diff --git a/doc/html/faqe.html b/doc/html/faqe.html index a460002..fe178e1 100644 --- a/doc/html/faqe.html +++ b/doc/html/faqe.html @@ -1,2 +1,2 @@ -

See HowTo:

\ No newline at end of file +

See HowTo:

\ No newline at end of file diff --git a/doc/html/faqr.html b/doc/html/faqr.html index e9546af..023d097 100644 --- a/doc/html/faqr.html +++ b/doc/html/faqr.html @@ -1,2 +1,2 @@ -

См. HowTo

\ No newline at end of file +

См. HowTo

\ No newline at end of file diff --git a/doc/html/highload.html b/doc/html/highload.html index b57a687..a91f829 100644 --- a/doc/html/highload.html +++ b/doc/html/highload.html @@ -1,12 +1,12 @@ -

Optimizing 3proxy for high load

-

Precaution 1: 3proxy was not initially developed for high load and is positioned as a SOHO product, the main reason is "one connection - one thread" model 3proxy uses. 3proxy is known to work with above 200,000 connections under proper configuration, but use it in production environment under high loads at your own risk and do not expect too much. -

Precaution 2: This documentation is incomplete and is not sufficient. High loads may require very specific system tuning including, but not limited to specific or cusomized kernels, builds, settings, sysctls, options, etc. All this is not covered by this documentation. +

Optimizing 3proxy for High Load

+

Precaution 1: 3proxy was not initially developed for high load and is positioned as a SOHO product. The main reason is the "one connection - one thread" model 3proxy uses. 3proxy is known to work with over 200,000 connections under proper configuration, but use it in a production environment under high loads at your own risk and do not expect too much. +

Precaution 2: This documentation is incomplete and insufficient. High loads may require very specific system tuning including, but not limited to, specific or customized kernels, builds, settings, sysctls, options, etc. All of this is not covered by this documentation.

Configuring 'maxconn'

-A number of simulatineous connections per service is limited by 'maxconn' option. -Default maxconn value since 3proxy 0.8 is 500. You may want to set 'maxconn' -to higher value. Under this configuration: +The number of simultaneous connections per service is limited by the 'maxconn' option. +The default maxconn value since 3proxy 0.8 is 500. You may want to set 'maxconn' +to a higher value. Under this configuration: 
 maxconn 1000
 proxy -p3129
@@ -14,53 +14,53 @@ proxy -p3128
 socks
maxconn for every service is 1000, and there are 3 services running -(2 proxy and 1 socks), so, for all services there can be up to 3000 -simulatineous connections to 3proxy. -

Avoid setting 'maxconn' to arbitrary high value, it should be carefully -choosen to protect system and proxy from resources exhaution. Setting maxconn -above resources available can lead to denial of service conditions. -

Understanding resources requirements

-Each running service require: +(2 proxy and 1 socks), so for all services there can be up to 3000 +simultaneous connections to 3proxy. +

Avoid setting 'maxconn' to an arbitrarily high value; it should be carefully +chosen to protect the system and proxy from resource exhaustion. Setting maxconn +above available resources can lead to denial of service conditions. +

Understanding Resource Requirements

+Each running service requires: -Each connected client require: +Each connected client requires: Also, additional resources like system buffers are required for network activity.

Setting ulimits

Hard and soft ulimits must be set above calculated requirements. Under Linux, you can -check limits of running process with +check the limits of a running process with 
 cat /proc/PID/limits
-where PID is a pid of the process. -Validate ulimits match your expectation, especially if you run 3proxy under dedicated account -by adding e.g. +where PID is the process ID. +Validate that ulimits match your expectations, especially if you run 3proxy under a dedicated account +by adding, e.g.: 
 system "ulimit -Ha >>/tmp/3proxy.ulim.hard"
 system "ulimit -Sa >>/tmp/3proxy.ulim.soft"
-in the beginning (before first service started) and the end of config file. -Make both hard restart (that is kill and start 3proxy process) and soft restart -by sending SIGUSR1 to 3proxy process, check ulimits recorded to files match your -expecation. In systemd based distros (e.g. latest Debian / Ubuntu) changing limits.conf -is not enough, limits must be ajusted in systemd configuration, e.g. by setting +at the beginning (before the first service is started) and at the end of the config file. +Perform both a hard restart (i.e., kill and start the 3proxy process) and a soft restart +by sending SIGUSR1 to the 3proxy process; check that the ulimits recorded to files match your +expectations. In systemd-based distros (e.g., latest Debian/Ubuntu), changing limits.conf +is not enough; limits must be adjusted in the systemd configuration, e.g., by setting: 
 DefaultLimitDATA=infinity
 DefaultLimitSTACK=infinity
@@ -73,51 +73,51 @@ DefaultLimitMEMLOCK=infinity
in user.conf / system.conf -

Extending system limitation

+

Extending System Limitations

-Check manuals / documentation for your system limitations e.g. system-wide limit for number of open files +Check the manuals/documentation for your system's limitations, e.g., the system-wide limit for the number of open files (fs.file-max in Linux). You may need to change sysctls or even rebuild the kernel from source.

-To help with socket-based system-dependant settings, since 0.9-devel 3proxy supports different -socket options which can be set via -ol option for listening socket, -oc for proxy-to-client -socket and -os for proxy-to-server socket. Example: +To help with socket-based system-dependent settings, since 0.9-devel, 3proxy supports different +socket options which can be set via the -ol option for the listening socket, -oc for the proxy-to-client +socket, and -os for the proxy-to-server socket. Example: 

 proxy -olSO_REUSEADDR,SO_REUSEPORT -ocTCP_TIMESTAMPS,TCP_NODELAY -osTCP_NODELAY
-available options are system dependant. +Available options are system-dependent. -

Using 3proxy in virtual environment

+

Using 3proxy in a Virtual Environment

-If 3proxy is used in VPS environment, there can be additional limitations. -For example, kernel resources / system CPU usage / IOCTLs can be limited in a different way, and this can become a bottleneck. -Since 0.9 devel, 3proxy uses splice() by default on Linux, splice() prevents network traffic from being copied from -kernel space to 3proxy process and generally increases throughput, epecially in the case of high volume traffic. It especially -true for virtual environment (it can improve thoughput up to 10 times) unless there are additional kernel limitations. -Since some work is moved to kernel, it requires up to 2 times more kernel resources in terms of CPU, memory and IOCTLs. -If your hosting additionally limits kernel resources (you can see it as nearly 100% CPU usage without any real CPU activity for -any application which performs IOCTLS), use -s0 option to disable splice() usage for given service e.g. -
 
+If 3proxy is used in a VPS environment, there can be additional limitations.
+For example, kernel resources, system CPU usage, and IOCTLs can be limited differently, and this can become a bottleneck.
+Since 0.9-devel, 3proxy uses splice() by default on Linux. splice() prevents network traffic from being copied from
+kernel space to the 3proxy process and generally increases throughput, especially in the case of high-volume traffic. This is especially
+true for virtual environments (it can improve throughput up to 10 times) unless there are additional kernel limitations.
+Since some work is moved to the kernel, it requires up to 2 times more kernel resources in terms of CPU, memory, and IOCTLs.
+If your hosting additionally limits kernel resources (you can see this as nearly 100% CPU usage without any real CPU activity for
+any application performing IOCTLs), use the -s0 option to disable splice() usage for a given service, e.g.:
+
 socks -s0
 

 
-
Extending ephemeral port range

+
Extending the Ephemeral Port Range

 
-Check ephemeral port range for your system and extend it to the number of the
+Check the ephemeral port range for your system and extend it to the number of
 ports required.
-Ephimeral range is always limited to maximum number of ports (64K). To extend the
-number of outgoing connections above this limit, extending ephemeral port range
-is not enough, you need additional actions:
+The ephemeral range is always limited to the maximum number of ports (64K). To extend the
+number of outgoing connections above this limit, extending the ephemeral port range
+is not enough; you need additional actions:
 
    
 
  1.  Configure multiple outgoing IPs
-
  2.  Make sure 3proxy is configured to use different outgoing IP by either setting
-external IP via RADIUS
+
  3.  Make sure 3proxy is configured to use a different outgoing IP by either setting
+the external IP via RADIUS:
 
     radius secret 1.2.3.4
 auth radius
 proxy
 
    
 or by using multiple services with different external
-interfaces, example:
+interfaces, for example:
 
     allow user1,user11,user111
 proxy -p1111 -e1.1.1.1
@@ -133,7 +133,7 @@ proxy -p4444 -e4.4.4.4
 flush
 
    
 or via "parent extip" rotation,
-e.g.
+e.g.:
 
     allow user1,user11,user111
 parent 1000 extip 1.1.1.1 0
@@ -156,8 +156,8 @@ socks
 
    
 
     
    
-Under latest Linux version you can also start multiple services with different
-external addresses on the single port with SO_REUSEPORT on listening socket to
+Under the latest Linux versions, you can also start multiple services with different
+external addresses on a single port with SO_REUSEPORT on the listening socket to
 evenly distribute incoming connections between outgoing interfaces:
 
     socks -olSO_REUSEPORT -p3128 -e 1.1.1.1
@@ -165,136 +165,136 @@ socks -olSO_REUSEPORT -p3128 -e 2.2.2.2
 socks -olSO_REUSEPORT -p3128 -e 3.3.3.3
 socks -olSO_REUSEPORT -p3128 -e 4.4.4.4
 
    
-for Web browsing last two examples are not recommended, because same client can get
-different external address for different requests, you should choose external
+For web browsing, the last two examples are not recommended because the same client can get
+a different external address for different requests; you should choose the external
 interface with user-based rules instead.
-
  4.  You may need additional system dependant actions to use same port on different IPs,
-usually by adding SO_REUSEADDR (SO_PORT_SCALABILITY for Windows) socket option to
-external socket. This option can be set (since 0.9 devel) with -os option:
+
  5.  You may need additional system-dependent actions to use the same port on different IPs,
+usually by adding the SO_REUSEADDR (SO_PORT_SCALABILITY for Windows) socket option to
+the external socket. This option can be set (since 0.9-devel) with the -os option:
 
     proxy -p3128 -e1.2.3.4 -osSO_REUSEADDR
 
    
-Behavior for SO_REUSEADDR and SO_REUSEPORT is different between different system,
-even between different kernel versions and can lead to unexpected results.
-Specifics is described here.
-Use this options only if actually required and if you fully understand possible
-consiquences. E.g. SO_REUSEPORT can help to establish more connections than the
-number of the client port available, but it can also lead to situation connections
-are randomely fail due to ip+port pairs collision if remote or local system 
+The behavior for SO_REUSEADDR and SO_REUSEPORT is different between different systems,
+even between different kernel versions, and can lead to unexpected results.
+The specifics are described here.
+Use these options only if actually required and if you fully understand the possible
+consequences. For example, SO_REUSEPORT can help establish more connections than the
+number of client ports available, but it can also lead to situations where connections
+randomly fail due to IP+port pair collisions if the remote or local system
 doesn't support this trick.
 

 
-
Setting stacksize

+
Setting Stack Size

 
 'stacksize' is a size added to all stack allocations and can be both positive and
-negative. Stack is required in functions call. 3proxy itself doesn't require large
+negative. Stack is required for function calls. 3proxy itself doesn't require a large
 stack, but it can be required if some
-purely-written libc, 3rd party libraries or system functions called. There is known\
+poorly written libc, 3rd party libraries, or system functions are called. There is known
 dirty code in Unix ODBC
-implementations, build-in DNS resolvers, especially in the case of IPv6 and large
-number of interfaces. Under most 64-bit system extending stacksize will lead
-to additional memory space usage, but do not require actual commited memory,
-so you can inrease stacksize to relatively large value (e.g. 1024000) without
-the need to add additional phisical memory,
-but it's system/libc dependant and requires additional testing under your
-installation. Don't forget about memory related ulimts.
-
For 32-bit systems address space can be a bottlneck you should consider. If
-you're short of address space you can try to use negative stack size.
+implementations and built-in DNS resolvers, especially in the case of IPv6 and a large
+number of interfaces. Under most 64-bit systems, extending stacksize will lead
+to additional memory space usage but does not require actual committed memory,
+so you can increase stacksize to a relatively large value (e.g., 1024000) without
+the need to add additional physical memory,
+but it's system/libc dependent and requires additional testing under your
+installation. Don't forget about memory-related ulimits.
+
For 32-bit systems, address space can be a bottleneck you should consider. If
+you're short on address space, you can try using a negative stack size.
 
-
Known system issues

+
Known System Issues

 
-There are known race condition issues in Linux / glibc resolver. The probability
-of race condition arises under configuration with IPv6, large number of interfaces
-or IP addresses or resolvers configured. In this case, install local recursor and
-use 3proxy built-in resolver (nserver / nscache / nscache6).
-
Do not use public resolvers

-Public resolvers like ones from Google have ratelimits. For large number of
-requests install local caching recursor (ISC bind named, PowerDNS recursor, etc).
+There are known race condition issues in the Linux/glibc resolver. The probability
+of a race condition arises under configuration with IPv6, a large number of interfaces
+or IP addresses, or with resolvers configured. In this case, install a local recursor and
+use 3proxy's built-in resolver (nserver / nscache / nscache6).
+
Do Not Use Public Resolvers

+Public resolvers like those from Google have rate limits. For a large number of
+requests, install a local caching recursor (ISC bind named, PowerDNS recursor, etc).
 
