
Version 2.0.0 - 13SEP05wzk
- ------------------------

  * Created simple .deb package.

  * The TCP/IP server argument can now be a comma separated list
    of servers, each server is tried till tcpproxy can connect to one.

  * Revised syslog messages.

  * -o <statdir>

  * Can bind to interface like `eth0'.  This actually binds to 0.0.0.0
    but uses the interface's real IP number when looking for a
    matching configuration.

  * Handles redirects from

	# iptables -t nat -A PREROUTING --protocol tcp --dport 25 \
		-j REDIRECT --to-port 8025

    when `-r' or `-rr' is set.

  * Changed -V response from "tcpproxy/2.0.0" to "tcpproxy 2.0.0".

  * Changed interpretation of named interface like "interface xyz",
    before it was used as name of an IP number an now it's interpreted
    as interface name.

  * Change: stderr is not longer connected to the remote client.

  * IP access control lists.

  * Error handler.

  * Changed environment variable names, added variables.



Version 1.1.12 - 15JUN05wzk
- -------------------------

  * Added `-q' option to set a single source IP for the outgoing
    connection (`srcip' configuration option).


Version 1.1.10 - 28JUL04wzk
- -------------------------

  * Added ability to accept redirected connections with the `-x'
    option.


Version 1.1.9 - 03APR04wzk
- ------------------------

  * Added debug configuration option.

  * Modified traffic debugging output.

  * Documented the NETBIOS proxy workaround.

  * Changed error exit codes from `-1' to `1'.


Version 1.1.7
- -----------

  * Bugfix in while/select loop, additional diagnostic logging.


Version 1.1.6 - 24MAR00wzk
- ------------------------

  * Minor bug fix: tcpproxy didn't close all listening sockets after
    accepting a connection.


Version 1.1.5 - 20MAR00wzk
- ------------------------

  * Changed uid/gid handling: tcpproxy will now keep it's ids after
    startup until an incoming connection is accepted.

  * The logname directive sets a different name for syslog logging.


Version 1.1.4 - 11NOV99wzk
- ------------------------

  * Added the use of shutdown() when the client closes it's output
    channel.

  * Added the -w option.


Version 1.1.3 - 13OCT99wzk
- ------------------------

  * Added access control programs to grant or deny requests based
    on almost anything.

  * Fixed -z handling, works now also for command line configurations.

  * tcpproxy accepts now port names from /etc/services.


Version 1.1.2
- -----------

  * Option -c is now an alias for -f.

  * Option -z: lists the configured server ports.  This data can be
    used if the tcpproxy services should be should down with the
    netuser or fuser command.
    
  * tcpproxy tried to write it's pidfile after changing it's user
    and failed when opening the file in a directory owned by root.



README for tcpproxy-1.1.0
- -----------------------

  * What is tcpproxy?
    tcpproxy is a program that forwards TCP/IP requests to another,
    the real server, machine.  Another description for it's function
    is `port redirection'.

    It can be used with or without a configuration file either as
    standalone daemon or server or from within inetd.

    tcpproxy was written for usage on some kind of firewall or
    Internet/intranet access system.

    tcpproxy doesn't protect your server against network attacks like
    buffer overflows or application protocol violations because it
    simply doesn't care what kind of data it transmits.  You'll have
    to use real application gateway proxys for that.


  * Usage

    tcpproxy is able to forward the following incomplete list of
    application protocols:

    	SMTP, POP3, NNTP, NetBIOS (samba), HTTP, gopher ...
	<any protocol using simple TCP connection goes here>

    FTP is not supported because it uses a second TCP connections
    for data transmission.

    You can use tcpproxy to access servers on the other side of
    your Internet access system.  If you have more outside servers
    than one to access you can either use an application gateway
    that supports server selection (pop3.proxy not contained in
    this archive) or setup a virtual interface on the inner side
    of your access system because tcpproxy does server selection
    based on it's connected interface.  See the manpage for an
    example configuration.


  * Handling requests by programs -- Service Routing

    tcpproxy supports also server programs residing on the access
    system that handle incoming requests in a way normal inetd
    does it.  tcpproxy won't however run as root so it's not
    possible to start a local POP3 server from within tcpproxy.

    But you can use this feature for service routing.  Consider
    the following example:

    Your internal network is 192.168.1.1/24 with the local mail
    server on mail.internal.com, the access server's external ip is
    192.7.100.114 and the external mail server of your provider
    (which we will use as relay) is on mail.provider.com.

    Now you want to forward connects from the internal network be
    forwarded to mail.provider.com and connects from the Internet
    being forwarded to your local mail server.  The following
    setup in /etc/tcpproxy.conf will solve that:

      port 25
      
        interface 192.7.100.114
	  server mail.internal.com
	
	interface 192.168.1.1
	  server mail.provider.com

    Solving this example with service routing goes this way:  First
    we startup the proxy server to forward traffic across the access
    server:

      root@access-system/~ # tcpproxy -b 25 /usr/local/sbin/smtp-handler

    The smtp-handler program is something like:

      #!/bin/akanga -p
      #
      # smtp-handler -- route SMTP connections
      #

      ipconf = `{ ipnumber -c 192.168.1.1/24 $PROXY_CLIENT }
      if (~ $ipconf(5) -) {
              # connect from the internet
	      #
      	      exec tcpproxy mail.internal.com:25
      } else {
	      # connect from an internal IP number
	      #
	      exec tcpproxy mail.provider.com:25
              }

    While this setup is much more complex than the solution with the
    configuration file it provides a way of implementing service routing
    or access control based on the tcpproxy's client or interface.

    Notice that none of the programs used in smtp-handler is included in
    the tcpproxy package.  You'll have to get them separate.

