxconn.
|
1 + \fBmaxconn\fR/8. Maximum value is capped by kernel tunable somaxconn.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B service
|
.B service
|
||||||
@ -572,40 +566,40 @@ to reinstall the service.
|
|||||||
.B daemon
|
.B daemon
|
||||||
.br
|
.br
|
||||||
Should be specified to close the console. Do not use \'daemon\' with \'service\'.
|
Should be specified to close the console. Do not use \'daemon\' with \'service\'.
|
||||||
At least under FreeBSD, \'daemon\' should precede any proxy service
|
At least under FreeBSD, \fBdaemon\fR should precede any proxy service
|
||||||
and log commands to avoid socket problems. Always place it in the beginning
|
and log commands to avoid socket problems. Always place it in the beginning
|
||||||
of the configuration file.
|
of the configuration file.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B auth
|
.BR auth
|
||||||
<authtype> [...]
|
\fI<authtype>\fR [...]
|
||||||
.br
|
.br
|
||||||
Type of user authorization. Currently supported:
|
Type of user authorization. Currently supported:
|
||||||
.br
|
.br
|
||||||
none - no authentication or authorization required.
|
\fBnone\fR - no authentication or authorization required.
|
||||||
.br
|
.br
|
||||||
Note: if auth is none, any IP-based limitation, redirection, etc. will not work.
|
Note: if auth is none, any IP-based limitation, redirection, etc. will not work.
|
||||||
This is the default authentication type
|
This is the default authentication type
|
||||||
.br
|
.br
|
||||||
iponly - authentication by access control list with username ignored.
|
\fBiponly\fR - authentication by access control list with username ignored.
|
||||||
Appropriate for most cases
|
Appropriate for most cases
|
||||||
.br
|
.br
|
||||||
useronly - authentication by username without checking for any password with
|
\fBuseronly\fR - authentication by username without checking for any password with
|
||||||
authorization by ACLs. Useful for e.g. SOCKSv4 proxy and icqpr (icqpr set UIN /
|
authorization by ACLs. Useful for e.g. SOCKSv4 proxy and icqpr (icqpr set UIN /
|
||||||
AOL screen name as a username)
|
AOL screen name as a username)
|
||||||
.br
|
.br
|
||||||
dnsname - authentication by DNS hostname with authorization by ACLs.
|
\fBdnsname\fR - authentication by DNS hostname with authorization by ACLs.
|
||||||
The DNS hostname is resolved via a PTR (reverse) record and validated (the resolved
|
The DNS hostname is resolved via a PTR (reverse) record and validated (the resolved
|
||||||
name must resolve to the same IP address). It\'s recommended to use authcache by
|
name must resolve to the same IP address). It\'s recommended to use authcache by
|
||||||
IP for this authentication.
|
IP for this authentication.
|
||||||
NB: there is no password check; the name may be spoofed.
|
NB: there is no password check; the name may be spoofed.
|
||||||
.br
|
.br
|
||||||
strong - username/password authentication required. It will work with
|
\fBstrong\fR - username/password authentication required. It will work with
|
||||||
SOCKSv5, FTP, POP3 and HTTP proxy.
|
SOCKSv5, FTP, POP3 and HTTP proxy.
|
||||||
.br
|
.br
|
||||||
cache - cached authentication, may be used with \'authcache\'.
|
\fBcache\fR - cached authentication, may be used with \'authcache\'.
|
||||||
.br
|
.br
|
||||||
radius - authentication with RADIUS.
|
\fBradius\fR - authentication with RADIUS.
|
||||||
.br
|
.br
|
||||||
Plugins may add additional authentication types.
|
Plugins may add additional authentication types.
|
||||||
|
|
||||||
@ -622,43 +616,43 @@ IP-based authentication for dedicated laptops and request a username/password fo
|
|||||||
shared ones.
|
shared ones.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B authcache
|
.BR authcache
|
||||||
<cachtype> <cachtime> <cachesize>
|
\fI<cachtype>\fR \fI<cachtime>\fR \fI<cachesize>\fR
|
||||||
.br
|
.br
|
||||||
Cache authentication information for a given amount of time (cachetime) in seconds.
|
Cache authentication information for a given amount of time (cachetime) in seconds.
|
||||||
cachesize limits number of cache entries.
|
cachesize limits number of cache entries.
|
||||||
Cachetype is one of:
|
Cachetype is one of:
|
||||||
.br
|
.br
|
||||||
ip - after successful authentication all connections during caching time
|
\fBip\fR - after successful authentication all connections during caching time
|
||||||
from same IP are assigned to the same user, username is not requested.
|
from same IP are assigned to the same user, username is not requested.
|
||||||
.br
|
.br
|
||||||
ip,user username is requested and all connections from the same IP are
|
\fBip,user\fR username is requested and all connections from the same IP are
|
||||||
assigned to the same user without actual authentication.
|
assigned to the same user without actual authentication.
|
||||||
.br
|
.br
|
||||||
user - same as above, but IP is not checked.
|
\fBuser\fR - same as above, but IP is not checked.
|
||||||
.br
|
.br
|
||||||
user,password - both username and password are checked against cached ones.
|
\fBuser,password\fR - both username and password are checked against cached ones.
|
||||||
.br
|
.br
|
||||||
limit - limit user to use only one ip, \'ip\' and \'user\' are required
|
\fBlimit\fR - limit user to use only one ip, \'ip\' and \'user\' are required
|
||||||
.br
|
.br
|
||||||
acl - only use cached auth if user access service with same ACL
|
\fBack\fR - only use cached auth if user access service with same ACL
|
||||||
.br
|
.br
|
||||||
ext - cache external IP
|
\fBext\fR - cache external IP
|
||||||
.br
|
.br
|
||||||
Use auth type \'cache\' for cached authentication
|
Use auth type \fBcache\fR for cached authentication
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B allow
|
.BR allow
|
||||||
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B deny
|
.BR deny
|
||||||
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B redirect
|
.BR redirect
|
||||||
<ip> <port> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<ip>\fR \fI<port>\fR \fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
Access control entries. All lists are comma-separated, no spaces are
|
Access control entries. All lists are comma-separated, no spaces are
|
||||||
allowed. Usernames are case sensitive (if used with authtype nbname
|
allowed. Usernames are case sensitive (if used with authtype nbname
|
||||||
@ -687,42 +681,42 @@ to appropriate interface only or to use ip filters.
|
|||||||
.br
|
.br
|
||||||
Operation is one of:
|
Operation is one of:
|
||||||
.br
|
.br
|
||||||
CONNECT establish outgoing TCP connection
|
\fBCONNECT\fR establish outgoing TCP connection
|
||||||
.br
|
.br
|
||||||
BIND bind TCP port for listening
|
\fBBIND\fR bind TCP port for listening
|
||||||
.br
|
.br
|
||||||
UDPASSOC make UDP association
|
\fBUDPASSOC\fR make UDP association
|
||||||
.br
|
.br
|
||||||
ICMPASSOC make ICMP association (for future use)
|
\fBICMPASSOC\fR make ICMP association (for future use)
|
||||||
.br
|
.br
|
||||||
HTTP_GET HTTP GET request
|
\fBHTTP_GET\fR HTTP GET request
|
||||||
.br
|
.br
|
||||||
HTTP_PUT HTTP PUT request
|
\fBHTTP_PUT\fR HTTP PUT request
|
||||||
.br
|
.br
|
||||||
HTTP_POST HTTP POST request
|
\fBHTTP_POST\fR HTTP POST request
|
||||||
.br
|
.br
|
||||||
HTTP_HEAD HTTP HEAD request
|
\fBHTTP_HEAD\fR HTTP HEAD request
|
||||||
.br
|
.br
|
||||||
HTTP_CONNECT HTTP CONNECT request
|
\fBHTTP_CONNECT\fR HTTP CONNECT request
|
||||||
.br
|
.br
|
||||||
HTTP_OTHER over HTTP request
|
\fBHTTP_OTHER\fR over HTTP request
|
||||||
.br
|
.br
|
||||||
HTTP matches any HTTP request except HTTP_CONNECT
|
\fBHTTP\fR matches any HTTP request except HTTP_CONNECT
|
||||||
.br
|
.br
|
||||||
HTTPS same as HTTP_CONNECT
|
\fBHTTPS\fR same as HTTP_CONNECT
|
||||||
.br
|
.br
|
||||||
FTP_GET FTP get request
|
\fBFTP_GET\fR FTP get request
|
||||||
.br
|
.br
|
||||||
FTP_PUT FTP put request
|
\fBFTP_PUT\fR FTP put request
|
||||||
.br
|
.br
|
||||||
FTP_LIST FTP list request
|
\fBFTP_LIST\fR FTP list request
|
||||||
.br
|
.br
|
||||||
FTP_DATA FTP data connection. Note: FTP_DATA requires access to dynamic
|
\fBFTP_DATA\fR FTP data connection. Note: FTP_DATA requires access to dynamic
|
||||||
non-privileged (1024-65535) ports on the remote side.
|
non-privileged (1024-65535) ports on the remote side.
|
||||||
.br
|
.br
|
||||||
FTP matches any FTP/FTP Data request
|
\fBFTP\fR matches any FTP/FTP Data request
|
||||||
.br
|
.br
|
||||||
ADMIN access to administration interface
|
\fBADMIN\fR access to administration interface
|
||||||
|
|
||||||
.br
|
.br
|
||||||
Weekdays are week day numbers or periods, 0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday.
|
Weekdays are week day numbers or periods, 0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday.
|
||||||
@ -731,8 +725,8 @@ non-privileged (1024-65535) ports on the remote side.
|
|||||||
periods in HH:MM:SS-HH:MM:SS format. For example, 00:00:00-08:00:00,17:00:00-24:00:00 lists non-working hours.
|
periods in HH:MM:SS-HH:MM:SS format. For example, 00:00:00-08:00:00,17:00:00-24:00:00 lists non-working hours.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B parent
|
.BR parent
|
||||||
<weight> <type> <ip> <port> <username> <password>
|
\fI<weight>\fR \fI<type>\fR \fI<ip>\fR \fI<port>\fR \fI<username>\fR \fI<password>\fR
|
||||||
.br
|
.br
|
||||||
this command must follow "allow" rule. It extends last allow rule to
|
this command must follow "allow" rule. It extends last allow rule to
|
||||||
build proxy chain. Proxies may be grouped. Proxy inside the
|
build proxy chain. Proxies may be grouped. Proxy inside the
|
||||||
@ -769,45 +763,45 @@ with probability of 0.7) for outgoing web connections. Chains are only applied t
|
|||||||
.br
|
.br
|
||||||
type is one of:
|
type is one of:
|
||||||
.br
|
.br
|
||||||
extip does not actually redirect the request; it sets the external address for this request to <ip>. It can be chained with another parent type. It's useful to set the external IP based on ACL or make it random.
|
\fBextip\fR does not actually redirect the request; it sets the external address for this request to \fI<ip>\fR. It can be chained with another parent type. It's useful to set the external IP based on ACL or make it random.
|
||||||
.br
|
.br
|
||||||
tcp simply redirect connection. TCP is always last in chain. This type of proxy is a simple TCP redirection, it does not support parent authentication.
|
\fBtcp\fR simply redirect connection. TCP is always last in chain. This type of proxy is a simple TCP redirection, it does not support parent authentication.
|
||||||
.br
|
.br
|
||||||
http redirect to HTTP proxy. HTTP is always the last chain. It should only be used with http (proxy) service,
|
\fBhttp\fR redirect to HTTP proxy. HTTP is always the last chain. It should only be used with http (proxy) service,
|
||||||
if used with different service, it works as tcp redirection.