-
Avoid large lists

+
Avoid Large Lists

 
 Currently, 3proxy is not optimized to use large ACLs, user lists, etc. All lists
-are processed lineary. In devel version you can use RADIUS authentication to avoid
-user lists and ACLs in 3proxy itself. Also, RADIUS allows to easily set outgoing IP
-on per-user basis or more sophisicated logics.
-RADIUS is a new beta feature, test it before using in production.
+are processed linearly. In the devel version, you can use RADIUS authentication to avoid
+user lists and ACLs in 3proxy itself. Also, RADIUS allows you to easily set an outgoing IP
+on a per-user basis or implement more sophisticated logic.
+RADIUS is a new beta feature; test it before using it in production.
 
-
Avoid changing configuration too often

+
Avoid Changing Configuration Too Often

 
-Every configuration reload requires additional resources. Do not do frequent
-changes, like users addition/deletaion via connfiguration, use alternative
+Every configuration reload requires additional resources. Do not make frequent
+changes, such as user addition/deletion via configuration; use alternative
 authentication methods instead, like RADIUS.
 
-
Consider using 'noforce'

+
Consider Using 'noforce'

 
-'force' behaviour (default) re-authenticates all connections after
-configuration reload, it may be resource consuming on large number of
-connections. Consider adding 'noforce' command before services started
-to prevent connections reauthentication.
+The 'force' behavior (default) re-authenticates all connections after
+configuration reload; it may be resource-consuming with a large number of
+connections. Consider adding the 'noforce' command before services are started
+to prevent connection re-authentication.
 
-
Do not monitor configuration files directly

+
Do Not Monitor Configuration Files Directly

 
-Using configuration file directly in 'monitor' can lead to race condition where
-configuration is reloaded while file is being written.
+Using a configuration file directly in 'monitor' can lead to a race condition where
+the configuration is reloaded while the file is being written.
 To avoid race conditions:
 
    
 
  1.  Update config files only if there is no lock file
-
  2.  Create lock file then 3proxy configuration is updated, e.g. with
+
  3.  Create a lock file when the 3proxy configuration is updated, e.g., with
 "touch /some/path/3proxy/3proxy.lck". If you generate config files
-asynchronously, e.g. by user's request via web, you should consider
-implementing existance checking and file creation as atomic operation.
-
  4. add
+asynchronously, e.g., by a user's request via web, you should consider
+implementing existence checking and file creation as an atomic operation.
+
  5.  Add
 
     system "rm /some/path/3proxy/3proxy.lck"
 
    
-at the end of config file to remove it after configuration is successfully loaded
-
  6.  Use a dedicated version file to monitor, e.g.
+at the end of the config file to remove it after the configuration is successfully loaded
+
  7.  Use a dedicated version file to monitor, e.g.:
 
     monitor "/some/path/3proxy/3proxy.ver"
 
    
-
  8.  After config is updated, change version file for 3proxy to reload configuration,
-e.g. with "touch /some/path/3proxy/3proxy.ver".
+
  9.  After the config is updated, change the version file for 3proxy to reload the configuration,
+e.g., with "touch /some/path/3proxy/3proxy.ver".
 

 
-
Use TCP_NODELAY to speed-up connections with small amount of data

+
Use TCP_NODELAY to Speed Up Connections with Small Amounts of Data

 
-If most requests require exchange with a small amount of data in a both ways
-without the need for bandwidth, e.g. messengers or small web request,
-you can eliminate Nagle's algorithm delay with TCP_NODELAY flag. Usage example:
+If most requests require an exchange with a small amount of data in both directions
+without the need for bandwidth, e.g., messengers or small web requests,
+you can eliminate Nagle's algorithm delay with the TCP_NODELAY flag. Usage example:
 
 proxy -osTCP_NODELAY -ocTCP_NODELAY
 

 sets TCP_NODELAY for client (oc) and server (os) connections.
-
Do not use TCP_NODELAY on slow connections with high delays and then
+
Do not use TCP_NODELAY on slow connections with high delays when
 connection bandwidth is a bottleneck.
 
-
Use splice to speedup large data amount transfers

+
Use Splice to Speed Up Large Data Amount Transfers

 
-splice() allows to copy data between connections without copying to process
-addres space. It can speedup proxy on high bandwidth connections, if most
+splice() allows copying data between connections without copying to the process
+address space. It can speed up the proxy on high-bandwidth connections if most
 connections require large data transfers. Splice is enabled by default on Linux
-since 0.9, "-s0" disables splice usage. Example:
+since 0.9; "-s0" disables splice usage. Example:
 
 proxy -s0
 

-Splice is only available on Linux. Splice requires more system buffers and file descriptors,
+Splice is only available on Linux. Splice requires more system buffers and file descriptors
 and produces more IOCTLs but reduces process memory and overall CPU usage.
-Disable splice if there is a lot of short-living connections with no bandwidth
+Disable splice if there are a lot of short-lived connections with no bandwidth
 requirements.
-
Use splice only on high-speed connections (e.g. 10GBE), if processor, memory speed or
+
Use splice only on high-speed connections (e.g., 10GbE) when the processor, memory speed, or
 system bus are bottlenecks.
-
TCP_NODELAY and splice are not contrary to each over and should be combined on
+
TCP_NODELAY and splice are not contrary to each other and should be combined on
 high-speed connections.
 
-
Add grace delay to reduce system calls

+
Add Grace Delay to Reduce System Calls

 
 
proxy -g8000,3,10

-First parameter is average read size we want to keep, second parameter is
-minimal number of packets in the same direction to apply algorythm,
-last value is delay added after polling and prior to reading data.
-An example above adds 10 millisecond delay before reading data if average
-polling size is below 8000 bytes and 3 read operations are made in the same
-direction. It's specially usefule with splice. 
logdump 1 1
 is useful
-to see how grace delays work, choose delay value to avoid filling the read
-pipe/buffer (typically 64K) but keep the request sizes close to chosen average
-on large file upload/download.
+The first parameter is the average read size we want to keep, the second parameter is
+the minimal number of packets in the same direction to apply the algorithm,
+and the last value is the delay added after polling and prior to reading data.
+The example above adds a 10-millisecond delay before reading data if the average
+polling size is below 8000 bytes and 3 read operations have been made in the same
+direction. It's especially useful with splice. 
logdump 1 1
 is useful
+to see how grace delays work; choose a delay value to avoid filling the read
+pipe/buffer (typically 64K) but keep the request sizes close to the chosen average
+on large file uploads/downloads.
diff --git a/doc/html/howtoe.html b/doc/html/howtoe.html
index 5921ccf..6cd0969 100644
--- a/doc/html/howtoe.html
+++ b/doc/html/howtoe.html
@@ -1,5 +1,5 @@
for Linux or Cygwin, Makefile.Solaris* (depending on compiler version) for Solaris -and Makefile.unix for different Unix-like OS. On BSD derivered systems make -sure to use GNU make, sometimes it's called gmake instead of make. -
Compilation is tested under FreeBSD/i386, NetBSD/i386, OpenBSD/i386, -RH Linux/Alpha, Debian/i386, Gentoo/i386, Gentoo/PPC, Solaris/x86 but you -shouldn't have problems under different Solaris, BSD or linux compatible systems. -For different systems you may be required to patch Makefile or even source codes. -If you want to use ODBC support, make sure to install ODBC for unix, remove -DNOODBC -option from makefile compiler options and add ODBC library to linker variable. +and Makefile.unix for different Unix-like OSes. On BSD-derived systems, make +sure to use GNU make; sometimes it's called gmake instead of make. +
Compilation is tested under FreeBSD/i386, NetBSD/i386, OpenBSD/i386, +RH Linux/Alpha, Debian/i386, Gentoo/i386, Gentoo/PPC, Solaris/x86, but you +shouldn't have problems under different Solaris, BSD, or Linux-compatible systems. +For different systems, you may be required to patch the Makefile or even the source code. +If you want to use ODBC support, make sure to install ODBC for Unix, remove the -DNOODBC +option from the makefile compiler options, and add the ODBC library to the linker variable.

@@ -104,38 +104,38 @@ option from makefile compiler options and add ODBC library to linker variable.
  • How to install/remove 3proxy under Windows NT/2000/XP

    Unpack 3proxy.zip to any directory, for example -c:\Program Files\3proxy. If needed, create directory for storing log files, -ODBC sources, etc. Create 3proxy.cfg in the 3proxy installation directory (See Server configuration). -If you use 3proxy before 0.6 Add +c:\Program Files\3proxy. If needed, create a directory for storing log files, +ODBC sources, etc. Create 3proxy.cfg in the 3proxy installation directory (see Server configuration). +If you use 3proxy before version 0.6, add the 

     service
    -string into 3proxy.cfg. Now, start command prompt (cmd.exe). -Change directory to 3proxy installation and run 3proxy.exe --install: +string into 3proxy.cfg. Now, start a command prompt (cmd.exe). +Change to the 3proxy installation directory and run 3proxy.exe --install: 
     D:\>C:
 C:\>cd C:\Program Files\3proxy
 C:\Program Files\3proxy>3proxy.exe --install
    -Now, you should have 3proxy service installed and running. If service is not -started, remove "service" string from 3proxy.cfg, run 3proxy.exe manually +Now, you should have the 3proxy service installed and running. If the service is not +started, remove the "service" string from 3proxy.cfg, run 3proxy.exe manually and correct all errors.

    -To remove 3proxy run 3proxy --remove: +To remove 3proxy, run 3proxy --remove: 

     D:\>C:
 C:\>cd C:\Program Files\3proxy
 C:\Program Files\3proxy>net stop 3proxy
 C:\Program Files\3proxy>3proxy.exe --remove
    -Now you can simply remove 3proxy installation directory. +Now you can simply remove the 3proxy installation directory.

  • How to install/remove 3proxy under Windows 95/98/ME

    Unpack 3proxy.zip to any directory, for example -c:\Program Files\3proxy. If needed, create directory for storing log files, -ODBC sources, etc. Create 3proxy.cfg in the 3proxy installation directory (See Server configuration). -Remove string +c:\Program Files\3proxy. If needed, create a directory for storing log files, +ODBC sources, etc. Create 3proxy.cfg in the 3proxy installation directory (see Server configuration). +Remove the string 

     service
    @@ -143,26 +143,26 @@ from 3proxy.cfg and add 
     daemon
    -if you want 3proxy to run in background. -Create shortcut for 3proxy.exe and place it in autostart or add -to registry with regedit.exe: +if you want 3proxy to run in the background. +Create a shortcut for 3proxy.exe and place it in the autostart folder or add +it to the registry with regedit.exe:
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Type: String
    3proxy = "c:\Program Files\3proxy.exe" "C:\Program Files\3proxy.cfg"
    -You must use quotes if path contains space. If neccessary, restart Windows. -If service is not started, check log. Remove "daemon" command from 3proxy.cfg, +You must use quotes if the path contains spaces. If necessary, restart Windows. +If the service is not started, check the log. Remove the "daemon" command from 3proxy.cfg, start 3proxy.exe manually and correct all errors.

  • How to install/remove 3proxy under Unix/Linux

    -Complie 3proxy (see Compilation). Copy -executables to any appropriate location (for example /usr/local/3proxy/sbin +Compile 3proxy (see Compilation). Copy +executables to any appropriate location (for example, /usr/local/3proxy/sbin for servers and /usr/local/3proxy/bin for utilities). -Create /usr/local/etc/3proxy.cfg. +Create /usr/local/etc/3proxy.cfg. (see Server configuration). -You can change default configuration file location by specifing configuration file -in 3proxy command line. -Add 3proxy to system startup scripts. +You can change the default configuration file location by specifying the configuration file +in the 3proxy command line. +Add 3proxy to the system startup scripts.

