Date: Fri, 15 Jun 2018 09:40:44 +0200 From: Harry Schmalzbauer <freebsd@omnilan.de> To: Andrea Venturoli <ml@netfence.it>, freebsd-net@freebsd.org Subject: Re: Proxy a TCP connection Message-ID: <48708a5c-0c6d-a8f1-3a48-545eb076ead0@omnilan.de> In-Reply-To: <2346bc5f-1ca3-3b6a-ac1a-c496e94eb969@netfence.it> References: <2346bc5f-1ca3-3b6a-ac1a-c496e94eb969@netfence.it>
next in thread | previous in thread | raw e-mail | index | archive | help
Am 18.05.2018 um 23:29 schrieb Andrea Venturoli: … > Let's say I have a router connected to the Internet on one side and to > a LAN with private IPs on the other. > I want some clients from outside to be able to connect to a TCP > service on a machine on the LAN: they should connect to port X on the > firewall's public IP and reach port Y on the internal box. … > Does anyone have a good suggestion for a program similar to the above > ones? > I require nothing fancy, I just want it to be reliable. Others already made good suggestions. I'd like to add from my experience: For scenarios which should be kept as simple as possible, and only need TCP, I use NC together with inetd. Example: /etc/rc.conf inetd_enable="YES" inetd_flags="-wW -C 60 -a /203.0.113.1/" /etc/inetd.conf https stream tcp nowait/400/300 nobody /usr/bin/nc nc -w 300 192.0.2.1 443 Both IPs can/should be replaced by hostnames, the inetd_flags "-a" is used to limit the address which inetd listens on. For scenarios with maximum flexibility, but limited to user space (most famous jails e.g.), I use net/socat. Since I often needed multiple instances of socat, I wrote a config file patch, which adds support for multiple instances: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226405 There's a UDP example included, here's one for TCP: /usr/local/etc/socat-instances.conf [myserver2dnstcp] daemonuser=root flags="TCP4-LISTEN:53,fork,bind=/203.0.113.1/ TCP4:192.0.2.0:53" -harry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48708a5c-0c6d-a8f1-3a48-545eb076ead0>