|
if used with different service, it works as tcp redirection.
|
||||||
.br
|
.br
|
||||||
pop3 redirect to POP3 proxy (only local redirection is supported, can only be used as a first hop in chaining)
|
\fBpop3\fR redirect to POP3 proxy (only local redirection is supported, can only be used as a first hop in chaining)
|
||||||
.br
|
.br
|
||||||
ftp redirect to FTP proxy (only local redirection is supported, can only be used as a first hop in chaining)
|
\fBftp\fR redirect to FTP proxy (only local redirection is supported, can only be used as a first hop in chaining)
|
||||||
.br
|
.br
|
||||||
connect parent is HTTP CONNECT method proxy
|
\fBconnect\fR parent is HTTP CONNECT method proxy
|
||||||
.br
|
.br
|
||||||
connect+ parent is HTTP CONNECT proxy with name resolution (hostname is used instead of IP if available)
|
\fBconnect+\fR parent is HTTP CONNECT proxy with name resolution (hostname is used instead of IP if available)
|
||||||
.br
|
.br
|
||||||
socks4 parent is SOCKSv4 proxy
|
\fBsocks4\fR parent is SOCKSv4 proxy
|
||||||
.br
|
.br
|
||||||
socks4+ parent is SOCKSv4 proxy with name resolution (SOCKSv4a)
|
\fBsocks4+\fR parent is SOCKSv4 proxy with name resolution (SOCKSv4a)
|
||||||
.br
|
.br
|
||||||
socks5 parent is SOCKSv5 proxy
|
\fBsocks5\fR parent is SOCKSv5 proxy
|
||||||
.br
|
.br
|
||||||
socks5+ parent is SOCKSv5 proxy with name resolution
|
\fBsocks5+\fR parent is SOCKSv5 proxy with name resolution
|
||||||
.br
|
.br
|
||||||
socks4b parent is SOCKS4b (broken SOCKSv4 implementation with shortened
|
\fBsocks4b\fR parent is SOCKS4b (broken SOCKSv4 implementation with shortened
|
||||||
server reply; I never saw this kind of server, but they say there are some).
|
server reply; I never saw this kind of server, but they say there are some).
|
||||||
Normally you should not use this option. Do not confuse this option with
|
Normally you should not use this option. Do not confuse this option with
|
||||||
SOCKSv4a (socks4+).
|
SOCKSv4a (\fBsocks4+\fR).
|
||||||
.br
|
.br
|
||||||
socks5b parent is SOCKS5b (broken SOCKSv5 implementation with shortened
|
\fBsocks5b\fR parent is SOCKS5b (broken SOCKSv5 implementation with shortened
|
||||||
server reply. I think you will never find it useful). Never use this option
|
server reply. I think you will never find it useful). Never use this option
|
||||||
unless you know exactly you need it.
|
unless you know exactly you need it.
|
||||||
.br
|
.br
|
||||||
admin redirect request to local \'admin\' service (with -s parameter).
|
\fBadmin\fR redirect request to local \'admin\' service (with -s parameter).
|
||||||
.br
|
.br
|
||||||
ha send HAProxy PROXY protocol v1 header to parent proxy. Must be the last
|
\fBha\fR send HAProxy PROXY protocol v1 header to parent proxy. Must be the last
|
||||||
in the proxy chain. Useful for passing client IP information to the parent proxy.
|
in the proxy chain. Useful for passing client IP information to the parent proxy.
|
||||||
Example: parent 1000 ha
|
Example: parent 1000 ha
|
||||||
.br
|
.br
|
||||||
Use "+" proxy only with "fakeresolve" option
|
Use "+" proxy only with \fBfakeresolve\fR option
|
||||||
.br
|
.br
|
||||||
|
|
||||||
IP and port are ip addres and port of parent proxy server.
