From owner-freebsd-questions@FreeBSD.ORG Fri Jan 22 20:11:48 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 813C01065692 for ; Fri, 22 Jan 2010 20:11:48 +0000 (UTC) (envelope-from chris@bab.cabstand.com) Received: from bab.cabstand.com (bab.cabstand.com [76.246.87.242]) by mx1.freebsd.org (Postfix) with ESMTP id 04BD08FC13 for ; Fri, 22 Jan 2010 20:11:47 +0000 (UTC) Received: from bab.cabstand.com (localhost [127.0.0.1]) by bab.cabstand.com (8.13.8/8.13.8) with ESMTP id o0MK1dBl019809 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO) for ; Fri, 22 Jan 2010 12:01:39 -0800 (PST) (envelope-from chris@bab.cabstand.com) Received: (from chris@localhost) by bab.cabstand.com (8.13.8/8.13.8/Submit) id o0MK1d6P019808 for freebsd-questions@freebsd.org; Fri, 22 Jan 2010 12:01:39 -0800 (PST) (envelope-from chris) Date: Fri, 22 Jan 2010 12:01:38 -0800 From: Chris Peiffer To: freebsd-questions@freebsd.org Message-ID: <20100122200138.GA19469@cabstand.com> Mail-Followup-To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i Subject: ISO simple non-forking TCP connection forward/balance tool X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2010 20:11:48 -0000 I'm looking for a simple program I can use to forward incoming TCP connections to several other addr:port pairs. (including one on the machine itself.) Holding the connections open and passing the data back and forth until both parties close their ends. I need a solution that doesn't fork. One way to do it is just fork ad-hoc netcat pipes with inetd, but I'm trying to avoid the process overhead. An ssh tunnel is another option, but the crypto involves too much cpu overhead. I've investigaged ipnat rdr rules, but ipnat seems like it's too low-level, it wants to divert the packet directly w/o rewriting the "from" addr. This means that the return packet is a mismatch unless I make the machine running the forwarder into the router. I found a simple program called "balance" floating around out there, but unfortunately it uses an extremely naive fork-after-accept method that results in the same process overhead. Is there a simple kq-driven tcp forwarder out there? Is there a pure-TCP forwarding module for lighttpd? (or some other single-threaded app server?) Or is there a good way to do it in the kernel that I'm missing, and can someone direct me to an ipnat ruleset that creates new connections, so the TCP forwarding machine doesn't also need to be a router? Thanks very much for your help.