irc-gw v1.0beta patchlevel 2
^^^^^^ ^^^^^^^^^^^^^^^^^^^^^

This is - guess what? yep, README file from irc proxy designed
to work with TIS fwtk-based (and similar) firewalls. The program
is based on "BNC" code by James Seter (noonie@toledolink.com).

Just another purpose - you can point your cyrproxy to it and
cyrproxy will not be bound to just one server anymore.

functionality overview
^^^^^^^^^^^^^ ^^^^^^^^

I am too lazy to write things twice. Read this file - it is short enough -
everything is inside.

setting up proxy server
^^^^^^^ ^^ ^^^^^ ^^^^^^

Hope you'll get no trouble compiling the thing. Just create
irc-gw entries in your netperm-table and inetd.conf  and it
is ready to work. You may also want to add ip redirection rule to
use the proxy transparently (although i see no reason to do that
because all irc clients do support scripting powerful enough to
automate proxy connection procedure).

netperm-table general options:

welcome-msg,denial-msg,denydest-msg,timeout - similar to fwtk proxies.

default-port - the destination port will be used if not explicitly
specified.

{permit-|deny-}hosts - similar to fwtk 

netperm-table hosts options:

-dest <list> 		  similar to fwtk

-plug-to <server>  	  specify pre-defined server

-bogus-host <hostname>    client host name to be passed to irc server
			  (ignored my most servers, this option was
			  included for pure paranoid reasonns)

-bogus-user <username>	  user id to be passed to the server.
			  overwriting it is a good idea if you use
			  ident spoofer as i do.

-pass <password>	  specifies extra password for gateway access.
			  client should be password-aware (like mirc on
			  lose-dose) or use /quote pass <password> command.

-transparent		  for redirected connections (like ipfilter's rdr):
			  use server name transparently 

-client-side <ip-address> specify explicit ip addresses of proxy machine
-server-side <ip-address> for inside and outside systems. useful if it
			  is not possible to determine it automatically
			  (secondary circuit gateway, cyrproxy or
			  transparent connections)

-dcc-log <list>		  dcc request processing. list entries can be
-dcc-deny <list>	  send,get,chat,xmit or unknown.

setting up client side
^^^^^^^ ^^ ^^^^^^ ^^^^

Nothing special required. After connecting to the proxy (if it is
not hard-plugged and not transparent) type /quote conn <server> <port>.

BUGS
^^^^

The most important part :-/

First, the code requires some cleanup. It is ugly - and, what is worse,
it is not safe. Hope it is safe enough not to be serious security
treat for firewall itself but i think it can be easy target for
denial of service attacks. Please read the code carefully and
tell me if you find something suspicious.

Daemon mode has gone. Please tell me if you want it back.

No DCC sanity checks are being performed - except port number check
(must be >1024)

Original destination port number is ignored when in transparent mode.

ToDo
^^^^

Fix the above. 
Implement authsrv - based authentication and authorization.
Change fundamental data stream handling: parse it all instead
of checking for known patterns.
JOIN filter to restrict channels available for user.
More ctcp filtering and maybe spoofing.

For developers
^^^ ^^^^^^^^^^

Feel free to improve the program the way you want - but send me a
copy of your patches.

Revision history
^^^^^^^^ ^^^^^^^

0.1alpha		Initial dcc-less version

0.2alpha		Not a public release: was avialable to 
			beta-testers. First attempt to handle dcc.
			Some bugfixes also (notice handling and more)

1.0beta			Major internal bugfixes and improvements.
			Changed from read() to dgets() call when
			reading data from remote (read() caused data 
			stream to be parsed incorrectly sometimes). 
			DCC filtering and logging implemeented as well
			as some statistics gathering.
			New options: timeout, -dcc-log, -dcc-deny,
			-client-side, -server-side

1.0beta patchlevel 1	bugfix release.
			mirc workaround for transparent mode (the damn
			thing sends server name in quotes), thanks to
			dimon@lim.ru. 
			better handling of malformed dcc requests.

1.0beta patchlevel 2	bugfix release.
			fix zombie process bug

Email
^^^^^

home: ark@mpak.convey.ru
work: ark@eltex.spb.ru

                                     _     _  _  _  _      _  _
 {::} {::} {::}  CU in Hell          _| o |_ | | _|| |   / _||_|   |_ |_ |_
 (##) (##) (##)        /Arkan#iD    |_  o  _||_| _||_| /   _|  | o |_||_||_|
 [||] [||] [||]            Do i believe in Bible? Hell,man,i've seen one!
