Proxy a TCP connection
Harry Schmalzbauer
freebsd at omnilan.de
Fri Jun 15 07:40:51 UTC 2018
Am 18.05.2018 um 23:29 schrieb Andrea Venturoli:
…
> Let's say I have a router connected to the Internet on one side and to
> a LAN with private IPs on the other.
> I want some clients from outside to be able to connect to a TCP
> service on a machine on the LAN: they should connect to port X on the
> firewall's public IP and reach port Y on the internal box.
…
> Does anyone have a good suggestion for a program similar to the above
> ones?
> I require nothing fancy, I just want it to be reliable.
Others already made good suggestions.
I'd like to add from my experience:
For scenarios which should be kept as simple as possible, and only need
TCP, I use NC together with inetd. Example:
/etc/rc.conf
inetd_enable="YES"
inetd_flags="-wW -C 60 -a /203.0.113.1/"
/etc/inetd.conf
https stream tcp nowait/400/300 nobody /usr/bin/nc nc -w 300
192.0.2.1 443
Both IPs can/should be replaced by hostnames, the inetd_flags "-a" is
used to limit the address which inetd listens on.
For scenarios with maximum flexibility, but limited to user space (most
famous jails e.g.), I use net/socat.
Since I often needed multiple instances of socat, I wrote a config file
patch, which adds support for multiple instances:
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226405
There's a UDP example included, here's one for TCP:
/usr/local/etc/socat-instances.conf
[myserver2dnstcp]
daemonuser=root
flags="TCP4-LISTEN:53,fork,bind=/203.0.113.1/ TCP4:192.0.2.0:53"
-harry
More information about the freebsd-net
mailing list