|
IP and port are ip addres and port of parent proxy server.
|
||||||
@ -859,21 +853,21 @@ local HTTP proxy parses requests and allows only GET and POST requests.
|
|||||||
.br
|
.br
|
||||||
parent 1000 http 1.2.3.4 0
|
parent 1000 http 1.2.3.4 0
|
||||||
.br
|
.br
|
||||||
Changes the external address for a given connection to 1.2.3.4 (equivalent to -e1.2.3.4)
|
Changes the external address for a given connection to 1.2.3.4 (equivalent to \fB-e1.2.3.4\fR)
|
||||||
.br
|
.br
|
||||||
Optional username and password are used to authenticate on parent
|
Optional username and password are used to authenticate on parent
|
||||||
proxy. Username of \'*\' means username must be supplied by user.
|
proxy. Username of \'*\' means username must be supplied by user.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B parentretries
|
.BR parentretries
|
||||||
<number>
|
\fI<number>\fR
|
||||||
.br
|
.br
|
||||||
Number of retries to connect to parent proxy. Default is 1.
|
Number of retries to connect to parent proxy. Default is 1.
|
||||||
|
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B nolog
|
.BR nolog
|
||||||
<n>
|
\fI<n>\fR
|
||||||
.br
|
.br
|
||||||
extends last allow or deny command to prevent logging, e.g.
|
extends last allow or deny command to prevent logging, e.g.
|
||||||
.br
|
.br
|
||||||
@ -883,8 +877,8 @@ nolog
|
|||||||
|
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B weight
|
.BR weight
|
||||||
<n>
|
\fI<n>\fR
|
||||||
.br
|
.br
|
||||||
extends last allow or deny command to set weight for this request
|
extends last allow or deny command to set weight for this request
|
||||||
.br
|
.br
|
||||||
@ -906,30 +900,30 @@ is removed, old connections which do not match current are closed.
|
|||||||
noforce allows to keep previously authenticated connections.
|
noforce allows to keep previously authenticated connections.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B bandlimin
|
.BR bandlimin
|
||||||
<rate> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<rate>\fR \fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B nobandlimin
|
.BR nobandlimin
|
||||||
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B bandlimout
|
.BR bandlimout
|
||||||
<rate> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<rate>\fR \fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B nobandlimout
|
.BR nobandlimout
|
||||||
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
bandlim sets a bandwidth limitation filter to <rate> bps (bits per second).
|
bandlim sets a bandwidth limitation filter to \fI<rate>\fR bps (bits per second).
|
||||||
If you want to specify bytes per second, multiply your value by 8.
|
If you want to specify bytes per second, multiply your value by 8.
|
||||||
bandlim rules act in the same manner as allow/deny rules, except for
|
bandlim rules act in the same manner as allow/deny rules, except for
|
||||||
one thing: bandwidth limiting is applied to all services, not to some
|
one thing: bandwidth limiting is applied to all services, not to some
|
||||||
specific service.
|
specific service.
|
||||||
bandlimin and nobandlimin apply to incoming traffic
|
\fBbandlimin\fR and \fBnobandlimin\fR apply to incoming traffic
|
||||||
.br
|
.br
|
||||||
bandlimout and nobandlimout apply to outgoing traffic
|
\fBbandlimout\fR and \fBnobandlimout\fR apply to outgoing traffic
|
||||||
.br
|
.br
|
||||||
If you want to ratelimit your clients with IPs 192.168.10.16/30 (4
|
If you want to ratelimit your clients with IPs 192.168.10.16/30 (4
|
||||||
addresses) to 57600 bps, you have to specify 4 rules like
|
addresses) to 57600 bps, you have to specify 4 rules like
|
||||||
@ -954,17 +948,17 @@ If you want, for example, to limit all speed except access to POP3, you can use
|
|||||||
before the rest of bandlim rules.
