Nearly everyone was interested in using this for archie, so here's some
quick-start information.

Edit Makefile to suit your local configuration, especially the name of the
firewall (bastion) host and the port number to be used for encapsulated UDP
data.  Rsendto.c will need these.

Run 'make' to build udprelay and Rsendto.o.

If you don't want to modify your archie clients, you have to lock your
clients into using a single external archie server.  Set up your
/etc/udprelay.conf with:

#       from-host   from-port  localport    to-host         to-port localport
#
relay   *.your.domain   *         1525   archie.rutgers.edu   1525   any
relay   *.your.domain   *          191   archie.rutgers.edu    191   any

"*.your.domain" should be set to whatever internal system or domain you
want to accept requests from.  Use multiple "relay" lines if you want to
specify multiple internal hosts or domains.  The 5th argument should be the
name of the archie server you want to use - the inside clients should
pretend that your firewall system is the archie server, either using the -f
option or an environment variable or whatever.  udprelay will transparently
forward all requests to the specified archie server, and send responses
back.

The -f option will not work to select a different external archie server.

I'm not sure when archie decides to use port 191, but it seems to be
capable of using it.  In practice, it seems always to use port 1525.

If you can modify the archie clients, then edit archie's dirsend.c.
Replace sendto with Rsendto, recvfrom with Rrecvfrom, and link archie with
the enclosed Rsendto.o.  You might want to rename the executable "rarchie"
to prevent confusion.  Put this line in your /etc/udprelay.conf:

#              from-hosts     localport
#
encapsulate   *.your.domain    1092

Rsendto will try to contact udprelay using the port number you gave in the
Makefile (unless you add a "udprelay" service to /etc/services), so give
the same port number here.  With this, the archie clients will use whatever
server they were configured to use, and the -h option will work properly.

This requires that the client hosts run with full nameserver data, since
only the IP address is passed to udprelay.

If you have both modified and unmodified archie clients, put both "relay"
and "encapsulate" lines in the /etc/udprelay.conf.

Run "udprelay &" on the firewall system.  Syslogging is fairly crude at
this time - there's too much stuff logged, and not all of what one wants.

Test archie.

Let me know how it breaks :-).  If you feel like doing some debugging,
re-run udprelay with -d1 (to print session setups and teardowns to stdout),
or -d2 (to print a description of every relayed packet).