    @@ -170,36 +170,36 @@ Add 3proxy to system startup scripts.

    diff --git a/doc/html/howtor.html b/doc/html/howtor.html index abb7f37..ea75aaf 100644 --- a/doc/html/howtor.html +++ b/doc/html/howtor.html @@ -219,7 +219,7 @@
  • Служба уже установлена или запущена

    -
  • Как разобраться с internal и external
    • +
  • Как разобраться с internal и external

    • Убедитесь, что выправильно понимаете что такое internal и external адреса. Оба адреса - это адреса, принадлежищие хосту, на котором установлен 3proxy. diff --git a/doc/html/index.html b/doc/html/index.html index a5b0205..10277bd 100644 --- a/doc/html/index.html +++ b/doc/html/index.html @@ -1,17 +1,17 @@ -3proxy documentation

    3proxy documentation

    -Security recommendations
    -Optimizing 3proxy for high loads
    -How To (English, very incomplete)
    -How To (Russian)
    -

    Man pages: -
    3proxy.8 -
    ftppr.8 -
    pop3p.8 -
    proxy.8 -
    smtpp.8 -
    socks.8 -
    tcppm.8 -
    tlspr.8 -
    udppm.8 -
    3proxy.cfg.3 - +3proxy documentation

    3proxy documentation

    +Security recommendations
    +Optimizing 3proxy for high loads
    +How To (English, very incomplete)
    +How To (Russian)
    +

    Man pages:

    +
    3proxy.8 +
    ftppr.8 +
    pop3p.8 +
    proxy.8 +
    smtpp.8 +
    socks.8 +
    tcppm.8 +
    tlspr.8 +
    udppm.8 +
    3proxy.cfg.3 + diff --git a/doc/html/plugins/PCREPlugin.html b/doc/html/plugins/PCREPlugin.html index fb0892a..acca2af 100644 --- a/doc/html/plugins/PCREPlugin.html +++ b/doc/html/plugins/PCREPlugin.html @@ -1,9 +1,9 @@ -

    3proxy Perl Compatible Regular Expressions (PCRE) plugin

    +

    3proxy Perl Compatible Regular Expressions (PCRE) Plugin

    -This filtering plugin can be used to create matching and replace -rules with regular expressions for client's request, client and -servers header and client and server data. It adds 3 additional +This filtering plugin can be used to create matching and replacement +rules with regular expressions for client requests, client and +server headers, and client and server data. It adds 3 additional configuration commands: 
    @@ -12,11 +12,11 @@ pcre_rewrite TYPE FILTER_ACTION REGEXP REWRITE_EXPRESSION [ACE]
 pcre_extend FILTER_ACTION [ACE]
 pcre_options OPTION1 [...]
    -pcre - allows to apply some rule for matching -
    pcre_rewrite - in addition to 'pcre' allows to substitute substrings -
    pcre_extend - extends ACL of the last pcre or pcre_rewrite comand by -adding additional ACE (like with allow/deny configuration commands). -
    pcre_options - allows to set matching options. Awailable options are: +pcre - allows applying a rule for matching +
    pcre_rewrite - in addition to 'pcre', allows substituting substrings +
    pcre_extend - extends the ACL of the last pcre or pcre_rewrite command by +adding an additional ACE (like with allow/deny configuration commands). +
    pcre_options - allows setting matching options. Available options are: PCRE_CASELESS, PCRE_MULTILINE, PCRE_DOTALL, @@ -32,7 +32,7 @@ PCRE_UTF8, PCRE_NO_AUTO_CAPTURE, PCRE_NO_UTF8_CHECK, PCRE_AUTO_CALLOUT, -PCRE_PARTIAL, +PCRE_PARTIAL, PCRE_DFA_SHORTEST, PCRE_DFA_RESTART, PCRE_FIRSTLINE, @@ -47,32 +47,31 @@ PCRE_BSR_UNICODE diff --git a/doc/html/plugins/PCREPlugin.ru.html b/doc/html/plugins/PCREPlugin.ru.html index 047079c..5835dd8 100644 --- a/doc/html/plugins/PCREPlugin.ru.html +++ b/doc/html/plugins/PCREPlugin.ru.html @@ -56,7 +56,7 @@ PCRE_BSR_UNICODE
  • srvdata - данные полученные от сервера, например содержимое HTML-страницы
  • FILTER_ACTION - действие при совпадении. Может принимать значение -
      allow - разрешить данный запрос без просмотра дальнейших правил +
      • allow - разрешить данный запрос без просмотра дальнейших правил
      • deny - запретить данный запрос без просмотра дальнейших правил
      • dunno - продолжить анализ правил (полезно для pcre_rewrite)
      @@ -87,4 +87,4 @@ pcre_extend deny * 192.168.0.1/16
      • Плагин включен в дистрибутив 3proxy 0.6
      • Пример конфигурации (by Dennis Garber): NoPornLitest.cfg -
      +
    diff --git a/doc/html/plugins/SSLPlugin.html b/doc/html/plugins/SSLPlugin.html index 4b419e9..634c4bd 100644 --- a/doc/html/plugins/SSLPlugin.html +++ b/doc/html/plugins/SSLPlugin.html @@ -1,6 +1,6 @@ -

    3proxy SSL/TLS plugin

    +

    3proxy SSL/TLS Plugin

    -Plugin can be used to transparently decypher SSL/TLS data and TLS encryption for proxy traffic. +This plugin can be used to transparently decrypt SSL/TLS data and provide TLS encryption for proxy traffic. @@ -9,35 +9,35 @@ Plugin can be used to transparently decypher SSL/TLS data and TLS encryption for
    ssl_mitm - spoof certificates for services started below. Usage without ssl_client_verify is insecure.
    ssl_nomitm - do not spoof certificates for services started below -

    To protect traffic to server (https:// proxy) - since 0.9.5 version

    +

    To protect traffic to the server (https:// proxy) - since version 0.9.5

    ssl_serv - require TLS connection for services below
    ssl_noserv - do not require TLS connection for services below Parameters: -
    ssl_server_cert /path/to/cert - Server certificate (should not be selfsigned and must contain Alternative name) for ssl_serv -
    ssl_server_key /path/to/key - Server ceritifacte key for ssl_server_cert or generated mitm certificate -
    ssl_client_ciphersuites ciphersuites_list - TLS client ciphers for TLS 1.3, e.g. ssl_client_ciphersuites TLS_AES_128_GCM_SHA256 +
    ssl_server_cert /path/to/cert - Server certificate (should not be self-signed and must contain an Alternative Name) for ssl_serv +
    ssl_server_key /path/to/key - Server certificate key for ssl_server_cert or generated MITM certificate +
    ssl_client_ciphersuites ciphersuites_list - TLS client ciphers for TLS 1.3, e.g., ssl_client_ciphersuites TLS_AES_128_GCM_SHA256
    ssl_server_ciphersuites ciphersuites_list - TLS server ciphers for TLS 1.3 -
    ssl_client_cipher_list ciphersuites_list - TLS client ciphers for TLS 1.2 and below , e.g. ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305 +
    ssl_client_cipher_list ciphersuites_list - TLS client ciphers for TLS 1.2 and below, e.g., ssl_client_cipher_list ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
    ssl_server_cipher_list ciphersuites_list - TLS server ciphers for TLS 1.2 and below -
    ssl_client_min_proto_version tls_version - TLS client min TLS version (e.g. TLSv1.2) -
    ssl_server_min_proto_version tls_version - TLS server min TLS version (e.g. TLSv1.2) -
    ssl_client_max_proto_version tls_version - TLS client max TLS version (e.g. TLSv1.2) -
    ssl_server_max_proto_version tls_version - TLS server max TLS version (e.g. TLSv1.2) -
    ssl_client_verify - verify certificate for upstream server in TLS client functionality (used with ssl_mitm) -
    ssl_client_no_verify - do not verify certificate for upstream server in TLS client functionality (default) -
    ssl_server_ca_file /path/to/cafile - CA certificate file for mitm -
    ssl_server_ca_key /path/to/cakey - key for ssl_server_ca_file mitm CA +
    ssl_client_min_proto_version tls_version - TLS client minimum TLS version (e.g., TLSv1.2) +
    ssl_server_min_proto_version tls_version - TLS server minimum TLS version (e.g., TLSv1.2) +
    ssl_client_max_proto_version tls_version - TLS client maximum TLS version (e.g., TLSv1.2) +
    ssl_server_max_proto_version tls_version - TLS server maximum TLS version (e.g., TLSv1.2) +
    ssl_client_verify - verify the certificate for the upstream server in TLS client functionality (used with ssl_mitm) +
    ssl_client_no_verify - do not verify the certificate for the upstream server in TLS client functionality (default) +
    ssl_server_ca_file /path/to/cafile - CA certificate file for MITM +
    ssl_server_ca_key /path/to/cakey - key for ssl_server_ca_file MITM CA
    ssl_client_ca_file, ssl_client_ca_dir, ssl_client_ca_store - locations for root CAs used with ssl_client_verify for TLS client -
    ssl_certcache /path/to/cache/ - location for generated mitm certificates cache, optional, if ssl_server_ca_file / ssl_server_ca_key are configured. -Cache may contain 3 files: 3proxy.pem - public -self-signed certificates (used if ssl_server_ca_file is not configured), -3proxy.key - key for public certificates, used if ssl_server_ca_keyserver.key is not configured, server.key - this key is used if ssl_server_key is not configured to generates +
    ssl_certcache /path/to/cache/ - location for the generated MITM certificates cache, optional if ssl_server_ca_file / ssl_server_ca_key are configured. +The cache may contain 3 files: 3proxy.pem - public +self-signed certificates (used if ssl_server_ca_file is not configured), +3proxy.key - key for public certificates, used if ssl_server_ca_key is not configured, server.key - this key is used if ssl_server_key is not configured to generate spoofed certificates. If server.key is absent, 3proxy.key is used to generate certificates. -Generated certificates are placed to the same path. +Generated certificates are placed in the same path. -

    mitm example:

    +

    MITM example:

     plugin /path/to/SslPlugin.dll ssl_plugin
 ssl_server_ca_file /path/to/cafile
@@ -47,7 +47,7 @@ proxy -p3128
 ssl_nomitm
 proxy -p3129
    -mitm's traffic with spoofed ceritifacate for port 3128 proxy. +MITM's traffic with a spoofed certificate for the port 3128 proxy.

    https:// proxy example:

    @@ -59,6 +59,6 @@ proxy -p33128
 ssl_noserv
 proxy -p3128
    -creates https:// proxy on 33128 and http:// proxy on 3128 +Creates an https:// proxy on port 33128 and an http:// proxy on port 3128 © Vladimir Dubrovin, License: BSD style diff --git a/doc/html/plugins/StringsPlugin.html b/doc/html/plugins/StringsPlugin.html index f0f76cc..815ae17 100644 --- a/doc/html/plugins/StringsPlugin.html +++ b/doc/html/plugins/StringsPlugin.html @@ -1,16 +1,16 @@ -

    3proxy strings substitution plugin

    -May be used to make interface more pretty or to translate proxy server -messages to different language. All messages are taken from proxy.c and -moved to external text file (e.g. rus.3ps). On the moment of -writing there are 15 sections. Sections are delimited with "[end]". +

    3proxy Strings Substitution Plugin

    +This may be used to make the interface more attractive or to translate proxy server +messages to a different language. All messages are taken from proxy.c and +moved to an external text file (e.g., rus.3ps). At the time of +writing, there are 15 sections. Sections are delimited with "[end]".

    Example:

    plugin "StringsPlugin.dll" start c:\3proxy\bin\rus.3ps

    Download:

      -
    • Plugin is included into 3proxy 0.6 binary and source distribution +
    • Plugin is included in the 3proxy 0.6 binary and source distribution
    -©Kirill Lopuchov \ No newline at end of file +© Kirill Lopuchov diff --git a/doc/html/plugins/StringsPlugin.ru.html b/doc/html/plugins/StringsPlugin.ru.html index 3917ae8..a749812 100644 --- a/doc/html/plugins/StringsPlugin.ru.html +++ b/doc/html/plugins/StringsPlugin.ru.html @@ -15,4 +15,4 @@ plugin "StringsPlugin.dll" start c:\3proxy\bin\rus-win1251.3ps

    Загрузить:

    • Плагин включен в дистрибутив 3proxy 0.6 -
    +
    • diff --git a/doc/html/plugins/TrafficPlugin.html b/doc/html/plugins/TrafficPlugin.html index dc4cb4b..3ad6324 100644 --- a/doc/html/plugins/TrafficPlugin.html +++ b/doc/html/plugins/TrafficPlugin.html @@ -1,15 +1,15 @@ -

    3proxy traffic correction plugin

    -3proxy logs and counts traffic on application level, while provider usually does -it on network or link level. It's significant if you use 3proxy for billing, -especially in case where network packets are small, e.g. network games. +

    3proxy Traffic Correction Plugin

    +3proxy logs and counts traffic at the application level, while providers usually do +so at the network or link level. This is significant if you use 3proxy for billing, +especially in cases where network packets are small, e.g., online games.

    -This plugin attempts to correct 3proxy computations to approximate network or -link level traffic by using either fixed coefficients by port number or -attempting to predict number and sizes of network packets. +This plugin attempts to correct 3proxy's computations to approximate network or +link-level traffic by using either fixed coefficients by port number or +by attempting to predict the number and sizes of network packets.

    Usage:

      -
    1. Extract TrafficPlugin.dll to the same folder with 3proxy executable. -
    2. Start plugin in 3proxy.cfg with +
    3. Extract TrafficPlugin.dll to the same folder as the 3proxy executable. +
    4. Start the plugin in 3proxy.cfg with: 
      plugin TrafficPlugin.dll start
    5. Add correction rules: @@ -17,36 +17,36 @@ attempting to predict number and sizes of network packets. FOR FIXED COEFFICIENTS MODE: 
      trafcorrect m <service> <target port> <coefficient>
      -where <service> - one of proxy, socks4, socks45, socks5, tcppm, udppm, pop3p, * matches "any". -
      <target port> - target port, * matches any +where <service> - one of proxy, socks4, socks45, socks5, tcppm, udppm, pop3p; * matches "any". +
      <target port> - target port; * matches any
      <coefficient> - coefficient to multiply traffic for this port.
      -FOR PACKET HEADER PREDICTION MODE +FOR PACKET HEADER PREDICTION MODE: 
      trafcorrect p <service> <tcp/udp> <target port> [empty packet size]
      -tcp ot udp - transport level protocol to apply rule +tcp or udp - transport-level protocol to apply the rule to
      -empty packet size - average size of "empty" packet, that is sum of average network/transport headers. -You can use network sniffer, such is Ethereal to discover it. Usually packet size -is 42 for UDP and +empty packet size - average size of an "empty" packet, i.e., the sum of average network/transport headers. +You can use a network sniffer such as Ethereal to discover it. Usually, the packet size +is 42 for UDP and
      Modes can be mixed. -
      Plugin creates a list of rules, first matching rule will be applied. +
      The plugin creates a list of rules; the first matching rule will be applied.
    -For any mode plugin approximates traffic, logged or counted amount is not exact. +For any mode, the plugin approximates traffic; the logged or counted amount is not exact.

