LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-20-2005, 10:39 PM   #1
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Rep: Reputation: 83
lightweight tunnel


I need a very lightweight tunnel.

I want to have a service listening in port X and it will simply forward traffic to a service in port Y (can't use iptables' REDIRECT, which is the simplest solution).
 
Old 07-21-2005, 01:00 AM   #2
michaelsanford
Member
 
Registered: Feb 2005
Location: Ottawa/Montréal
Distribution: Slackware + Darwin (MacOS X)
Posts: 468

Rep: Reputation: 30
I assume from your post you mean X and Y are on the same machine ? If so I think this will suffice:

ssh localhost -g -L x:127.0.0.1:y

The -g allows remote hosts to connect to local tunneles ports (i.e., allow non-localhost computers to make use of the forward).

If the two ports aren't local, just change the line above appropriately.

Now I have to ask the obvious question: if you're chaning a service port locally, why not just edit the service's config file, or make a change in xinetd if the service supports it? That way you won't have the added overhead of the encryption...
 
Old 07-21-2005, 10:14 AM   #3
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
Oh, well.... because the service will actually listen in it's natural port.. plus this other port(s).

Let me explain myself a little better:

We have (will have, should I say) three internet connections attached to a single host. This host will provide openVPN connection.

The problem is that as the box will have three internet connections to get to a given host, to avoid choosing the wrong path, I will use a different port for each network interface (plus the normal not tunneled openVPN port). According to the port the packet came in, I pass traffic back thru the network interface the request traffic came from.
 
Old 07-21-2005, 10:59 AM   #4
sind
Member
 
Registered: Jun 2005
Posts: 75

Rep: Reputation: 15
This isn't the most elegant solution, but you could use netcat to forward from one port to another. For instance:

Code:
$ nc -lp 8080 | nc localhost 80
You'd need to make a shell script or something to restart the above command, perhaps:

Code:
#!/bin/sh

for ((;;)); do
    nc -lp 8080 | nc localhost 80
done
The main drawback is it will only accept one connection at a time.

Hobbit's netcat is available here: http://www.securityfocus.com/tools/137
There is also a re-write called GNU netcat here: http://netcat.sourceforge.net/

~sind

PS: in fact it looks like GNU netcat has some sort of tunneling system built in, I haven't tried it though.

EDIT: using GNU netcat's tunnel function still requires a restart script. It would mean replacing:

Code:
    nc -lp 8080 | nc localhost 80
with:

Code:
    netcat -L localhost:80 -p 8080

Last edited by sind; 07-21-2005 at 11:24 AM.
 
Old 07-21-2005, 01:44 PM   #5
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
Oh... did I forget to mention that the tunnel is for UDP traffic? :-O

Is there a ssh option to make it work with UDP?
 
Old 07-22-2005, 08:16 AM   #6
sind
Member
 
Registered: Jun 2005
Posts: 75

Rep: Reputation: 15
I don't think ssh supports UDP port forwarding.

This website shows how to use netcat to do UDP port forwarding.

Having reading that web page, I realised/learned that:

Code:
$ nc -lp 8080 | nc localhost 80
is a one way tunnel. Need to add a pipe in the other direction:

Code:
$ mkfifo reverse
$ nc -lp 8080 < reverse | nc localhost 80 > reverse
BTW why can't you use iptables' port forwarding?

~sind
 
Old 07-22-2005, 05:20 PM   #7
eantoranz
Senior Member
 
Registered: Apr 2003
Location: Colombia
Distribution: Kubuntu, Debian, Knoppix
Posts: 1,982
Blog Entries: 1

Original Poster
Rep: Reputation: 83
Because I need to be able to differ traffic acording to the source port when the response traffic is going out... and If I do REDIRECT, the source port by the time the response hits POSTROUTING is the actual port the traffic was redirected TO, and not the APPARENT port.

Do I explain myself?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Very Lightweight Distro Notwerk Linux - Distributions 6 05-23-2005 05:09 PM
What is the most lightweight desktop lenucks General 4 07-26-2004 05:47 PM
lightweight Windowmanager/DE jmirles Libranet 9 11-21-2003 04:52 PM
Lightweight programs under X yelp666 Linux - Software 2 08-05-2003 06:32 PM
LightWeight Browsers Iskander Linux - Software 15 06-23-2003 04:19 PM


All times are GMT -5. The time now is 01:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration