Trilight Zone

digital8 · Second Lieutenant Joined: 29 Sep 2005 Posts: 1002

Introduction
If you know nothing about bncs, a bnc is short for a 'bouncer.' A bnc acts as a proxy for irc, allowing you to hide your real IP address and use a vhost (vanity host - something like 'this.is.a.l33t.vhost.com'). What are the advantages of this? Well, mainly there's just one important one: It'll stop stupid packet kiddies from trying to knock you off the network. Everyone hates getting disconnected, and with a bnc on a decent shell, you should be pretty immune. Remember though: the kiddies can still nuke you, but it is assumed that the shell provider has a high-bandwidth line that allows it to withstand the numerous packets. If your shell is on a 56.6, you'll still be screwed.

So... why psybnc? There are a variety of other open source bnc's available for you to download, most notably EZBounce and plain-ol BNC. Both of these do the exact same basic thing as psybnc: hide your real host. But that's about where the similarity ends. I've been using psy for a long time now, and I love with all the features that it offers. To name a few:

· You'll always be connected to irc. Even when you close your irc client, psy will maintain your connection. When you connect later, you'll instantly be back on the channels you left. This also lets you hold your nick (if you need that feature), or hold ops on a channel.
· psy hides your IP even in DCC sessions. In other bncs, a direct client-client session is opened, thus revealing your IP. In psy, the connection is bounced through the shell, and your IP remains your dirty little secret Wink

· You can link multiple psy's together. This allows you to share vhosts, and also create a small ircd, termed the 'internal' network on the bncs.
· psyBNC now supports SSL. woohoo Smile

))
There are tons more features, but you can just download the source and view the README.

Now... for the first part of this tutorial, the Basic section, I assume you have little or no experience with shells/irc. For the Intermediate section, though, I assume you can hold your own. For most users, the Basic is as far as they need to go, but all the fun stuff is a bit more complicated.

Configuring and Compiling
Hopefully you have already downloaded the source. If not, you can find it here: http://www.psychoid.lam3rz.de. After you have downloaded that, fire up your favorite ftp client and upload it to the root directory of your shell. You could also get the source by using lynx or wget. Example wget command:

wget http://www.psychoid.lam3rz.de/psyBNC2.3.1.tar.gz
The next step is to decompress this file (.tar.gz is kinda like a .zip file for all you windoze ppl out there). To do this, type:

tar zxvf psyBNC2.3.1.tar.gz
Notice that it's case-sensitive. Everything in unix is case-sensitive. Keep that in mind for everything in the future.

If you typed the correctly, you should have a psybnc directory on your shell. Change to it and see what you have!

cd psybnc
ls -al
Now, this next part is where it gets a bit harder. psyBNC includes a GUI for configuring the bnc. However, this requires ncurses to be installed on your shell, something a bunch of shells do not have. In my experience, most flavors of linux have it installed, but some others don't. So, give it a whirl. Type:

make menuconfig
If you get a GUI, congrats: the configuring process is much easier. If not, well, welcome to my world Wink

With menuconfig, the GUI is very easy to follow: obviously an [X] denotes that the option is selected, while [ ] indicates it's not.

For all those stuck doing it by hand, after each option I explain how to set it. For all the compiling options, everything is placed in the file config.h, which is found in the psybnc directory. Just open that file with your favorite editor on the shell (I use and recommend pico - You can edit the file by typing:

pico config.h
In this file, if you want something added, it has to be defined. Example: #define INTNET adds support for the internal network.

The key for the section below is as follows:

Option Name The #define line for config.h

A description of the option

Compiling options

Support Encryption #define CRYPT

This encrypts all your passwords, and enables support for channel encryption, relay encryption, etc... I highly recommend you leave this enabled.

Encryption Type #define BLOWFISH or #define IDEA

(default = Blowfish) Cryptographically speaking, these ciphers are about equally secure. However, Blowfish is much faster. You can read more about Blowfish here Also, IDEA is patent-protected - you should get permission before using it!

