From owner-freebsd-net@freebsd.org Fri Jun 15 07:40:51 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AC9E71004182 for ; Fri, 15 Jun 2018 07:40:51 +0000 (UTC) (envelope-from freebsd@omnilan.de) Received: from mx0.gentlemail.de (mx0.gentlemail.de [IPv6:2a00:e10:2800::a130]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2E2DD7E464 for ; Fri, 15 Jun 2018 07:40:50 +0000 (UTC) (envelope-from freebsd@omnilan.de) Received: from mh0.gentlemail.de (mh0.gentlemail.de [78.138.80.135]) by mx0.gentlemail.de (8.14.5/8.14.5) with ESMTP id w5F7emWO098875; Fri, 15 Jun 2018 09:40:48 +0200 (CEST) (envelope-from freebsd@omnilan.de) Received: from titan.inop.mo1.omnilan.net (s1.omnilan.de [217.91.127.234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mh0.gentlemail.de (Postfix) with ESMTPSA id D19BDF5D; Fri, 15 Jun 2018 09:40:47 +0200 (CEST) Subject: Re: Proxy a TCP connection To: Andrea Venturoli , freebsd-net@freebsd.org References: <2346bc5f-1ca3-3b6a-ac1a-c496e94eb969@netfence.it> From: Harry Schmalzbauer Organization: OmniLAN Message-ID: <48708a5c-0c6d-a8f1-3a48-545eb076ead0@omnilan.de> Date: Fri, 15 Jun 2018 09:40:44 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <2346bc5f-1ca3-3b6a-ac1a-c496e94eb969@netfence.it> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Greylist: ACL 130 matched, not delayed by milter-greylist-4.2.7 (mx0.gentlemail.de [78.138.80.130]); Fri, 15 Jun 2018 09:40:48 +0200 (CEST) X-Milter: Spamilter (Reciever: mx0.gentlemail.de; Sender-ip: 78.138.80.135; Sender-helo: mh0.gentlemail.de; ) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2018 07:40:51 -0000 Am 18.05.2018 um 23:29 schrieb Andrea Venturoli: … > Let's say I have a router connected to the Internet on one side and to > a LAN with private IPs on the other. > I want some clients from outside to be able to connect to a TCP > service on a machine on the LAN: they should connect to port X on the > firewall's public IP and reach port Y on the internal box. … > Does anyone have a good suggestion for a program similar to the above > ones? > I require nothing fancy, I just want it to be reliable. Others already made good suggestions. I'd like to add from my experience: For scenarios which should be kept as simple as possible, and only need TCP, I use NC together with inetd.  Example: /etc/rc.conf inetd_enable="YES" inetd_flags="-wW -C 60 -a /203.0.113.1/" /etc/inetd.conf https  stream  tcp     nowait/400/300  nobody  /usr/bin/nc     nc -w 300 192.0.2.1 443 Both IPs can/should be replaced by hostnames, the inetd_flags "-a" is used to limit the address which inetd listens on. For scenarios with maximum flexibility, but limited to user space (most famous jails e.g.), I use net/socat. Since I often needed multiple instances of socat, I wrote a config file patch, which adds support for multiple instances: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226405 There's a UDP example included, here's one for TCP: /usr/local/etc/socat-instances.conf [myserver2dnstcp] daemonuser=root flags="TCP4-LISTEN:53,fork,bind=/203.0.113.1/ TCP4:192.0.2.0:53" -harry