#
# File:		HOW-IT-WORKS
# Author:	G. Paul Ziemba <paul@alantec.com>
# SCCS:		@(#)HOW-IT-WORKS	1.1 3/2/93
# Purpose:	principles of operation
#


    Tcpr is designed to allow clients on an internal network telnet
and ftp through an existing "firewall" host (i.e., a host that has
IP forwarding disabled) to the outside world. There are three
programs in this package; please refer to the picture below.



    +-----------+		+---------------+
    |  client	|		|   firewall	|
    |   host	|		|     host	|
    +-----------+		+---------------+
    |		|		|		|
    |  pclient	|-------------->|   tcprpmd	|
    |  		|		|		|
    |		|		|   tcprelay	|
    +-----------+		+---------------+
					|
					|
					+-------> To remote host on
						   outside network

    The pclient program gets linked to the names "pftp" and "ptelnet".
The name it is called with determines the type of service it requests,
and also which program (telnet or ftp) gets called after the connection
gets set up.

    When pclient is invoked, it connects to the tcprpmd server on the
firewall. It then passes information about the desired remote server
(specifically, server address and port number) to tcprpmd.

    Tcprpmd then calls tcprelay to actually set up the proxy connection.
Tcprelay connects to the remote host using the address and port number
given via tcprpmd. After the connection is successful, it listens on
a port on the firewall host. It tells tcprpmd what port number it is
listening on.

    Tcprpmd relays the firewall port number back to pclient; pclient
then invokes telnet or ftp _to the firewall_ on the port number it
obtained from tcprpmd.

    After tcprelay has accepted the connection from the client telnet/ftp,
it simply copies data in both directions between the client and the
remote host. When it gets an EOF on one of the streams, it exits.

    Special handling is implemented to deal with ftp data connections.
In normal operation, when the client ftp requests a transfer, it first
sends a PORT command to the server on their control connection (the
control connection is the connection that we set up above). The port
command has parameters that describe the IP address and TCP port number
on which the client is listening, in expectation that the server will
set up a new stream connection to the client to transfer data.

    The tcprelay program scans the control stream from the client
as it copies it to the remote server. If it sees a PORT command,
it interposes itself by setting up an additional pair of connections
for the data. It uses the paramaters from the PORT command to connect
to the ftp client, does a listen on a new port, and then generates a new
PORT command (with it's own parameters) to send to the remote server.
It forwards in both directions on the data connection until EOF.