    Example:

    plugin "TrafficPlugin.dll" start
 trafcorrect m socks5 6112 4.5
 trafcorrect m socks5 * 1.1
    -wrong usage: +Wrong usage: 
    trafcorrect m socks5 * 1.1
 trafcorrect m socks5 6112 4.5
    -second rule will never be applied. +The second rule will never be applied.

    Download:

    -©Maslov Michael aka Flexx(rus) +© Maslov Michael aka Flexx(rus) \ No newline at end of file diff --git a/doc/html/plugins/TrafficPlugin.ru.html b/doc/html/plugins/TrafficPlugin.ru.html index 9d52731..3d69e74 100644 --- a/doc/html/plugins/TrafficPlugin.ru.html +++ b/doc/html/plugins/TrafficPlugin.ru.html @@ -46,7 +46,7 @@ trafcorrect p <сервис> <tcp/udp> <исходящий пор Когда происходит окончание соединения выполняется первое подходящее правило. Подсчет трафика в любом режиме не является точным, это некоторая аппроксимация -позволяющаяподсчитать трафик с точностью до нескольких процентов. +позволяющая подсчитать трафик с точностью до нескольких процентов.

    Пример:

    @@ -66,4 +66,4 @@ trafcorrect m socks5 6112 4.5
 
    Загрузить:
    
 
      
  
    • Плагин включен в дистрибутив 3proxy 0.6
-
    
+
diff --git a/doc/html/plugins/TransparentPlugin.html b/doc/html/plugins/TransparentPlugin.html
index 0072318..93e993c 100644
--- a/doc/html/plugins/TransparentPlugin.html
+++ b/doc/html/plugins/TransparentPlugin.html
@@ -1,9 +1,9 @@
-
    3proxy TransparentPlugin plugin (Linux/BSD only)
    
+
    3proxy TransparentPlugin (Linux/BSD only)
    
 
-Plugin can turn 3proxy into transparent proxy for virtually any TCP-based protocol
+This plugin can turn 3proxy into a transparent proxy for virtually any TCP-based protocol
 and use all 3proxy features - redirections, parent proxies, ACLs, traffic limitations,
-etc. TransparentPlugin plugin takes destination IP:port from Linux and uses this
-information as a target IP in proxy. An example of usage:
+etc. The TransparentPlugin takes the destination IP:port from Linux and uses this
+information as the target IP in the proxy. An example usage:
 
 
     plugin /path/to/TransparentPlugin.ld.so transparent_plugin
@@ -19,13 +19,13 @@ notransparent
 proxy
 
    
 Now, any TCP traffic transparently redirected to port 12345 will be routed via
-parent SOCKSv5 proxy and logged, all URLs for web requests are visible in logs.
-Paremeters '127.0.0.1 11111' in this case are not used and are overwritten by
-destination IP:port for each transparent connection.
+the parent SOCKSv5 proxy and logged; all URLs for web requests are visible in logs.
+The parameters '127.0.0.1 11111' in this case are not used and are overwritten by
+the destination IP:port for each transparent connection.
 
 
    Download:
    
 
      
- 
    • Plugin included into 3proxy 0.8
-
    
+ 
  • Plugin is included in 3proxy 0.8
+
    • 
 
 © Vladimir Dubrovin, License: BSD style
diff --git a/doc/html/plugins/TransparentPlugin.ru.html b/doc/html/plugins/TransparentPlugin.ru.html
index 6347a0f..229cf13 100644
--- a/doc/html/plugins/TransparentPlugin.ru.html
+++ b/doc/html/plugins/TransparentPlugin.ru.html
@@ -28,6 +28,6 @@ HTTP-запросов по порту TCP/80 будут видны параме
 
    Загрузить:
    
 
      
  
    • Плагин включен в дистрибутив 3proxy 0.8
-
    
+
 
 © Vladimir Dubrovin, License: BSD style
diff --git a/doc/html/plugins/WindowsAuthentication.html b/doc/html/plugins/WindowsAuthentication.html
index d22d8e2..b9acaf9 100644
--- a/doc/html/plugins/WindowsAuthentication.html
+++ b/doc/html/plugins/WindowsAuthentication.html
@@ -1,33 +1,33 @@
 
-
    3proxy Windows Authentication plugin
    
-Support for cleartext authentication against Windows domain or local Windows account.
+
    3proxy Windows Authentication Plugin
    
+Support for cleartext authentication against a Windows domain or local Windows account.
 
    Usage:
    
 
      
- 
    1. Extract WindowsAuthentication.dll to the same folder with 3proxy executable.
- 
    2. Create 3ProxyAllowedGroup - Windows system group allowed to use proxy.
- You can choose different group name. Group can be either local or
+ 
    3. Extract WindowsAuthentication.dll to the same folder as the 3proxy executable.
+ 
    4. Create 3ProxyAllowedGroup - a Windows system group allowed to use the proxy.
+ You can choose a different group name. The group can be either local or
  Active Directory. Every account allowed to use 3proxy must be included in this
  group either directly or through group nesting.
- 
    5. Configure plugin with 'plugin' command in 3proxy.cfg, e.g.:
+ 
    6. Configure the plugin with the 'plugin' command in 3proxy.cfg, e.g.:
 
      
 plugin "WindowsAuthentication.dll" WindowsAuthentication "3ProxyAllowedGroup"
 
      
-
      WindowsAuthentication.dll - location of DLL, if DLL is located in different folder
-from 3proxy.exe you must specify complete path to DLL here. 3ProxyAllowedGroup - Windows
+
      WindowsAuthentication.dll - location of the DLL; if the DLL is located in a different folder
+from 3proxy.exe, you must specify the complete path to the DLL here. 3ProxyAllowedGroup - the Windows
 system group allowed to use 3proxy.
-After plugin is loaded, 'windows' authentication type is supported.
+After the plugin is loaded, the 'windows' authentication type is supported.
 
  
    7. Configure 'auth windows' for services that require Windows authentication.
- 
    8. It's recommended you also configure authentication caching (see 'authcache'),
- to prevent excessive workload for domain controller. Example:
+ 
    9. It is recommended that you also configure authentication caching (see 'authcache')
+ to prevent excessive workload on the domain controller. Example:
 
        authcache user,pass 900
  auth cache windows
 
      
 
- 
    10. NTLM authentication is not currently supported for plugins, you should use proxy -n key to disable it.
+ 
    11. NTLM authentication is not currently supported for plugins; you should use the proxy -n switch to disable it.
 
    
 
    Download:
    
 
      
- 
    • Plugin is included into 3proxy 0.6 binary and source distribution
-
    
\ No newline at end of file
+ 
  • Plugin is included in the 3proxy 0.6 binary and source distribution
+
    • 
\ No newline at end of file
diff --git a/doc/html/plugins/WindowsAuthentication.ru.html b/doc/html/plugins/WindowsAuthentication.ru.html
index e087690..b8f4bfe 100644
--- a/doc/html/plugins/WindowsAuthentication.ru.html
+++ b/doc/html/plugins/WindowsAuthentication.ru.html
@@ -31,5 +31,5 @@ auth windows
 
    Загрузить:
    
 
      
  
    • Плагин включен в дистрибутив 3proxy 0.6
-
    
+
 
diff --git a/doc/html/securityen.html b/doc/html/securityen.html
index 1be0d0c..81ff3e3 100644
--- a/doc/html/securityen.html
+++ b/doc/html/securityen.html
@@ -1,35 +1,33 @@
-
    3proxy security considirations
    
-
+
    3proxy Security Considerations
    
 
      
-
    • Never install 3proxy suid. If you need it to run suid write some
-wrapper with fixed configuration file.
-
    • Make configuration file only available to account 3proxy starts with.
-
    • Under Windows if 3proxy is used as service create new
-unprivileged local account without "logon locally" right. Assign this account
-to 3proxy service.
-
    • Under unix use chroot to jail 3proxy (make sure files included in
-configuration file after 'chroot' command, if any, are available from jail)
-
    • Under Unix, either start 3proxy with unprivileged account or, if you need
+
    • Never install 3proxy suid. If you need it to run suid, write a
+wrapper with a fixed configuration file.
+
    • Make the configuration file accessible only to the account 3proxy starts with.
+
    • Under Windows, if 3proxy is used as a service, create a new
+unprivileged local account without "logon locally" rights. Assign this account
+to the 3proxy service.
+
    • Under Unix, use chroot to jail 3proxy (make sure files included in
+the configuration file after the 'chroot' command, if any, are available from within the jail).
+
    • Under Unix, either start 3proxy with an unprivileged account or, if you need
 some privileged ports to be used by 3proxy, use setgid/setuid commands inside
-3proxy.cfg immediately after last occurance of service binded to
-privileged port in configuration file (setgid must preceed setuid).
-
    • Allways use full paths in configuration file
+3proxy.cfg immediately after the last occurrence of a service bound to a
+privileged port in the configuration file (setgid must precede setuid).
+
    • Always use full paths in the configuration file.
 
    • Try to avoid 'strong' authentication, because only cleartext
-authentication method is currently available.
+authentication is currently available.
 
    • Always specify internal and external interfaces.
-
    • Always limit connections to internal network and localhost (to 127.0.0.1 and
-all interfaces) with ACLs. Be carefull, because BIND command in SOCKS requies
-BIND method with external interface IP address to be allowed.
-
    •  Before 3proxy 0.8 always use nserver and nscache under Unix, overwise DoS attack is possible
-with unreachable DNS server (because gethostbyname will block over threads).
-
    • Keep logs in secure location, because some confidential information from
-user's request can be logged.
+
    • Always limit connections to the internal network and localhost (to 127.0.0.1 and
+all interfaces) with ACLs. Be careful, because the BIND command in SOCKS requires the
+BIND method with the external interface IP address to be allowed.
+
    • Before 3proxy 0.8, always use nserver and nscache under Unix; otherwise, a DoS attack is possible
+with an unreachable DNS server (because gethostbyname will block other threads).
+
    • Keep logs in a secure location, because some confidential information from
+user requests can be logged.
 
    • Use -xyz+A character filtering sequences for 'logformat', especially with
-ODBC logging to prevent SQL and log record injections. 
-
    • Immediately report all service crashes to developers
+ODBC logging, to prevent SQL and log record injections.
+
    • Immediately report all service crashes to the developers.
 
    • Participate in code audit :)
-
- 
 
    
+
 
    
 
diff --git a/doc/ru/example1.txt b/doc/ru/example1.txt
index 7c426a8..5b34c4e 100644
--- a/doc/ru/example1.txt
+++ b/doc/ru/example1.txt
@@ -3,26 +3,26 @@ KOI8-R
 Kirill Lopuchov, lopuchov at mail ru
 
 <3proxy>
-          Internet-   ( , Internet-).    ,   Internet- proxy-,  NAT (  )      IP .
+Довольно часто перед системным администратором встает задача предоставить доступ к Internet-ресурсам группе пользователей (небольшой офис, Internet-кафе). Данную задачу можно решить, настроив на Internet-шлюзе proxy-сервер, службу NAT (трансляция сетевых адресов) или раздать каждому пользователю реальный IP адрес.
 
-      -  proxy-.       proxy Squid,          :),    squid       SOCKS4/5-, TCP/UP -.        PROXY-,   "3proxy" (http://3proxy.ru/),     .  .          .    ,      Win9x/2000/XP    Linux  FreeBSD.
+Давайте рассмотрим самый простой способ подключения - установку proxy-сервера. Традиционно для этих целей применяется популярный proxy Squid, но не всегда бывает необходимость в столь тяжеловатой программе :), да и в squid отсутствуют такие иногда необходимые вещи как SOCKS4/5-сервер, TCP/UP порт-маппинг. Поэтому вторым номером хочется представить вашему вниманию PROXY-сервер, под названием "3proxy" (http://3proxy.ru/), разработанный нашим программистом из г. Нижний Новгород. Одним из главных его достоинств является компактность и высокая переносимость. Код сервера написан так, что легко компилируется как для Win9x/2000/XP так и для Linux и FreeBSD.
 
-   :
+Сервер поддерживает следующие возможности:
 
 HTTP(S) proxy;
 FTP over HTTP proxy;
 SOCKS4/5 proxy;
 POP3 proxy;
-TCP & UDP  ;
-      ;
-      (     ,       :) ); 
-    ,   ;
-    proxy-       ip ;
-   ODBC (-,      proxy)  syslog  . . 
+TCP & UDP маппинг портов;
+листы доступа к различным службам и адресам;
+ограничение пропускной способности канала каждого пользователя (чтобы пользователь не съел весь канал, качая кучу файлов в несколько потоков :) ); 
+ограничение трафика пользователя на день, неделю и месяц;
+авторизацию пользователей ко всем proxy-службам по имени и паролю или по ip адресам;
+ведение журналов через ODBC (по-моему, такого нет ни в одном proxy) и syslog и т. д. 
 
-       :-|.     Inernet-     (    )     -   25%         .   ,     ,      2-         wwwoffle   ,       3proxy :)
+К недостаткам можно отнести отсутствие кэширования информации :-|. Но в последнее время Inernet-контент становится все более динамичным (то есть не поддающийся кэшированию) и может быть для кого-то экономия в 25% трафика за счет его кэширования не будет столь критична. Для тех пользователей, кому она может оказаться критичной, автор предлагает использовать цепочку из 2-х серверов и в качестве кэша такие сервера как wwwoffle или им подобные, либо ждать появления поддержки кеша в 3proxy :)
 
-
+Установка
 
 # wget http://3proxy.ru/current/3proxy.tgz
 # tar -xvzf 3proxy.tgz
@@ -35,64 +35,64 @@ TCP & UDP 
 # touch /usr/local/3proxy/3proxy.cfg
 # chown -R nobody:nogroup /usr/local/3proxy 
 
-      3proxy.cfg  
-,       
-  3proxy.cfg.sample   
+Далее приведу небольшой пример конфигурационного файла 3proxy.cfg с 
+комментариями, более подробную информацию по конфигурированию можно 
+найти файле 3proxy.cfg.sample или в 
 HowTo http://3proxy.ru/howtor.asp
- FAQ http://3proxy.ru/faqr.asp
+и FAQ http://3proxy.ru/faqr.asp
 
 -------------3proxy.cfg-------------
-#  !!    
-#     !!
+# ВНИМАНИЕ !! не должны быть пробелов
+# перед любыми опциями конфигурации !!
 
-# ip- DNS-   
+# ip-адрес DNS-сервера провайдера или локального
 nserver 127.0.0.1
 timeouts 1 5 30 60 180 1800 15 60
 
-#    vasia, petia  vova 
-#     24555, 14656  45455 
+# Создаем двух пользователей vasia, petia и vova 
+# и назначаем им пароли 24555, 14656 и 45455 соответственно
 users vasia:CL:24555
 users petia:CL:14656
 users vova:CL:45455
 
-# -     
-#     
+# Лог-файл со списком запросов пользователей 
+# будет создаваться каждый день новый
 log /usr/local/3proxy/logs/3proxy.log D
 logformat "%d-%m-%Y %H:%M:%S %U %C:%c %R:%r %O %I %T"
 
-#  ,
-#       
+# Внешний интерфейс,
+# через который будут уходить запросы от сервера
 external 10.1.1.1
 
-# ip- ,     
-#   
+# ip-адрес интерфейса, на котором будут приниматься 
+# запросы от клиентов
 internal 192.168.1.1
 
-#       
+# Устанавливаем тип авторизации по имени и паролю
 auth strong
-#     80,8080-8088
+# Разрешаем доступ к портам 80,8080-8088
 allow * * * 80,8080-8088
-#   parent,       
-#    ip, ,        
+# Расскоментировать секцию parent, если у вас есть прокси верхнего 
+# уровня и заменить ip, порт, имя пользователя и пароль на свои значения 
 # parent 1000 http 192.168.0.1 8080 username passwd
 # allow *
-#   HTTP-proxy   (3128)  
-# (-n) c  NTLM-)
+# Запускаем службу HTTP-proxy на порту (3128) и 
+# (-n) c отключенной NTLM-авторизацией)
 proxy -p3128 -n
 
-#      
-# vasia  petia  20000 bps,
-#   vova 10000 bps
+# Ограничиваем толшину канала для пользователей 
+# vasia и petia в 20000 bps,
+# а для vova 10000 bps
 bandlimin 20000 vasia,petia
 bandlimin 10000 vova 
 
-#     nobody 
-# (    uid  gid  nobody
-#  .      id nobody) 
+# Запускаем сервер от пользователя nobody 
+# (возможно в вашей ОС uid и gid пользователя nobody
+# будут другими. Для их определения воспользуйтесь коммандой id nobody) 
 setgid 65534
 setuid 65534
 ------------------------------------
 
-       ,  3proxy :
+После того как мы создали конфигурационный файл сервера, запускаем 3proxy командой:
 /usr/local/3proxy/3proxy /usr/local/3proxy/3proxy.cfg
 
diff --git a/doc/ru/iodbc.txt b/doc/ru/iodbc.txt
index 627bb3e..4b39521 100644
--- a/doc/ru/iodbc.txt
+++ b/doc/ru/iodbc.txt
@@ -2,9 +2,9 @@ KOI8-R
 
 Kirill Lopuchov, lopuchov at mail ru
 
-    SQL-       . 3proxy     ODBC-    ,  ODBC-.     -   Windows, ,  ,    Unix.       FreeBSD      SQLite.         ,         (         mysql   postgresql     odbc-)
+Ведение логов сервера в SQL-базе имеет свои приемущества перед обычными текстовыми файлами. 3proxy поддерживает ведение логов через ODBC-менеджер в любой базе данных, имеющих ODBC-драйвер. Этот менеджер стал стандартом де-факто в среде Windows, чего, к сожалению, не скажешь про Unix. Поэтому далее  рассмотрим на примере FreeBSD настройку ведения логов в базе SQLite. Эта  база данных выбрана в качестве примера потому,  что она проста в установке и настроке (в принципе настройка ведения логов в любой другой базе mysql или  postgresql отличается только настройкой его odbc-драйвера)
  
-  SQLite
+ Устанавливаем SQLite
 wget http://www.sqlite.org/sqlite-2.8.14.tar.gz
 tar -xvzf sqlite-2.8.14.tar.gz
 cd sqlite 
@@ -12,7 +12,7 @@ cd sqlite
 gmake 
 gmake install
 
-  iODBC 
+ Устанавливаем iODBC менеджер
 wget http://www.iodbc.org/libiodbc-3.51.2.tar.gz
 tar -xvzf libiodbc-3.51.2.tar.gz
 cd libiodbc-3.51.2
@@ -20,24 +20,24 @@ cd libiodbc-3.51.2
 make 
 make install
 
-  odbc  SQLite
+ Устанавливаем odbc драйвер SQLite
 wget http://www.ch-werner.de/sqliteodbc/sqliteodbc-0.62.tar.gz
 tar -xvzf sqliteodbc-0.62.tar.gz
 cd sqliteodbc-0.62
 
 ./configure
-     configure   : 
+ Если у вас скрипт configure выдал ошибку : 
  (configure: error: SQLite library too old)
-     ,  (SQLITE_COMPILE=1
-  . 5092   if endif)   configure
+ то ее можно попробовать обойти, вставив (SQLITE_COMPILE=1
+ в стр. 5092 после условия if endif) в файле configure
 make 
 make install
 
 
-     iODBC  
- /etc/odbcinst.ini  /etc/odbc.ini
+ Далее настраиваем записи для iODBC менеджера в
+файлах /etc/odbcinst.ini и /etc/odbc.ini
 
- odbc  
+Настраиваем odbc драйвер 
 --------------/etc/odbcinst.ini-------------
 [ODBC Drivers]
 SQLite=Installed
@@ -46,8 +46,8 @@ SQLite=Installed
 Driver=/usr/local/lib/libsqliteodbc.so
 ---------------------------------------
 
- DSN   c  "sqlite",   
-  : /usr/local/3proxy/logs.db
+Создаем DSN для базы c именем "sqlite", которая будет 
+располагаться в каталоге: /usr/local/3proxy/logs.db
 
 --------------/etc/odbc.ini----------------
 [ODBC Data Sources]
@@ -61,8 +61,8 @@ Database=/usr/local/3proxy/logs.db
 Timeout=2000
 ---------------------------------------
 
-        (logformat 
-.   3proxy.cfg.sample )
+Создаем базу для логов и таблицу в формате (logformat 
+см. описание в 3proxy.cfg.sample )
 
 sqlite /usr/local/3proxy/logs.db
 
@@ -79,7 +79,7 @@ sqlite>create table log (
    ...>);
 
 
-      3proxy.cfg
+Добавляем следующие записи в конфигурационный файл 3proxy.cfg
 ---------------3proxy.cfg-----------------   
 log &sqlite
 
@@ -88,12 +88,12 @@ l_descr)
 values ('%d-%m-%Y', '%H:%M:%S', '%U', '%N', %I, %O, '%T')"
 ------------------------------------------
 
-C 3proxy c  iODBC,    Makefile.unix 
+Cобрать 3proxy c поддрежкой iODBC, для этого в Makefile.unix поменять
  
 CFLAGS = -Wall -O2 -c -pthread -D_THREAD_SAFE -D_REENTRANT -DWITH_STD_MALLOC -I/usr/local/include
 LIBS = -L /usr/local/lib -lodbc
 
-  
+и дать команды
 
 make clean
 make -f Makefile.unix
diff --git a/doc/ru/odbc.txt b/doc/ru/odbc.txt
index d0ca46a..31027d4 100644
--- a/doc/ru/odbc.txt
+++ b/doc/ru/odbc.txt
@@ -1,6 +1,6 @@
 Eugene: Re: 3proxy 0.6 + iODBC + PostgreSQL  22.11.2007 19:04:23
- 	 	 	 	 	-    .
-1.    unixODBC.
+ 	 	 	 	 	Наконец-то я разобрался и запустил.
+1. Я использовал пакет unixODBC.
 2. /etc/unixODBC/odbc.ini
 [proxy]
 Description             = PostgreSQL ODBC driver
@@ -12,7 +12,7 @@ ServerName              = localhost
 Description             = PostgreSQL ODBC driver
 Driver          = /usr/local/lib/psqlodbcw.so
 Setup           = /usr/lib/libodbcpsqlS.so
-4.   psqlodbc-08.02.0500,   postgresql.org ( psqlodbcw.so).
+4. Собирал вручную psqlodbc-08.02.0500, слитый с postgresql.org (получился psqlodbcw.so).
 5. 3proxy.conf
 log &proxy,logger,123
 logformat "LINSERT INTO logger (ldatetime,username,userip,trafin,trafout,service,host,port,
@@ -20,9 +20,9 @@ url) VALUES ('%Y-%m-%d %H:%M:%S','%U','%C',
 '%I','%O','%N',
 '%n','%r','%T');"
 
-      odbc.ini    -     ODBC.
- libiodbc    -    libiodbc.so.
+То есть пароли и логины в odbc.ini прописывать не надо - система падает на драйвере ODBC.
+Использовать libiodbc тоже не надо - система падает на libiodbc.so.
 
-    unixODBC + psqlodbc  postgresql.org,   -DSAFESQL,    .
- myodbc + unixODBC    .
-,   ;) 
\ No newline at end of file
+Все вышесказанное справедливо для unixODBC + psqlodbc производства postgresql.org, как с -DSAFESQL, так и без оного.
+С myodbc + unixODBC проблем не наблюдалось никаких.
+Шаманство, в общем ;) 
\ No newline at end of file
diff --git a/man/3proxy.8 b/man/3proxy.8
index 66cd39e..fc13b94 100644
--- a/man/3proxy.8
+++ b/man/3proxy.8
@@ -14,18 +14,18 @@ server
 .RI [ \-\-remove ]
 .SH DESCRIPTION
 .B 3proxy
-is universal proxy server. It can be used to provide internal users wuth
+is a universal proxy server. It can be used to provide internal users with
 fully controllable access to external resources or to provide external
 users with access to internal resources. 3proxy is not developed to replace
 .BR squid (8),
-but it can extend functionality of existing cashing proxy.
+but it can extend the functionality of an existing caching proxy.
 It can be used to route requests between different types of clients and proxy
 servers. Think about it as application level
 gateway with configuration like hardware router has for network layer.
 It can establish multiple
 gateways with HTTP and HTTPS proxy with FTP over HTTP support, SOCKS v4,
 v4.5 and v5, POP3 proxy, UDP and TCP portmappers. Each gateway is started
-from configuration file like independant service 
+from the configuration file like an independent service 
 .BR proxy (8)
 .BR socks (8)
 .BR pop3p (8)
@@ -35,24 +35,24 @@ from configuration file like independant service
 .BR dnspr
 but
 .BR 3proxy
-is not a kind of wrapper or superserver for this daemons. It just has same
+is not a kind of wrapper or superserver for these daemons. It just has the same
 code compiled in, but provides much more functionality. SOCKSv5
-implementatation allows to use 3proxy with any UDP or TCP based client
+implementation allows you to use 3proxy with any UDP or TCP based client
 applications designed without
 proxy support (with
 .IR SocksCAP ,
 .I FreeCAP
-or another client-side redirector under Windows of with socksification library
-under Unix). So you can play your favourite games, listen music, exchange
-files and messages and even accept incoming connections behind proxy server.
+or another client-side redirector under Windows or with a socksification library
+under Unix). So you can play your favourite games, listen to music, exchange
+files and messages and even accept incoming connections behind a proxy server.
 .PP
 .I dnspr
-does not exist as independant service. It\' DNS caching proxy (it requires
+does not exist as an independent service. It's a DNS caching proxy (it requires
 .I nscache
 and
 .I nserver
-to be set in configuration. Only A-records are cached. Please note, the
-this caching is mostly a 'hack' and has nothing to do with real
+to be set in the configuration. Only A-records are cached. Please note that
+this caching is mostly a 'hack' and has nothing to do with a real
 DNS server, but it works perfectly for SOHO networks.
 
