socat connect-connect "proxy" two inbound TCP connections to expose a firewalled service?
Solution 1
Something like
On "Server":
socat TCP4-LISTEN:10000 TCP4-LISTEN:4200
On "Client A"
socat TCP4:Server:10000 TCP4:localhost:4200
On "Client B"
Configure the client to connect to Server:4200
Alternatively, have a look at SSH port forwarding.
Solution 2
You can also use PortFusion which I originally developed personally for this type of scenario, specifically for RDP.
server> PortFusion ] 10000 [
client-a> PortFusion 4200 localhost - 10000 server [ 4200
Now client-b can connect to server:4200 for RDP.
IMPORTANT NOTE!!
You should start PortFusion on client-a
(or socat or anything else for that matter) as a different user AND ALSO NOT from within the graphical session of the user you want to connect as - otherwise you will get a black screen or a drop, etc.
Hope my answer can be of help.
Related videos on Youtube
cjones26
Updated on September 18, 2022Comments
-
cjones26 over 1 year
I'm struggling a bit trying to see how to use socat (or a similar TCP port redirector) to expose a firewalled service on a PC.
Here's the scenario: I have a server PC which will be acting as a listen-listen "proxy" / redirector between two client machines. The server can have as many firewall ports open as needed and has a public IP. On the first "client" (as in establishing an outbound connection to the proxy server), Client A, I am hosting a service on port 4200. This PC is behind a firewall which only allows inbound TCP connections based on a previous outbound connection. The same is true of the firewall Client B is behind.
What I need to do is have Client B able to access port 42000 on Client A through the internet-facing TCP proxy server. The problem is that I can only initiate outbound TCP connections from Client A. How can I redirect the TCP connections through the server when both of the relay's clients are behind firewalls which only allow outbound connections? Please see the diagram below & let me know if clarification is in order.
------------ | Server | |w/ public IP| ------------ / \ {|<Firewall>|} {|<Firewall>|} | | ---------- ---------- | Client A | | Client B | ---------- ---------- (hosting a service (wanting to access on port 4200) Client A port 4200)
I would greatly appreciate any advice, thanks.
-
cjones26 about 13 yearsThanks for the answer! It was perfect :). The one issue I'm having is, say I set up the chain as you've stated above & say the service is actually RDP. The connection immediately drops for some reason, after the first few packets are sent. Maybe this is a misunderstanding on my part of how to use socat?
-
RedGrittyBrick about 13 yearssocat has lots (really really lots) of options. I expect you need to find the right options to suit the needs of RDP. I'm not enough of an expert in socat or RDP to work it out easily. Have a look at dest-unreach.org/socat/doc/socat-gender.txt which is related to this task and the man page which I find moderately intimidating.
-
cjones26 over 12 yearsEasier than socat, thanks! Can this be used in a commercial application if it's attributed?
-
Ghouse over 12 yearsYes! It can be used in any type of applications. I would love to hear about the application in which you use it :)