------------------


  Sorry, aber bislang existiert keine richtige Deutsche Doku, die Parameter
  der einzelnen Dateien aus dem Proxy-Paket sind hier erklrt, aber in
  Englisch!

  Die Konfigurationsdatei ist unter "/etc/multiproxy/config" zu finden, falls
  sie nicht existiert wird die Config bei runtime dynamisch erzeugt, ist halt
  praktisch falls man keine lust hat die Tipparbeit in der
  "/config/multiproxy.txt" vorzunehmen.

  Der Proxy kann endweder die default-route benutzen oder man kann beim client
  mit "username@server" bzw. "username%server" einen alternativServer nutzen.

  Der SMTP-Server verfgt ber eine "POP3"-Authentifikation, heisst man meldet
  sich mit POP3 an, dieser Proxy erstellt eine IP-Auth Datei die vom SMTP-
  Proxy geprft wird, ist der User dort eingetragen gibts zugriff, wie bei
  GMX oder anderen FreeMailern.

  Da ich noch relativ neu bin mit Linux (bzw. fli4l) gibts wohl noch probleme
  mit dynamischen IPs aus dem Internet, da msste ich bei Verbindungsaufbau
  die Port-Zuweisung machen, bislang gehen also nur Outgoing-Connections.

  Irgendwo hier in der Doku wird auch ein Script erwhnt fr Zugangskontrolle,
  falls man z.B. nur registrierten Usern zugang gibt.

  Die aktuellste Version sollte es immer auf "ftp://freeware.serveftp.com"
  geben im "freewareseite/fli4l" Verzeichnis.


------------------

multiproxy(1)                                           multiproxy(1)


NAME
       multiproxy - generic TCP proxy server

SYNOPSIS
       multiproxy [options] [server]

DESCRIPTION
       multiproxy  is  a  generic  TCP proxy server.  It connects a
       client and a server and forwards any data from the  client
       to the server and vice versa.  multiproxy doesn't care about
       the data being transported.

       If server begins with a `/' or `.' it's taken as  a  pathname
       to  a  program  that  acts  as a request handler for
       incoming connections.  Otherwise server is interpreted  as
       host[:port]  and  the  client  request is forwarded to the
       given host and port.  If in this case port is omitted multiproxy
       uses  it's  own  server port as destination port on
       host.

       If multiproxy has to start a local program it set the  environment
       variables     PROXY_PORT,     PROXY_INTERFACE,
       PROXY_CLIENT and PROXY_CLIENTNAME with  the  data  of  the
       current  connection.  The `PROXY_' prefix might be changed
       with the command line option -v or the  setenv  configuration
       directive.

       multiproxy  can  be either started from inetd(1) or act as a
       standalone server listening  an  several  ports.   If  the
       server  argument is missing multiproxy reads it's configuration
       file /etc/multiproxy.conf and either forwards the  current
       connection  or  binds to the specified ports waiting
       for client requests.

CONFIGURATION FILE
       The following directives define the global  configuration.

       standalone [yes|no]
              if  set  to  `yes'  the server binds to the defined
              ports waiting for requests.  This is the default if
              a configuration file is used.

       The  uid and gid settings are only used if the user starting
       multiproxy is root, otherwise they are ignored.  If however
       the  calling  user  is root and no settngs are found
       multiproxy uses it's internal default of -1 and -2  for  the
       user and group id.  multiproxy won't run as root.

       The  following  directives  control the available services
       and how they are served.

       port port-number
              defines a new port  where  multiproxy  should  accept
              client requests.

       interface ip-number
              defines  an  interface  on which connections on the
              service port from the last port directive are  handled.

       server server[:port]
              defines  the  server  and  port where multiproxy will
              forward an incoming  connection  to.   If  port  is
              ommited the listening multiproxy port is used.

       uid numeric-uid
              defines  the  numeric  user  id  to  which multiproxy
              changes after accepting a requests.

       gid numeric-gid
              same as uid but for the group id.

       exec command
              defines a local command which is executed to handle
              a request.

       acp program
              sets  the  access  control  program that is used to
              grant or deny incoming connections.

       timeout timeout
              defines a different timeout  in  seconds  than  the
              default of 60.

       setenv varprefix
              defines the variable prefix.

       writefile filename
              defines   the   basename   for   files   where  the
              server/client communication is written.

       For a service configuration either server or exec must  be
       specified.   The timeout value is only used in conjunction
       with a server configuration and varprefix only if requests
       are  handled  by a local program.  timeout, setenv amd acp
       define configuration defaults if they  appear  before  the
       first port directive.