Support Translation #define TRANSLATE

This lets you type in english (or whatever your language is) and have the text in the channel appear in a different language. You'll have to see the README for more information: I don't use this feature.

Support Internal Network #define INTNET

This lets you use the internal ircd that psy has. Think of it as a big partyline where you can set modes/bans/topic/etc... I like it, and I recommend you leave it enabled.

Support Traffic Logging #define TRAFFICLOG

This enables support for logging channels when you're not around. It can be handy, but it can also eat up your shell disk space VERY fast. So be careful if you enable this. (note: you can leave support for it enabled here, then disable it after it is compiled by simply turning it off)

Support Linkage #define LINKAGE

If you want your bnc to link to others (or others to link to yours), enable this. I use it.

Support DCC Files / DCC Chat #define DCCFILES and #define DCCCHAT

Standard DCC features over IRC. Most people use these features, so leave em be.

User Mode #define MULTIUSER or #define SINGLEUSER

Multiuser or Singleuser. If you're going to share your bnc, set it to multi. If it's just you, set it to Single.

Maxium users #define MAXUSER n

Pretty self-explanatory. However note that each network you add (if you use multiple networks) adds a virtual user. Be sure to keep this in mind when setting a max! (And really a max is pointless unless you are running an anonymous bnc) (n = # of users)

Maximum connections #define MAXCONN n

This is the number that each user can have. They need at least 2 (incoming/outgoing) and more for dcc's, multiple networks, etc. I suggest leaving it at 25. (n = # of connections per user)

Support Scripting #define SCRIPTING

psyBNC allows user-specific scripts. I will not discuss that in this tutorial, but it doesn't hurt to leave support for it enabled.

Support oIdentd #define OIDENTD

If your shell supports it, this allows users to define their own ident. Most don't support it. I don't use it. (for more info on oIdentd: http://ojnk.sourceforge.net/)

Use asynchroneous resolving #define ???? definition unknown

EXPERIMENTAL!!Tells psy to use asynchronous (as opposed to synchronous) DNS lookups. This is not a tutorial on DNS so I will not get into it. Note this works only if your system supports it!

Support Multiple IRC Networks #define NETWORK

This allows users to connect to >1 network with the same client. Hence, in one mirc session, the user could be on efnet, dalnet and ircnet. I love this feature and recommend you leave it enabled (even if you don't plan to use it now).

Support proxy usage #define PROXYS

If you want to further anonymize your connection by bouncing mirc-->bnc-->proxy-->irc, enable this. But since most irc servers check for open proxies, this won't work in many cases.

Anonymous Bouncer Usage #define ANONYMOUS

Want the whole world to use your bnc? Then enable this! (not recommended)

No Permanent IRC-Connections #define DYNAMIC

If this is enabled, psy will disconnect you from irc when you disconnect rom the bnc. Otheriwse, you'll always stay connected to irc unless you force it to quit.

Loglevel #define LOGLEVEL n

3 different options here, choose your poison. I prefer to leave them all enabled since I like to know everything going on with my bnc. (define where n is: 0 = Errors, Warnings and Info; 1 = Errors and Warnings; 2 = Errors only)

Use the 2.1.1 compatible partyline #define PARTYCHANNEL

If you're going to be linking to old psy's, this might be good to enable. But if you're the only bnc, or if they're all > 2.2, no need to enable this option.

Version reply #define CTCPVERSION "reply"

Set the reply psybnc will send when someone sends you a CTCP VERSION query. (note: when you are connected to the bnc, psy will be transparent, all ctcp's will be answered by mirc. When you're not connected, psy will only answer to the version ctcp as set by this option.) (psy defaults to: "psyBNC 2.3.1 by the most psychoid")

SSL-Path #define SSLPATH "/path/to/ssl"

(default: wherever your openssl installation has been detected) - If you wish the use SSL on your bnc, the default here should be fine. However, if you have multiple openssl installations for some reason, then define the path to the one you want to use. If you do not want SSL compiled into psyBNC, then specify something like /dev/null here. Note that you can compile SSL support into your bnc and simply not use it.