 .PP
@@ -65,9 +65,9 @@ NetBIOS name for Windows clients (it\'s very like ident authentication).
 Depending on ACL action request can be allowed, denied or redirected to another
 host or to another proxy server or even to a chain of proxy servers.
 .PP
-It supports different types of logging: to logfiles, 
+It supports different types of logging: to logfiles,
 .BR syslog (3)
-(only under Unix) or to ODBC database. Logging format is turnable to provide
+(only under Unix) or to an ODBC database. Logging format is tunable to provide
 compatibility with existing log file parsers. It makes it possible to use
 3proxy with IIS, ISA, Apache or Squid log parsers.
 .SH OPTIONS
@@ -77,12 +77,12 @@ Name of config file. See
 .BR 3proxy.cfg (3)
 for configuration file format. Under Windows, if config_file is not specified,
 .BR 3proxy
-looks for file named
+looks for a file named
 .I 3proxy.cfg
-in the default location (in same directory with executable file and in current
+in the default location (in the same directory as the executable file and in the current
 directory). Under Unix, if no config file is specified, 3proxy reads
-configuration from stdin. It makes it possible to use 3proxy.cfg file as
-executable script just by setting +x mode and adding
+configuration from stdin. It makes it possible to use the 3proxy.cfg file as
+an executable script just by setting +x mode and adding
 .br
 #!/usr/local/3proxy/3proxy
 .br
@@ -98,28 +98,28 @@ as a system service
 .BR 3proxy
 from system services
 .SH SIGNALS
-Under Unix there are few signals
+Under Unix there are a few signals
 .BR 3proxy
 catches. See
 .BR kill (1).
 .TP
 .B SIGTERM
-cleanup connections and exit
+clean up connections and exit
 .TP
 .B SIGPAUSE
-stop to accept new connections, on second signal - start and re-read
+stop accepting new connections, on second signal - start and re-read
 configuration
 .TP
 .B SIGCONT
-start to accept new conenctions
+start to accept new connections
 .TP
 .B SIGUSR1
 reload configuration
 .PP
 Under Windows, if
 .BR 3proxy
-is installed as service you can standard service management to start, stop,
-pause and continue 3proxy service, for example:
+is installed as a service you can use standard service management to start, stop,
+pause and continue the 3proxy service, for example:
 .br
 .BR "net start 3proxy"
 .br
diff --git a/man/3proxy.cfg.3 b/man/3proxy.cfg.3
index 042da67..212db94 100644
--- a/man/3proxy.cfg.3
+++ b/man/3proxy.cfg.3
@@ -6,9 +6,9 @@
  Common structure:
 .br
  Configuration file is a text file 3proxy reads configuration from. Each line
-of the file is a command executed immediately, as it was given from
-console. Sequence of commands is important. Configuration file as actually a
-script for 3proxy executable.
+of the file is a command executed immediately, as if it were given from the
+console. The sequence of commands is important. The configuration file is actually a
+script for the 3proxy executable.
 Each line of the file is treated as a blank (space or tab) separated
 command line. Additional space characters are ignored. 
 Think about 3proxy as "application level router" with console interface.
@@ -16,16 +16,16 @@ Think about 3proxy as "application level router" with console interface.
 .br
  Comments:
 .br
- Any string beginning with space character or \'#\' character is comment. It\'s
-ignored. s are ignored.  is end of command.
+ Any line beginning with a space character or \'#\' character is a comment. It\'s
+ignored. s are ignored.  is the end of a command.
 
 .br
  Quotation:
 .br
- Quotation character is " (double quote). Quotation must be used to quote
-spaces or another special characters. To use quotation character inside
-quotation character must be dubbed (BASIC convention). For example to use
-HELLO "WORLD" as an argument you should use it as "HELLO ""WORLD""".
+ The quotation character is " (double quote). Quotation must be used to quote
+spaces or other special characters. To use a quotation character inside
+a quoted string, the character must be doubled (BASIC convention). For example, to use
+HELLO "WORLD" as an argument, you should write it as "HELLO ""WORLD""".
 Good practice is to quote any argument you use.
 
 .br
@@ -37,7 +37,7 @@ to file, for example $/usr/local/etc/3proxy/conf.incl or
 required in last example because path contains space character. 
 For included file  (end of line characters) is treated as space character
 (arguments delimiter instead of end of command delimiter). 
-Thus, include files are only useful to store long signle-line commands
+Thus, include files are only useful to store long single-line commands
 (like userlist, network lists, etc).
 To use dollar sign somewhere in argument it must be quoted. 
 Recursion is not allowed.
@@ -120,7 +120,7 @@ disable NTLM authentication (required if passwords are stored in Unix crypt form
 enable NTLMv1 authentication.
 .br
 .B -g(GRACE_TRAFF,GRACE_NUM,GRACE_DELAY)
-delay GRACE_DELAY  milliseconds before polling if average polling size below  GRACE_TRAFF bytes and GRACE_NUM read operations in single directions are detected within 1 second. Useful to minimize polling
+delay GRACE_DELAY milliseconds before polling if average polling size is below GRACE_TRAFF bytes and GRACE_NUM read operations in a single direction are detected within 1 second. Useful to minimize polling
 .B -s
  (for admin) secure, allow only secure operations, currently only traffic counters
 view without ability to reset.
@@ -142,7 +142,7 @@ Never ask for username/password
 (for proxy) anonymous proxy (random client information reported)
 .br
 .B -a2
-(for proxy) generate Via: and X-Forwared-For: instead of Forwarded:
+(for proxy) generate Via: and X-Forwarded-For: instead of Forwarded:
 .br
 .B -6
 Only resolve IPv6 addresses. IPv4 addresses are packed in IPv6 in IPV6_V6ONLY compatible way.
@@ -167,17 +167,17 @@ options for proxy-to-client (oc), proxy-to-server (os), proxy listening (ol), co
 Options like TCP_CORK, TCP_NODELAY, TCP_DEFER_ACCEPT, TCP_QUICKACK, TCP_TIMESTAMPS, USE_TCP_FASTOPEN, SO_REUSEADDR, SO_REUSEPORT, SO_PORT_SCALABILITY, SO_REUSE_UNICASTPORT, SO_KEEPALIVE, SO_DONTROUTE may be supported depending on OS.
 .br
 .B -DiINTERFACE, -DeINTERFACE
-bind internal interface / external inteface to given INTERFACE (e.g. eth0) if SO_BINDTODEVICE supported by system. You may need to run as root or to have CAP_NET_RAW capability in order to bind to interface, depending on system, so this option may require root privileges and can be incompatible with some configuraton commands like chroot and setuid (and daemon if setcap is used).
+bind internal interface / external interface to given INTERFACE (e.g. eth0) if SO_BINDTODEVICE is supported by the system. You may need to run as root or have CAP_NET_RAW capability in order to bind to an interface, depending on the system, so this option may require root privileges and can be incompatible with some configuration commands like chroot and setuid (and daemon if setcap is used).
 .br
 .B -e
-External address. IP address of interface proxy should initiate connections
+External address. IP address of the interface the proxy should initiate connections
 from. External IP must be specified if you need incoming connections.
-By default system will deside which address to use in accordance
-with routing table.
+By default the system will decide which address to use in accordance
+with the routing table.
 .br
 .B -i
-Internal address. IP address proxy accepts connections to.
-By default connection to any interface is accepted. 
+Internal address. IP address the proxy accepts connections to.
+By default, connections to any interface are accepted. 
 .br
 .B -N
 (for socks) External NAT address 3proxy reports to client for BIND and UDPASSOC
@@ -298,7 +298,7 @@ with space and all time based elemnts are in local time zone.
 .br
   %m Month number
 .br
-  %o Month abbriviature
+  %o Month abbreviation
 .br
   %d Day
 .br
@@ -308,17 +308,17 @@ with space and all time based elemnts are in local time zone.
 .br
   %S Second
 .br
-  %t Timstamp (in seconds since 01-Jan-1970)
+  %t Timestamp (in seconds since 01-Jan-1970)
 .br
   %. milliseconds
 .br
-  %z timeZone (from Grinvitch)
+  %z time zone (from Greenwich)
 .br
   %D request duration (in milliseconds)
 .br
-  %b average send rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
+  %b average send rate per request (in bytes per second); this speed is typically below the connection speed shown by the download manager.
 .br
-  %B average receive rate per request (in Bytes per second) this speed is typically below connection speed shown by download manager.
+  %B average receive rate per request (in bytes per second); this speed is typically below the connection speed shown by the download manager.
 .br
   %U Username
 .br
@@ -354,9 +354,9 @@ with space and all time based elemnts are in local time zone.
 .br
   %T service specific Text
 .br
-  %N1-N2T (N1 and N2 are positive numbers) log only fields from N1 thorugh N2 of service specific text
+  %N1-N2T (N1 and N2 are positive numbers) log only fields from N1 through N2 of service-specific text
 .br
- in the case of ODBC logging logformat specifies SQL statement, for exmample:
+ In the case of ODBC logging, logformat specifies an SQL statement, for example:
 .br
  logformat "-\'+_Linsert into log (l_date, l_user, l_service, l_in, l_out, l_descr) values (\'%d-%m-%Y %H:%M:%S\', \'%U\', \'%N\', %I, %O, \'%T\')"
 
@@ -441,8 +441,8 @@ performed over TCP.
 
 .br
  Cache  records for name resolution (nscache for IPv4,
-nscache6 for IPv6). Cachesize usually should be large enougth
-(for example 65536).
+nscache6 for IPv6). The cache size should usually be large enough
+(for example, 65536).
 
 .br
 .B nsrecord
@@ -457,8 +457,8 @@ command to set up UDL for dialing.
 .br
 .B fakeresolve
 .br
- All names are resolved to 127.0.0.2 address. Usefull if all requests are
-redirected to parent proxy with http, socks4+, connect+ or socks5+.
+ All names are resolved to the 127.0.0.2 address. Useful if all requests are
+redirected to a parent proxy with http, socks4+, connect+ or socks5+.
 
 .br
 .B dialer
@@ -491,8 +491,8 @@ External or -e can be given twice: once with IPv4 and once with IPv6 address.
 .B maxconn
 
 .br
- sets maximum number of simulationeous connections to each service
-started after this command on network level. Default is 100.
+ sets the maximum number of simultaneous connections to each service
+started after this command at the network level. Default is 100.
 .br
  To limit clients, use connlim instead. maxconn will silently ignore
 new connections, while connlim will report back to the client that
@@ -507,17 +507,17 @@ the connection limit has been reached.
 .br
 .B service
 .br
- (depricated). Indicates 3proxy to behave as Windows 95/98/NT/2000/XP
-service, no effect for Unix. Not required for 3proxy 0.6 and above. If
-you upgraded from previous version of 3proxy use --remove and --install
-to reinstall service.
+ (deprecated). Indicates that 3proxy should behave as a Windows 95/98/NT/2000/XP
+service; has no effect under Unix. Not required for 3proxy 0.6 and above. If
+you upgraded from a previous version of 3proxy, use --remove and --install
+to reinstall the service.
 
 .br
 .B daemon
 .br
- Should be specified to close console. Do not use \'daemon\' with \'service\'.
-At least under FreeBSD \'daemon\' should preceed any proxy service
-and log commands to avoid sockets problem. Always place it in the beginning
+ Should be specified to close the console. Do not use \'daemon\' with \'service\'.
+At least under FreeBSD, \'daemon\' should precede any proxy service
+and log commands to avoid socket problems. Always place it in the beginning
 of the configuration file.
 
 .br
@@ -528,8 +528,8 @@ of the configuration file.
 .br
  none - no authentication or authorization required.
 .br
- Note: is auth is none any ip based limitation, redirection, etc will not work. 
-This is default authentication type
+ Note: if auth is none, any IP-based limitation, redirection, etc. will not work.
+This is the default authentication type
 .br
  iponly - authentication by access control list with username ignored.
  Appropriate for most cases
@@ -538,11 +538,11 @@ This is default authentication type
 authorization by ACLs. Useful for e.g. SOCKSv4 proxy and icqpr (icqpr set UIN /
 AOL screen name as a username)
 .br
- dnsname - authentication by DNS hostnname with authorization by ACLs.
-DNS hostname is resolved via PTR (reverse) record and validated (resolved
-name must resolve to same IP address). It\'s recommended to use authcache by
-ip for this authentication.
-NB: there is no any password check, name may be spoofed.
+ dnsname - authentication by DNS hostname with authorization by ACLs.
+The DNS hostname is resolved via a PTR (reverse) record and validated (the resolved
+name must resolve to the same IP address). It\'s recommended to use authcache by
+IP for this authentication.
+NB: there is no password check; the name may be spoofed.
 .br
  strong - username/password authentication required. It will work with
 SOCKSv5, FTP, POP3 and HTTP proxy. 
@@ -554,23 +554,23 @@ SOCKSv5, FTP, POP3 and HTTP proxy.
  Plugins may add additional authentication types.
 
 .br
- It\'s possible to use few authentication types in the same commands. E.g.
+ It\'s possible to use multiple authentication types in the same command. E.g.
 .br
  auth iponly strong
 .br
- In this case \'strong\' authentication will be used only in case resource
-access can not be performed with \'iponly\' authentication, that is username is
-required in ACL. It\'s usefull to protect access to some resources with
-password allowing passwordless access to another resources, or to use
-IP-based authentication for dedicated laptops and request username/password for
+ In this case, \'strong\' authentication will be used only if resource
+access cannot be performed with \'iponly\' authentication, that is, a username is
+required in the ACL. It\'s useful to protect access to some resources with
+a password while allowing passwordless access to other resources, or to use
+IP-based authentication for dedicated laptops and request a username/password for
 shared ones.
 
