intro:
I really need to write some proper docs, don't I :-)
louis@steelbytes.com
support:
http://forum.steelbytes.com
********** [ Main options ] **********
Enabled: enables/disables this port mapping
port in and bind address: is what PortTunnel will listen on.
port out and address out: is where valid connections will have the data tunneled
to.
add to total stats: add active connections, kb/s in and kb/s out of this entry
to total values of the title bar.
********** [ end Main options ] **********
********** [ IP Security options ] **********
main text window: enter the IPs you want to accept/block.
search for ip: allows you ask which line will decide the result of a connection
request from a choosen IP.
redirect bad IPs: allows you to redirect 'blocked' ips to a different ip/port.
if this is ticked and has 0 for the port or a blank address, the IP will be
blocked. if this is ticked and doesn't have 0 for the port and doesn't doesn't a
blank address, the IP will be redirected.
if this is unticked and you are using win2k/xp then the IP will be blocked, and
the port placed in stealth mode (the client doesn't receive any reply to the
attempted connection), they will just time out as though there was no server
PC at the address/port at all.
if this is unticked and you are not using win2k/xp. the IP will be blocked.
advanced stuff ........
to use an external file for the ips, do something like the following
1. in the IP Security tab, enter
i,c:\valid_ips.txt
2. create c:\valid_ips.txt, and use the same syntax inside it eg.
y,127.0.0.1
y,12.34.56.78
n,*
// etc
and then every time you modify c:\valid_ips.txt, porttunnel will notice, and
reload it. (it checks the date/time stamp every 30 seconds). so have your perl
script (or whatever method you choose) generate/update c:\valid_ips.txt whenever
you want. you can even 'nest' these files, ie have one c:\valid_ips.txt include
another file with the 'i' syntax. you can also have multiple includes, etc.
here's an example I just typed up, to show you the flexibility ....
----- [start example] -----
----- [in ftp port mapping IP security tab] -----
i,c:\ftp_valid_ips.txt
----- [end] -----
----- [in irc port mapping IP security tab] -----
i,c:\irc_valid_ips.txt
----- [end] -----
----- [in file c:\ftp_valid_ips.txt] -----
i,c:\global_ban_list.txt
y,34.56.78.99 // a friend I let use ftp
i,c:\global_ok_list.txt
n,*
----- [end] -----
----- [in file c:\irc_valid_ips.txt] -----
i,c:\global_ban_list.txt
y,12.45.12.45 // a friend I let use irc
i,c:\global_ok_list.txt
n,*
----- [end] -----
----- [in file c:\global_ok_list.txt] -----
y,66.66.66.66 // a friend I let use every thing
----- [end] -----
----- [in file c:\global_ban_list.txt] -----
n,33.44.66.77 // a lamer I hate
---- [end] -----
----- [end example] -----
try studying the default stuff in the IP Security tab, that has simple examples
showing the syntax.
********** [ end IP Security options ] **********
********** [ HTTP options ] **********
prefix http 1.1 connect: this is for tunneling out through a proxy.
eg. you are at work, and work only allows you to connect to the inet via a
proxy, but you want to use IRC.
1. create a port mapping on 127.0.0.1:6667 redirecting to the proxy
address (eg proxy.company.local:8080).
2. tick prefix http connect, and enter the details of the irc
server eg ircserver.ircnetwork.net:6667
3. point your IRC client to 127.0.0.1:6667.
note: this wont work in all cases, as some times the proxy is configured to
disallow connections with this method to some ports.
Add ProxyAuthenticate: use this in the above example if the proxy server
requires a user/password (only works with 'basic' style proxy authentication)
Fix Port Numbers: this will change the port number in the http url request
(including Header and Location). Why ? So if your are redirecting say from port
80 to 81, then without this, the http server would receive a request with port
80 in the url, which may confuse it since it thinks its on 81. Note there is
currently a side effect of this switch, if the http server replies with a
redirect (eg http 301, or 302) that points to a different server, then the port
may be incorrectly changed by PortTunnel.
eg (assuming that porttunnel is listening on 81, and the http server is on 82)
client sends
GET http://test.server:81/folder HTTP/1.1
Host: test.server
portTunnel changes it to
GET http://test.server:82/folder HTTP/1.1
Host: test.server:88
and IIS will send back a
HTTP/1.0 302 Moved Temporarily
Location: http://test.server:82/folder/
and PortTunnel chages it to
HTTP/1.0 302 Moved Temporarily
Location: http://test.server:81/folder/
note: if a port to be added/changed to the url is 80, then it is ommited,
as port 80 is the default for http, and is therefore not required.
Add X-Client-Address to request header: adds a line to the request of the form
X-Client-Address: aab.bbb.ccc.ddd
this maybe useful for some logging or scripting purposes.
********** [ end HTTP options ] **********
********** [ FTP options ] **********
translate ftp port and pasv: if you are redirecting a ftp connection, tick this
(this is also known as 'FTP Bouncing'). PortTunnel will create port mappings for
each data connection as needed when this is ticked.
use alternate address in pasv replys: this is for when your ftp server is behind
a nat/router/etc. tick this, and stick in the public ip of the nat/router.
Only for clients in a different subnet (Class C): the alternated address will
only be used if the client is connecting from an IP that is not of the same
mask. (eg 192.168.0.1 and 192.168.0.10 are on the same class csubnet, but
192.168.0.1 and 192.168.1.1 are not)
Use the following port range for pasv: this is if you wish to restrict the port
range used for PASV mode transfers.
eg1, your ftp server is on a home lan behind a hardware router/nat (eg a
cable/xdsl sharing device from the likes of netgear).
do the following.
1. install porttunnel on a pc on the lan. and configure a mapping
with the following settings
a. listen on port 0.0.0.0:21
b. redirect to ftp-server-lan-ip:1021
c. tick translate port & pasv
d. tick use alternate pasv address, and enter the public
address of the nat/router (can be a dns name - eg
myaddress.dyndns.org)
e. tick use the following port range, and enter 5001-5020
2. configure ftp-server to listen on port 1021
3. configure router/nat to redirect port 21 and ports 5001-5020 to
the lan-ip of the pc with porttunnel.
if you have problems connecting to this server from other PCs on the same LAN,
then tick the only for clients on the same subnet option.
eg2, you ftp server is on a home lan behind a windows router/nat (eg ICS in a
recent version of windows, or wingate, etc)
1. install porttunnel on the router pc. and configure a mapping
with the following settings
a. listen on port 0.0.0.0:21
b. redirect to ftp-server-lan-ip:1021
c. tick translate port & pasv
2. configure ftp-server to listen on port 1021
note1: port 1021 has been used here as an example. any port that does not clash
with anything else is ok.
note2: some nat/routing devices may mess with the data stream if you use port 21.
therefore, if you have problems try a different port like 1021
Add IDNT: if the target ftp server accepts or requires IDNT, tick this. Note with
RaidenFTPD to use IDNT, you have to add the IP of the PC running PortTunnel to
the BOUNCERIP= line in the .ftpd file.
********** [ end FTP options ] **********
********** [ SMTP options (licensed only)] **********
relay filtering ....
*****