SSL-SecLevel #define SSLSEC n

(default: Check Certs and Keys (NOT IMPLEMENTED)) - Sets the security level of your SSL setup. This can be one of the following: None, Check Certs, or the default. These different options correspond to values 0, 1 and 2 respectively for use in config.h. As with async DNS, this is not an SSL tutorial. Note however that setting 'None' does NOT disable SSL; it simply does not check client certificates. If you're using SSL for encryption only, then you can safely set this option to None. Furthermore, psyBNC has not yet implemented client-checking functions.

Once you have all these options set, you have two choices: If you're using menuconfig, skip to the next step. If you're doing it manually, this is where you actually want to compile your bnc. It's very easy to do. In the psybnc directory, simply type:

make
It won't take long to compile. If you have compiled with SSL enabled, you'll have to create a self-signed certificate at the end of the compilation process. Simply follow the prompts that you are given. The most common error is to specify a wrong Common Name. According to certificate standards, the common name must be a FQHN: Fully Qualified HostName, i.e: psybnc.mydomain.com. Since the certifcate is simply being used a an encryption seed and not as a validation of identity, this is not really important - the cert is not being signed a real CA anyway!

Configuring options

If you're using the GUI, all these options are accessable under the Bouncer-Config part of the menu. If you're not using the GUI, all these options are in psybnc.conf, which is created in the psybnc directory after it is compiled. To edit these options manually, just edit this file. The Appendix has the proper syntax for each option. The rest of this section will cover the GUI method.

Before going through these options, do the following: know the IP of your shell. for example, if you connect to l33t.shell.com open up a console (or command prompt in Win) and ping the hostname. You should see something like this:

-bash-2.05b$ ping www.efnet.org
PING www.efnet.org (193.45.36.242): 56 data bytes
64 bytes from 193.45.36.242: icmp_seq=0 ttl=49 time=132.975 ms

So if your shell was www.efnet.org (which I can guarantee it is not!), the corresponding IP would be 193.45.36.242.

Also, choose a port for the bnc. Check the Terms of Use of your shell - some companies require you to use a certain port range. And if you're on a *nix shell, the port will have to be higher than 1024 (unless you run the bnc as root, which is certainly not recommended!). Ok, on to the options, same basic format as the compiling options.

Listening ports

You have to tell the bnc where to listen. You can have it listen on more than one port on the same IP, on multiple IPs with the same port, etc. For most people, listening on just one port on one IP is adequate. (the psy default is 31337, and you can leave it at that with no problems, but it is always a good security practice to change the port). If you wish to create an SSL listening port, precede the HOSTentry with "S=" i.e.: PSYBNC.SYSTEM.HOST1=S=123.123.123.123
This will make the specified port(s) on 123.123.123.123 an SSL port. PSYBNC.SYSTEM.PORT1=xxxxx should never have an "S=" in it.

Links

Don't worry about this now.

Bouncer Name

Name your bnc. Something like mypsy1 will work just fine.

Host Allows

Want to restrict access to certain IPs or certian IP masks? This is the place to put those permissions. psy will disallow access to anyone not listed here. To allow anyone (provided they have the correct username and password) set this to *.

Users

At this point, you want to just add yourself. Adding other users will be discussed in more detail later. In menuconfig, just select this, select New then follow the directions. Remember that to connect to psybnc, your ident in mirc must be set to your psybnc username. For all those manual people, jump down to the Appendix, which is where you should be anyway.

DCC Host

The IP to use for all your DCC sessions (if you defined DCC support). I recommend setting it to the same IP that your bnc is listening on for simplicity.

Congrats, your setup is complete. If you haven't done so already, it's time to compile your bnc by typing "make" at the shell prompt in your psybnc directory. Then type "./psybnc" to start the bouncer. Hopefully everything went smoothly and you're ready to jump into the next section.