 .br
 .B authcache
  
 .br
- Cache authentication information to given amount of time (cachetime) in seconds.
-Cahtype is one of:
+ Cache authentication information for a given amount of time (cachetime) in seconds.
+Cachetype is one of:
 .br
  ip - after successful authentication all connections during caching time
 from same IP are assigned to the same user, username is not requested.
@@ -603,10 +603,10 @@ Use auth type \'cache\' for cached authentication
 allowed. Usernames are case sensitive (if used with authtype nbname
 username must be in uppercase). Source and target lists may contain
 IP addresses (W.X.Y.Z), ranges A.B.C.D - W.X.Y.Z (since 0.8) or CIDRs (W.X.Y.Z/L). 
-Since 0.6, targetlist may also contain host names,
-instead of addresses. It\'s possible to use wildmask in
-the begginning and in the the end of hostname, e.g. *badsite.com or *badcontent*.
-Hostname is only checked if hostname presents in request.
+Since 0.6, the targetlist may also contain host names,
+instead of addresses. It\'s possible to use a wildmask in
+the beginning and at the end of the hostname, e.g. *badsite.com or *badcontent*.
+The hostname is only checked if a hostname is present in the request.
 Targetportlist may contain ports (X) or port ranges lists (X-Y). For any field *
 sign means ANY. If access list is empty it\'s assumed to be
 .br
@@ -657,14 +657,14 @@ to appropriate interface only or to use ip filters.
  FTP_LIST FTP list request
 .br
  FTP_DATA FTP data connection. Note: FTP_DATA requires access to dynamic
-non-ptivileged (1024-65535) ports on remote side.
+non-privileged (1024-65535) ports on the remote side.
 .br
  FTP matches any FTP/FTP Data request
 .br
  ADMIN access to administration interface
 
 .br
- Weeksdays are week days numbers or periods, 0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday.
+ Weekdays are week day numbers or periods, 0 or 7 means Sunday, 1 is Monday, 1-5 means Monday through Friday.
 .br
  Timeperiodlists is a list of time
 periods in HH:MM:SS-HH:MM:SS format. For example, 00:00:00-08:00:00,17:00:00-24:00:00 lists non-working hours.
@@ -678,9 +678,9 @@ build proxy chain. Proxies may be grouped. Proxy inside the
 group is selected randomly. If few groups are specified one proxy
 is randomly picked from each group and chain of proxies is created
 (that is second proxy connected through first one and so on).
-Weight is used to group proxies. Weigt is a number between 1 and 1000.
-Weights are summed and proxies are grouped together untill weight of
-group is 1000. That is:
+Weight is used to group proxies. Weight is a number between 1 and 1000.
+Weights are summed and proxies are grouped together until the weight of
+the group is 1000. That is:
 .br
  allow *
 .br
@@ -708,7 +708,7 @@ with probability of 0.7) for outgoing web connections. Chains are only applied t
 .br
  type is one of:
 .br
- extip does not actully redirect request, it sets external address for this request to . It can be chained with another parent types. It's usefaul to set external IP based on ACL or make it random.
+ extip does not actually redirect the request; it sets the external address for this request to . It can be chained with another parent type. It's useful to set the external IP based on ACL or make it random.
 .br
  tcp simply redirect connection. TCP is always last in chain. This type of proxy is a simple TCP redirection, it does not support parent authentication.
 .br
@@ -732,8 +732,8 @@ if used with different service, it works as tcp redirection.
  socks5+ parent is SOCKSv5 proxy with name resolution
 .br
  socks4b parent is SOCKS4b (broken SOCKSv4 implementation with shortened
-server reply. I never saw this kind ofservers byt they say there are).
-Normally you should not use this option. Do not mess this option with
+server reply; I never saw this kind of server, but they say there are some).
+Normally you should not use this option. Do not confuse this option with
 SOCKSv4a (socks4+).
 .br
  socks5b parent is SOCKS5b (broken SOCKSv5 implementation with shortened
@@ -759,18 +759,18 @@ locally redirects to
 locally redirects to
 .B pop3p
 .B http
-locally redurects to
+locally redirects to
 .B proxy
 .B admin
-locally redirects to admin -s service.
+locally redirects to the admin -s service.
 
 .br
- Main purpose of local redirections is to have requested resource
-(URL or POP3 username) logged and protocol-specific filters to be applied.
-In case of local redirection ACLs are revied twice: first, by SOCKS proxy up to \'parent\'
-command and then with gateway service connection is
-redirected (HTTP, FTP or POP3) after \'parent\' command. It means,
-additional \'allow\' command is required for redirected requests, for
+ Main purpose of local redirections is to have the requested resource
+(URL or POP3 username) logged and protocol-specific filters applied.
+In case of local redirection, ACLs are reviewed twice: first, by the SOCKS proxy up to the \'parent\'
+command and then by the gateway service the connection is
+redirected to (HTTP, FTP or POP3) after the \'parent\' command. It means
+an additional \'allow\' command is required for redirected requests, for
 example:
 .br
  allow * * * 80
@@ -786,7 +786,7 @@ local HTTP proxy parses requests and allows only GET and POST requests.
 .br
  parent 1000 http 1.2.3.4 0
 .br
- Changes external address for given connection to 1.2.3.4 (an equivalent to -e1.2.3.4)
+ Changes the external address for a given connection to 1.2.3.4 (equivalent to -e1.2.3.4)
 .br
  Optional username and password are used to authenticate on parent
 proxy. Username of \'*\' means username must be supplied by user.
@@ -843,15 +843,17 @@ noforce allows to keep previously authenticated connections.
     
  
 .br
- bandlim sets bandwith limitation filter to  bps (bits per second)
-If you want to specife bytes per second - multiply your value to 8.
-bandlim rules act in a same manner as allow/deny rules except
+ bandlim sets a bandwidth limitation filter to  bps (bits per second).
+If you want to specify bytes per second, multiply your value by 8.
+bandlim rules act in the same manner as allow/deny rules, except for
 one thing: bandwidth limiting is applied to all services, not to some
 specific service. 
-bandlimin and nobandlimin applies to incoming traffic
-bandlimout and nobandlimout applies to outgoing traffic
-If tou want to ratelimit your clients with IPs 192.168.10.16/30 (4
-addresses) to 57600 bps you have to specify 4 rules like
+bandlimin and nobandlimin apply to incoming traffic
+.br
+bandlimout and nobandlimout apply to outgoing traffic
+.br
+If you want to ratelimit your clients with IPs 192.168.10.16/30 (4
+addresses) to 57600 bps, you have to specify 4 rules like
 .br
  bandlimin 57600 * 192.168.10.16
 .br
@@ -861,12 +863,12 @@ addresses) to 57600 bps you have to specify 4 rules like
 .br
  bandlimin 57600 * 192.168.10.19
 .br
- and every of you clients will have 56K channel. If you specify
+ and each of your clients will have a 56K channel. If you specify
 .br
  bandlimin 57600 * 192.168.10.16/30
 .br
- you will have 56K channel shared between all clients.
-if you want, for example, to limit all speed ecept access to POP3 you can use
+ you will have a 56K channel shared between all clients.
+If you want, for example, to limit all speed except access to POP3, you can use
 .br
  nobandlimin * * * 110
 .br
@@ -891,17 +893,17 @@ connlim limits a number of parallel connections.
 .br
  connlim 20 0 * 127.0.0.1
 .br
- allows 20 simulationeous connections for 127.0.0.1.
+ allows 20 simultaneous connections for 127.0.0.1.
 .br
- Like with bandlimin, if individual limit is required per client, separate
-rule mustbe added for every client. Like with nobanlimin, noconnlim adds an
+ Like with bandlimin, if an individual limit is required per client, a separate
+rule must be added for every client. Like with nobandlimin, noconnlim adds an
 exception.
 
 
 
 .br
 .B counter
-  
+  
 .br
 .B countin
        
@@ -928,29 +930,29 @@ exception.
  
 .br
 
- counter, countin, nocountin, countout, noucountout, countall,
-nocountall commands are used to set traffic limit
-in MB for period of time (day, week or month). Filename is a path
+ counter, countin, nocountin, countout, nocountout, countall,
+nocountall commands are used to set a traffic limit
+in MB for a period of time (day, week or month). Filename is a path
 to a special file where traffic information is permanently stored.
-number is sequential number of record in this file. If number is 0
-this counter is not preserved in counter file (that is
-if proxy restarted all counters with 0 are flushed) overwise it
-should be unique sequential number which points to position of
-the couter within the file.
+The number is the sequential number of the record in this file. If the number is 0,
+this counter is not preserved in the counter file (that is,
+if the proxy is restarted, all counters with 0 are flushed); otherwise, it
+should be a unique sequential number which points to the position of
+the counter within the file.
 Type specifies a type of counter. Type is one of:
 .br
- H - counter is resetted hourly
+ H - counter is reset hourly
 .br
- D - counter is resetted daily
+ D - counter is reset daily
 .br
- W - counter is resetted weekly
+ W - counter is reset weekly
 .br
- M - counter is resetted monthely
+ M - counter is reset monthly
 .br
- reporttype/repotname may be used to generate traffic reports.
-Reporttype is one of D,W,M,H(hourly) and repotname specifies filename
-template for reports. Report is text file with counter values in
-format:
+ reporttype/reportname may be used to generate traffic reports.
+Reporttype is one of D, W, M, H (hourly) and reportname specifies the filename
+template for reports. The report is a text file with counter values in
+the format:
 .br
   
 .br
@@ -976,13 +978,13 @@ username[:pwtype:password] ...
 .br
  users test3:NT:BD7DFBF29A93F93C63CB84790DA00E63
 .br
- Note: double quotes are requiered because password contains $ sign.	
+ Note: double quotes are required because the password contains a $ sign.	
 
 .br
 .B flush
 .br
- empty active access list. Access list must be flushed avery time you creating
-new access list for new service. For example:
+ empty the active access list. The access list must be flushed every time you create a
+new access list for a new service. For example:
 .br
  allow *
 .br
@@ -1043,14 +1045,14 @@ for all threads.
 .B stacksize
 
 .br
- Change default size for threads stack. May be required in some situation,
-e.g. with non-default plugins, on on some platforms (some FreeBSD version
-may require adjusting stack size due to invalid defined value in system
-header files, this value is also oftent reqruied to be changed for ODBC and
-PAM support on Linux. If you experience 3proxy
+ Change the default size for thread stacks. May be required in some situations,
+e.g. with non-default plugins, or on some platforms (some FreeBSD versions
+may require adjusting the stack size due to an incorrectly defined value in system
+header files; this value is also often required to be changed for ODBC and
+PAM support on Linux). If you experience 3proxy
 crash on request processing, try to set some positive value. You may start with
-stacksize 65536 
-and then find the minimal value for service to work. If you experience
+stacksize 65536
+and then find the minimal value for the service to work. If you experience
 memory shortage, you can try to experiment with negative values.
 
 .SH PLUGINS
@@ -1070,9 +1072,9 @@ as
 .B filtermaxsize
 
 .br
- If Content-length (or another data length) is greater than given value, no
-data filtering will be performed thorugh filtering plugins to avoid data
-corruption and/or Content-Length chaging. Default is 1MB (1048576).
+ If Content-length (or another data length) is greater than the given value, no
+data filtering will be performed through filtering plugins to avoid data
+corruption and/or Content-Length changing. Default is 1MB (1048576).
 