|
before the rest of bandlim rules.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B connlim
|
.BR connlim
|
||||||
<rate> <period> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<rate>\fR \fI<period>\fR \fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B noconnlim
|
.BR noconnlim
|
||||||
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
connlim sets connections rate limit per time period for traffic
|
connlim sets connections rate limit per time period for traffic
|
||||||
pattern controlled by ACL. Period is in seconds. If period is 0,
|
pattern controlled by ACL. Period is in seconds. If period is 0,
|
||||||
connlim limits a number of parallel connections.
|
\fBconnlim\fR limits a number of parallel connections.
|
||||||
.br
|
.br
|
||||||
connlim 100 60 * 127.0.0.1
|
connlim 100 60 * 127.0.0.1
|
||||||
.br
|
.br
|
||||||
@ -974,39 +968,39 @@ connlim limits a number of parallel connections.
|
|||||||
.br
|
.br
|
||||||
allows 20 simultaneous connections for 127.0.0.1.
|
allows 20 simultaneous connections for 127.0.0.1.
|
||||||
.br
|
.br
|
||||||
Like with bandlimin, if an individual limit is required per client, a separate
|
Like with \fBbandlimin\fR, if an individual limit is required per client, a separate
|
||||||
rule must be added for every client. Like with nobandlimin, noconnlim adds an
|
rule must be added for every client. Like with nobandlimin, noconnlim adds an
|
||||||
exception.
|
exception.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B counter
|
.BR counter
|
||||||
<filename> <reporttype> <reportname>
|
\fI<filename>\fR \fI<reporttype>\fR \fI<reportname>\fR
|
||||||
.br
|
.br
|
||||||
.B countin
|
.BR countin
|
||||||
<number> <type> <limit> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<number>\fR \fI<type>\fR \fI<limit>\fR \fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B nocountin
|
.BR nocountin
|
||||||
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B countout
|
.BR countout
|
||||||
<number> <type> <limit> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<number>\fR \fI<type>\fR \fI<limit>\fR \fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B nocountout
|
.BR nocountout
|
||||||
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B countall
|
.BR countall
|
||||||
<number> <type> <limit> <userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<number>\fR \fI<type>\fR \fI<limit>\fR \fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
.B nocountall
|
.BR nocountall
|
||||||
<userlist> <sourcelist> <targetlist> <targetportlist> <operationlist>
|
\fI<userlist>\fR \fI<sourcelist>\fR \fI<targetlist>\fR \fI<targetportlist>\fR \fI<operationlist>\fR
|
||||||
<weekdayslist> <timeperiodslist>
|
\fI<weekdayslist>\fR \fI<timeperiodslist>\fR
|
||||||
.br
|
.br
|
||||||
|
|
||||||
counter, countin, nocountin, countout, nocountout, countall,
|
counter, countin, nocountin, countout, nocountout, countall,
|
||||||
@ -1020,38 +1014,36 @@ should be a unique sequential number which points to the position of
|
|||||||
the counter within the file.
|
the counter within the file.
|
||||||
Type specifies a type of counter. Type is one of:
|
Type specifies a type of counter. Type is one of:
|
||||||
.br
|
.br
|
||||||
H - counter is reset hourly
|
\fBH\fR - counter is reset hourly
|
||||||
.br
|
.br
|
||||||
D - counter is reset daily
|
\fBD\fR - counter is reset daily
|
||||||
.br
|
.br
|
||||||
W - counter is reset weekly
|
\fBW\fR - counter is reset weekly
|
||||||
.br
|
.br
|
||||||
M - counter is reset monthly
|
\fBM\fR - counter is reset monthly
|
||||||
.br
|
.br
|
||||||
reporttype/reportname may be used to generate traffic reports.
|
reporttype/reportname may be used to generate traffic reports.
