LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   lightweight tunnel (https://www.linuxquestions.org/questions/linux-networking-3/lightweight-tunnel-345229/)

eantoranz 07-20-2005 10:39 PM
lightweight tunnel
 
I need a very lightweight tunnel.

I want to have a service listening in port X and it will simply forward traffic to a service in port Y (can't use iptables' REDIRECT, which is the simplest solution).

michaelsanford 07-21-2005 01:00 AM
I assume from your post you mean X and Y are on the same machine ? If so I think this will suffice:

ssh localhost -g -L x:127.0.0.1:y

The -g allows remote hosts to connect to local tunneles ports (i.e., allow non-localhost computers to make use of the forward).

If the two ports aren't local, just change the line above appropriately.

Now I have to ask the obvious question: if you're chaning a service port locally, why not just edit the service's config file, or make a change in xinetd if the service supports it? That way you won't have the added overhead of the encryption...

eantoranz 07-21-2005 10:14 AM
Oh, well.... because the service will actually listen in it's natural port.. plus this other port(s).

Let me explain myself a little better:

We have (will have, should I say) three internet connections attached to a single host. This host will provide openVPN connection.

The problem is that as the box will have three internet connections to get to a given host, to avoid choosing the wrong path, I will use a different port for each network interface (plus the normal not tunneled openVPN port). According to the port the packet came in, I pass traffic back thru the network interface the request traffic came from.

sind 07-21-2005 10:59 AM
This isn't the most elegant solution, but you could use netcat to forward from one port to another. For instance:

Code:
$ nc -lp 8080 | nc localhost 80
You'd need to make a shell script or something to restart the above command, perhaps:

Code:
#!/bin/sh

for ((;;)); do
    nc -lp 8080 | nc localhost 80
done
The main drawback is it will only accept one connection at a time.

Hobbit's netcat is available here: http://www.securityfocus.com/tools/137
There is also a re-write called GNU netcat here: http://netcat.sourceforge.net/

~sind

PS: in fact it looks like GNU netcat has some sort of tunneling system built in, I haven't tried it though.

EDIT: using GNU netcat's tunnel function still requires a restart script. It would mean replacing:

Code:
    nc -lp 8080 | nc localhost 80
with:

Code:
    netcat -L localhost:80 -p 8080

eantoranz 07-21-2005 01:44 PM
Oh... did I forget to mention that the tunnel is for UDP traffic? :-O

Is there a ssh option to make it work with UDP?

sind 07-22-2005 08:16 AM
I don't think ssh supports UDP port forwarding.

This website shows how to use netcat to do UDP port forwarding.

Having reading that web page, I realised/learned that:

Code:
$ nc -lp 8080 | nc localhost 80
is a one way tunnel. Need to add a pipe in the other direction:

Code:
$ mkfifo reverse
$ nc -lp 8080 < reverse | nc localhost 80 > reverse
BTW why can't you use iptables' port forwarding?

~sind

eantoranz 07-22-2005 05:20 PM
Because I need to be able to differ traffic acording to the source port when the response traffic is going out... and If I do REDIRECT, the source port by the time the response hits POSTROUTING is the actual port the traffic was redirected TO, and not the APPARENT port.

Do I explain myself?


All times are GMT -5. The time now is 04:33 PM.