 .SH BUGS
 Report all bugs to
diff --git a/man/ftppr.8 b/man/ftppr.8
index 0ad5216..216855a 100644
--- a/man/ftppr.8
+++ b/man/ftppr.8
@@ -19,7 +19,7 @@ servers.
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@@ -28,17 +28,17 @@ Be silenT. Do not log start/stop/accept error records.
 Never look for username authentication.
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
-from. 
-By default system will deside which address to use in accordance
-with routing table.
+External address. IP address of the interface the proxy should initiate connections
+from.
+By default, the system will decide which address to use in accordance
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+Internal address. IP address the proxy accepts connections to.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -h
-Default destination. It's used if targed address is not specified by user.
+Default destination. It's used if the target address is not specified by the user.
 .TP
 .B -p
 Port. Port proxy listens for incoming connections. Default is 21.
@@ -48,7 +48,7 @@ Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
@@ -56,24 +56,24 @@ syslog is used for logging.
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
 crashes.
 .SH CLIENTS
-You can use any FTP client, regardless of FTP proxy support. For client with
-FTP proxy support configure
+You can use any FTP client, regardless of FTP proxy support. For a client with
+FTP proxy support, configure
 .I internal_ip
 and
 .IR port
-in FTP proxy parameters.
-For clients without FTP proxy support use
+in the FTP proxy parameters.
+For clients without FTP proxy support, use
 .I internal_ip
 and
 .IR port
-as FTP server. Address of real FTP server must be configured as a part of
-FTP username. Format for username is
+as the FTP server. The address of the real FTP server must be configured as a part of
+the FTP username. The format for the username is
 .IR username \fB@ server ,
 where
 .I server
-is address of FTP server and
+is the address of the FTP server and
 .I username
-is user\'s login on this FTP server. Login itself may contain \'@\' sign.
+is the user\'s login on this FTP server. The login itself may contain an \'@\' sign.
 Only cleartext authentication is currently supported.
 .SH BUGS
 Report all bugs to
diff --git a/man/pop3p.8 b/man/pop3p.8
index 7bfa230..254bd27 100644
--- a/man/pop3p.8
+++ b/man/pop3p.8
@@ -19,7 +19,7 @@ servers.
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@@ -28,27 +28,27 @@ Be silenT. Do not log start/stop/accept error records.
 Never look for username authentication.
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
-from. 
-By default system will deside which address to use in accordance
-with routing table.
+External address. IP address of the interface the proxy should initiate connections
+from.
+By default, the system will decide which address to use in accordance
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+Internal address. IP address the proxy accepts connections to.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -p
 Port. Port proxy listens for incoming connections. Default is 110.
 .TP
 .B -h
-Default destination. It's used if targed address is not specified by user.
+Default destination. It's used if the target address is not specified by the user.
 .TP
 .B -l
 Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
@@ -56,21 +56,21 @@ syslog is used for logging.
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
 crashes.
 .SH CLIENTS
-You can use any MUA (Mail User Agent) with POP3 support. Set client to use
+You can use any MUA (Mail User Agent) with POP3 support. Set the client to use
 .I internal_ip
 and
 .IR port
-as a POP3 server. Address of real POP3 server must be configured as a part of
-POP3 username. Format for username is
+as a POP3 server. The address of the real POP3 server must be configured as a part of
+the POP3 username. The format for the username is
 .IR username \fB@ server ,
 where
 .I server
-is address of POP3 server and
+is the address of the POP3 server and
 .I username
-is user\'s login on this POP3 server. Login itself may contain \'@\' sign.
+is the user\'s login on this POP3 server. The login itself may contain an \'@\' sign.
 Only cleartext authentication is supported, because challenge-response
-authentication (APOP, CRAM-MD5, etc) requires challenge from server before
-we know which server to connect.
+authentication (APOP, CRAM-MD5, etc.) requires a challenge from the server before
+we know which server to connect to.
 .SH BUGS
 Report all bugs to
 .BR 3proxy@3proxy.org
diff --git a/man/proxy.8 b/man/proxy.8
index eaa2252..a009015 100644
--- a/man/proxy.8
+++ b/man/proxy.8
@@ -17,7 +17,7 @@ is HTTP gateway service with HTTPS and FTP over HTTPS support.
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@@ -26,14 +26,14 @@ Be silenT. Do not log start/stop/accept error records.
 Never ask for username authentication
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
-from. 
-By default system will deside which address to use in accordance
-with routing table.
+External address. IP address of the interface the proxy should initiate connections
+from.
+By default, the system will decide which address to use in accordance
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+Internal address. IP address the proxy accepts connections to.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -a
 Anonymous. Hide information about client.
@@ -57,12 +57,12 @@ syslog is used for logging.
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
 crashes.
 .SH CLIENTS
-You should use client with HTTP proxy support or configure router to redirect
-HTTP traffic to proxy (transparent proxy). Configure client to connect to
+You should use a client with HTTP proxy support or configure a router to redirect
+HTTP traffic to the proxy (transparent proxy). Configure the client to connect to
 .I internal_ip
 and
 .IR port .
-HTTPS support allows to use almost any TCP based protocol. If you need to
+HTTPS support allows you to use almost any TCP-based protocol. If you need to
 limit clients, use 
 .BR 3proxy (8)
 instead.
diff --git a/man/smtpp.8 b/man/smtpp.8
index bd14e30..189029c 100644
--- a/man/smtpp.8
+++ b/man/smtpp.8
@@ -19,7 +19,7 @@ servers.
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@@ -28,27 +28,27 @@ Be silenT. Do not log start/stop/accept error records.
 Never look for username authentication.
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
-from. 
-By default system will deside which address to use in accordance
-with routing table.
+External address. IP address of the interface the proxy should initiate connections
+from.
+By default, the system will decide which address to use in accordance
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+Internal address. IP address the proxy accepts connections to.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -p
 Port. Port proxy listens for incoming connections. Default is 25.
 .TP
 .B -h
-Default destination. It's used if targed address is not specified by user.
+Default destination. It's used if the target address is not specified by the user.
 .TP
 .B -l
 Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
@@ -57,21 +57,21 @@ Increase or decrease stack size. You may want to try something like -S8192 if yo
 crashes.
 .SH CLIENTS
 You can use any MUA (Mail User Agent) with SMTP authentication support.
-Set client to use
+Set the client to use
 .I internal_ip
 and
 .IR port
-as a SMTP server. Address of real SMTP server must be configured as a part of
-SMTP username. Format for username is
+as an SMTP server. The address of the real SMTP server must be configured as a part of
+the SMTP username. The format for the username is
 .IR username \fB@ server ,
 where
 .I server
-is address of SMTP server and
+is the address of the SMTP server and
 .I username
-is user\'s login on this SMTP server. Login itself may contain \'@\' sign.
+is the user\'s login on this SMTP server. The login itself may contain an \'@\' sign.
 Only cleartext authentication is supported, because challenge-response
-authentication (CRAM-MD5, SPA, etc) requires challenge from server before
-we know which server to connect.
+authentication (CRAM-MD5, SPA, etc.) requires a challenge from the server before
+we know which server to connect to.
 .SH BUGS
 Report all bugs to
 .BR 3proxy@3proxy.org
diff --git a/man/socks.8 b/man/socks.8
index 6bc127b..a3d6946 100644
--- a/man/socks.8
+++ b/man/socks.8
@@ -19,7 +19,7 @@ outgoing and reverse TCP connections and UDP portmapping.
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@@ -28,19 +28,19 @@ Be silenT. Do not log start/stop/accept error records.
 Never ask for username authentication
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
+External address. IP address of the interface the proxy should initiate connections
 from. External IP must be specified if you need incoming connections.
-By default system will deside which address to use in accordance
-with routing table.
+By default, the system will decide which address to use in accordance
+with the routing table.
 .TP
 .B -N
-External NAT address 3proxy reports to client for BIND and UDPASSOC
-By default external address is reported. It's only useful in the case
-of IP-IP NAT (will not work for PAT)
+External NAT address 3proxy reports to client for BIND and UDPASSOC.
+By default, the external address is reported. It's only useful in the case
+of IP-IP NAT (will not work for PAT).
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+Internal address. IP address the proxy accepts connections to.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -p
 Port. Port proxy listens for incoming connections. Default is 1080.
@@ -58,7 +58,7 @@ syslog is used for logging.
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
 crashes.
 .SH CLIENTS
-You should use client with SOCKS support or use some socksification support
+You should use a client with SOCKS support or use some socksification support
 (for example
 .I SocksCAP
 or
@@ -67,9 +67,9 @@ Configure client to use
 .I internal_ip
 and
 .IR port .
-SOCKS allows to use almost any application protocol without limitation. This
-implementation also allows to open priviledged port on server (if socks has
-sufficient privileges). If you need to control access use
+SOCKS allows you to use almost any application protocol without limitation. This
+implementation also allows you to open privileged ports on the server (if socks has
+sufficient privileges). If you need to control access, use
 .BR 3proxy (8)
 instead.
 .SH BUGS
diff --git a/man/tcppm.8 b/man/tcppm.8
index 42929ee..842b63a 100644
--- a/man/tcppm.8
+++ b/man/tcppm.8
@@ -17,27 +17,27 @@ forwards connections from local to remote TCP port
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
-from. 
-By default system will deside which address to use in accordance
-with routing table.
+External address. IP address of the interface the proxy should initiate connections
+from.
+By default, the system will decide which address to use in accordance
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+Internal address. IP address the proxy accepts connections to.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -l
 Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
@@ -47,19 +47,19 @@ crashes.
 .SH ARGUMENTS
 .TP
 .I local_port
-- port tcppm accepts connection
+- port tcppm accepts connections on
 .TP
 .I remote_host
-- IP address of the host connection is forwarded to
+- IP address of the host the connection is forwarded to
 .TP
 .I remote_port
-- remote port connection is forwarded to
+- remote port the connection is forwarded to
 .SH CLIENTS
-Any TCP based application can be used as a client. Use
+Any TCP-based application can be used as a client. Use
 .I internal_ip
 and
 .I local_port
-as a destination in client application. Connection is forwarded to
+as the destination in the client application. The connection is forwarded to
 .IR remote_host : remote_port
 .SH BUGS
 Report all bugs to
diff --git a/man/tlspr.8 b/man/tlspr.8
index 1974254..266191a 100644
--- a/man/tlspr.8
+++ b/man/tlspr.8
@@ -11,15 +11,15 @@
 .IB \fR[ -i internal_ip\fR]
 .IB \fR[ -e external_ip\fR]
 .SH DESCRIPTION
-.B proxy
-is SNI gateway service (destination host is taken from TLS handshake). Destination port must be specified via -P option (or it may be detected with Transparent plugin).
+.B tlspr
+is an SNI gateway service (destination host is taken from TLS handshake). The destination port must be specified via the -P option (or it may be detected with the Transparent plugin).
 .SH OPTIONS
 .TP
 .B -I
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
@@ -28,14 +28,14 @@ Be silenT. Do not log start/stop/accept error records.
 Never ask for username authentication
 .TP
 .B -e
-External address. IP address of interface proxy should initiate connections
-from. 
-By default system will deside which address to use in accordance
-with routing table.
+External address. IP address of the interface the proxy should initiate connections
+from.
+By default, the system will decide which address to use in accordance
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts connections to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+Internal address. IP address the proxy accepts connections to.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -a
 Anonymous. Hide information about client.
@@ -47,17 +47,17 @@ Anonymous. Show fake information about client.
 listening_port. Port proxy listens for incoming connections. Default is 1443.
 .TP
 .B -P
-destination_port. Port to establish outgoing connections. One is required unless Transparent plugin is not used because TLS handshake does not contain port information. Default is 443.
+destination_port. Port to establish outgoing connections. Required unless the Transparent plugin is used, because the TLS handshake does not contain port information. Default is 443.
 .TP
 .B -c
-TLS_CHECK_LEVEL. 0 (default) - allow non-TLS traffic to pass, 1 - require TLS, only check client HELLO packet, 2 - require TLS, check both client and server HELLO, 3 - require TLS, check server send certificate (not compatible with TLS 1.3), 4 - require mutual TLS, check server send certificate request and client sends certificate (not compatible with TLS 1.3)
+TLS_CHECK_LEVEL. 0 (default) - allow non-TLS traffic to pass, 1 - require TLS, only check client HELLO packet, 2 - require TLS, check both client and server HELLO, 3 - require TLS, check that the server sends a certificate (not compatible with TLS 1.3), 4 - require mutual TLS, check that the server sends a certificate request and the client sends a certificate (not compatible with TLS 1.3)
 .TP
 .B -l
 Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
@@ -65,13 +65,12 @@ syslog is used for logging.
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
 crashes.
 .SH CLIENTS
-You should use client with HTTP proxy support or configure router to redirect
-HTTP traffic to proxy (transparent proxy). Configure client to connect to
+You should use a client with TLS support or configure a router to redirect
+TLS traffic to the proxy (transparent proxy). Configure the client to connect to
 .I internal_ip
 and
 .IR port .
-HTTPS support allows to use almost any TCP based protocol. If you need to
-limit clients, use 
+If you need to limit clients, use
 .BR 3proxy (8)
 instead.
 .SH BUGS
diff --git a/man/udppm.8 b/man/udppm.8
index 2ae8db4..5462c64 100644
--- a/man/udppm.8
+++ b/man/udppm.8
@@ -3,7 +3,7 @@
 .B udppm
 \- UDP port mapper
 .SH SYNOPSIS
-.BR "pop3p " [ -ds ]
+.BR "udppm " [ -ds ]
 .IB \fR[ -l \fR[ \fR[ @ \fR] logfile \fR]]
 .IB \fR[ -i internal_ip\fR]
 .IB \fR[ -e external_ip\fR]
@@ -17,35 +17,35 @@ forwards datagrams from local to remote UDP port
 Inetd mode. Standalone service only.
 .TP
 .B -d
-Daemonise. Detach service from console and run in the background.
+Daemonize. Detach service from console and run in the background.
 .TP
 .B -t
 Be silenT. Do not log start/stop/accept error records.
 .TP
 .B -e
-External address. IP address of interface proxy should initiate datagrams
-from. 
-By default system will deside which address to use in accordance
-with routing table.
+External address. IP address of the interface the proxy should initiate datagrams
+from.
+By default, the system will decide which address to use in accordance
+with the routing table.
 .TP
 .B -i
-Internal address. IP address proxy accepts datagrams to.
-By default connection to any interface is accepted. It\'s usually unsafe.
+Internal address. IP address the proxy accepts datagrams to.
+By default, connections to any interface are accepted. It\'s usually unsafe.
 .TP
 .B -l
 Log. By default logging is to stdout. If
 .I logfile
 is specified logging is to file. Under Unix, if
 .RI \' @ \'
-preceeds
+precedes
 .IR logfile ,
 syslog is used for logging.
 .TP
 .B -s
-Single packet. By default only one client can use udppm service, but
-if -s is specified only one packet will be forwarded between client and server.
-It allows to share service between multiple clients for single packet services
-(for example name lookups).
+Single packet. By default, only one client can use the udppm service, but
+if -s is specified, only one packet will be forwarded between client and server.
+This allows the service to be shared between multiple clients for single-packet services
+(for example, name lookups).
 .TP
 .B -S
 Increase or decrease stack size. You may want to try something like -S8192 if you experience 3proxy
@@ -53,7 +53,7 @@ crashes.
 .SH ARGUMENTS
 .TP
 .I local_port
-- port udppm accepts datagrams
+- port udppm accepts datagrams on
 .TP
 .I remote_host
 - IP address of the host datagrams are forwarded to
@@ -61,11 +61,11 @@ crashes.
 .I remote_port
 - remote port datagrams are forwarded to
 .SH CLIENTS
-Any UDP based application can be used as a client. Use
+Any UDP-based application can be used as a client. Use
 .I internal_ip
 and
 .I local_port
-as a destination in client application. All datagrams are forwarded to
+as the destination in the client application. All datagrams are forwarded to
 .IR remote_host : remote_port
 .SH BUGS
 Report all bugs to