|
||||||
Reporttype is one of D, W, M, H (hourly) and reportname specifies the filename
|
Reporttype is one of D, W, M, H (hourly) and reportname specifies the filename
|
||||||
template for reports. The report is a text file with counter values in
|
template for reports. The report is a text file with counter values in
|
||||||
the format:
|
the format:
|
||||||
.br
|
.br
|
||||||
<COUNTERNUMBER> <TRAF>
|
\fI<COUNTERNUMBER>\fR \fI<TRAF>\fR
|
||||||
.br
|
.br
|
||||||
The rest of parameters is identical to bandlim/nobandlim.
|
The rest of parameters is identical to \fBbandlim\fR/\fBnobandlim\fR.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B users
|
.BR users
|
||||||
username[:pwtype:password] ...
|
\fIusername\fR[:\fIpwtype\fR:\fIpassword\fR] ...
|
||||||
.br
|
.br
|
||||||
pwtype is one of:
|
pwtype is one of:
|
||||||
.br
|
.br
|
||||||
none (empty) - use system authentication
|
none (empty) - use system authentication
|
||||||
.br
|
.br
|
||||||
CL - password is cleartext
|
\fBCL\fR - password is cleartext
|
||||||
.br
|
.br
|
||||||
CR - password is crypt-style password
|
\fBCR\fR - password is crypt-style password
|
||||||
.br
|
.br
|
||||||
NT - password is NT password (in hex)
|
\fBNT\fR - password is NT password (in hex)
|
||||||
.br
|
|
||||||
LM - password is LM password (in hex)
|
|
||||||
.br
|
.br
|
||||||
example:
|
example:
|
||||||
.br
|
.br
|
||||||
@ -1059,7 +1051,7 @@ username[:pwtype:password] ...
|
|||||||
.br
|
.br
|
||||||
users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
|
users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
|
||||||
.br
|
.br
|
||||||
Note: double quotes are required because the password contains a $ sign.
|
Note: double quotes are required because the password contains a $ sign.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B flush
|
.B flush
|
||||||
@ -1083,48 +1075,48 @@ and
|
|||||||
.B socks
|
.B socks
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B system
|
.BR system
|
||||||
<command>
|
\fI<command>\fR
|
||||||
.br
|
.br
|
||||||
execute system command
|
execute system command
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B pidfile
|
.BR pidfile
|
||||||
<filename>
|
\fI<filename>\fR
|
||||||
.br
|
.br
|
||||||
write pid of current process to file. It can be used to manipulate
|
write pid of current process to file. It can be used to manipulate
|
||||||
3proxy with signals under Unix. Currently next signals are available:
|
3proxy with signals under Unix. Currently next signals are available:
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B monitor
|
.BR monitor
|
||||||
<filename>
|
\fI<filename>\fR
|
||||||
.br
|
.br
|
||||||
If file monitored changes in modification time or size, 3proxy reloads
|
If file monitored changes in modification time or size, 3proxy reloads
|
||||||
configuration within one minute. Any number of files may be monitored.
|
configuration within one minute. Any number of files may be monitored.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B setuid
|
.BR setuid
|
||||||
<uid>
|
\fI<uid>\fR
|
||||||
.br
|
.br
|
||||||
calls setuid(uid), uid can be numeric or since 0.9 username. Unix only. Warning: under some Linux
|
calls setuid(uid), uid can be numeric or since 0.9 username. Unix only. Warning: under some Linux
|
||||||
kernels setuid() works for current thread only. It makes it impossible to suid
|
kernels setuid() works for current thread only. It makes it impossible to suid
|
||||||
for all threads.
|
for all threads.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B setgid
|
.BR setgid
|
||||||
<gid>
|
\fI<gid>\fR
|
||||||
.br
|
.br
|
||||||
calls setgid(gid), gid can be numeric or since 0.9 groupname. Unix only.