USER IDS
       In  version  1.1.5 the way user and group id's are handled
       changed.  From version 1.1.5 these ids are  changed  after
       accepting  a  request  and  not after binding to all ports
       before accepting anything.  This is however only  done  if
       multiproxy's  user  id  is  0, otherwise multiproxy keeps it's
       current ids.  The ids which are used for a service request
       are written to syslog.  The default values for uid/gid are
       65535/65534 which is equal to -1/-2.



ACCESS CONTROL
       If for a port configuration an access control  program  is
       set   this  program  is  executed  before  forwarding  the
       request.  The acp can then decide if it grants (exit  status
       0) or denies (exit status not 0) the access.  The acp
       can additionaly print a diagnostic message to the requesting
       client  through  it's standard output and to the multiproxy
       through it's standard error.

       The PROXY_ variables are set for  the  current  connection
       when the acp is called.

OPTIONS
       The following options are available:

       -a program
              sets program as access control program.

       -b [interface:]port
              tells  multiproxy  that it should bind to port on the
              given interface.  If interface is omitted  multiproxy
              will  bind to all available interfaces.  -b implies
              -s.

       -f config
              sets a different configuration file than  /etc/multiproxy.conf.

       -l logname
              sets  the  name under which multiproxy writes to syslog.

       -p     creates the  pidfile  /var/run/multiproxy.pid.   This
              default name can be changed by giving the -p option
              twice followed by the name of the pidfile.

       -s     sets standalone (bind to ports and listen) mode.

       -t timeout
              defines a different timeout  in  seconds  than  the
              default of 60 seconds for each connection.

       -v varprefix
              specifies a different variable prefix than `PROXY_'
              for the request handler variables.

       -w writefile
              specifies that the client/server  communication  is
              written to the file writefile.pid.log.

       -y     clears  the  whole  environment before starting the
              request handler.

       -z     lists the configured server ports and exits.   This

              is useful if you want to shutdown the multiproxy services
              with either fuser(1) or  netuser(1).   Giving
              -z twice lists the basic configuration data.

       In  case  that  the -b option is found on the command line
       the server argument is expected.

EXAMPLES
       The following examples assume that multiproxy  is  installed
       on a machine with two network interface cards.  One is the
       external interface with the IP number 192.44.100.7 and the
       other  is the internal one with IP numbers 192.168.1.1 and
       192.168.1.2 (virtual interfaces).

             #
             # /etc/multiproxy.conf - sample configuration
             #

             #
             # Define SMTP proxys ...
             #
             port 25

               # ... for outgoing ...
               #
               interface 192.168.1.1
                 server mailrelay.provider.com

               # ... and incoming email.
               #
               interface 192.44.100.7
                 server mail.domain.com

             #
             # There are also NNTP-Servers on the outside
             #
             port 119

                interface 192.168.1.1
                  server nntp.provider.com

                interface 192.168.2.1
                  server nntp.other-provider.com

             #
             # Users from the outside can access our internal
             # POP3 server ...
             #
             port 110

               interface 192.44.100.7

               # ... but only trough a real application  gateway.
               #
               exec /usr/local/sbin/pop3.proxy mail.domain.com

       With  this  configuration  file  multiproxy might be started
       with

            multiproxy -s

       to make multiproxy bind itself to all the listed interfaces.
       Another  way of serving requests is to configure the ports
       in /etc/inetd.conf  and  start  multiproxy  without  the  -s
       option  from there.  The proxy will then inspect it's configuration
       file to see how the connection  made  by  inetd
       should be handled.

       multiproxy  -b 192.44.100.7:79 /bin/date opens a date server
       on the external interface.  This service won't  be  available
       on the interfaces numbered 192.168.1.1 and .2 but the
       service is still accessable from the internal network:

             user@192.168.1.10/~ > telnet 192.44.100.7 79
             <current date goes here>

       If in inetd mode you want to provide a service only on one
       network  card you'll have to implement further access control
       with packet filters.

NOTES
       multiproxy doesn't forward the FTP protocol;  use  ftp.proxy
       for  this.   It  doesn't  work with UDP protocols too, TCP
       uses connection and UDP not - this is an imortant  difference.
       And  furthermore  multiproxy  doesn't  protect  you
       against network attacks like buffer overflows against  the
       addressed  server.  You'll have to use application gateway
       level proxys for that.

SEE ALSO
       inetd(1).