|
calls setgid(gid), gid can be numeric or since 0.9 groupname. Unix only.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B chroot
|
.BR chroot
|
||||||
<path> [<uid>] [<gid>]
|
\fI<path>\fR [\fI<uid>\fR] [\fI<gid>\fR]
|
||||||
.br
|
.br
|
||||||
calls chroot(path) and sets gid/uid. Unix only. uid/gid supported since 0.9, can be numeric or username/groupname
|
calls chroot(path) and sets gid/uid. Unix only. uid/gid supported since 0.9, can be numeric or username/groupname
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B stacksize
|
.BR stacksize
|
||||||
<value_to_add_to_default_stack_size>
|
\fI<value_to_add_to_default_stack_size>\fR
|
||||||
.br
|
.br
|
||||||
Change the default size for thread stacks. May be required in some situations,
|
Change the default size for thread stacks. May be required in some situations,
|
||||||
e.g. with non-default plugins, or on some platforms (some FreeBSD versions
|
e.g. with non-default plugins, or on some platforms (some FreeBSD versions
|
||||||
@ -1139,8 +1131,8 @@ memory shortage, you can try to experiment with negative values.
|
|||||||
.SH PLUGINS
|
.SH PLUGINS
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B plugin
|
.BR plugin
|
||||||
<path_to_shared_library> <function_to_call> [<arg1> ...]
|
\fI<path_to_shared_library>\fR \fI<function_to_call>\fR [\fI<arg1>\fR ...]
|
||||||
.br
|
.br
|
||||||
Loads specified library and calls given export function with given arguments,
|
Loads specified library and calls given export function with given arguments,
|
||||||
as
|
as
|
||||||
@ -1150,8 +1142,8 @@ as
|
|||||||
function_to_call must return 0 in case of success, value > 0 to indicate error.
|
function_to_call must return 0 in case of success, value > 0 to indicate error.
|
||||||
|
|
||||||
.br
|
.br
|
||||||
.B filtermaxsize
|
.BR filtermaxsize
|
||||||
<max_size_of_data_to_filter>
|
\fI<max_size_of_data_to_filter>\fR
|
||||||
.br
|
.br
|
||||||
If Content-length (or another data length) is greater than the given value, no
|
If Content-length (or another data length) is greater than the given value, no
|
||||||
data filtering will be performed through filtering plugins to avoid data
|
data filtering will be performed through filtering plugins to avoid data
|
||||||
|
|||||||
@ -73,7 +73,7 @@ and
|
|||||||
.IR port
|
.IR port
|
||||||
as the FTP server. The address of the real FTP server must be configured as a part of
|
as the FTP server. The address of the real FTP server must be configured as a part of
|
||||||
the FTP username. The format for the username is
|
the FTP username. The format for the username is
|
||||||
.IR username \fB@ server ,
|
.IR username @ server ,
|
||||||
where
|
where
|
||||||
.I server
|
.I server
|
||||||
is the address of the FTP server and
|
is the address of the FTP server and
|
||||||
|
|||||||
@ -67,7 +67,7 @@ and
|
|||||||
.IR port
|
.IR port
|
||||||
as a POP3 server. The address of the real POP3 server must be configured as a part of
|
as a POP3 server. The address of the real POP3 server must be configured as a part of
|
||||||
the POP3 username. The format for the username is
|
the POP3 username. The format for the username is
|
||||||
.IR username \fB@ server ,
|
.IR username @ server ,
|
||||||
where
|
where
|
||||||
.I server
|
.I server
|
||||||
is the address of the POP3 server and
|
is the address of the POP3 server and
|
||||||
|
|||||||
@ -68,7 +68,7 @@ and
|
|||||||
.IR port
|
.IR port
|
||||||
as an SMTP server. The address of the real SMTP server must be configured as a part of
|
as an SMTP server. The address of the real SMTP server must be configured as a part of
|
||||||
the SMTP username. The format for the username is
|
the SMTP username. The format for the username is
|
||||||
.IR username \fB@ server ,
|
.IR username @ server ,
|
||||||
where
|
where
|
||||||
.I server
|
.I server
|
||||||
is the address of the SMTP server and
|
is the address of the SMTP server and
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user