Simple way to create a tunnel from one local port to another?
I have a development server, which is only accessible from 127.0.0.1:8000, not 192.168.1.x:8000. As a quick hack, is there a way to set up something to listen on another port (say, 8001) so that from the local network I could connect 192.168.1.x:8001 and it would tunnel the traffic between the client and 127.0.0.1:8000?
networking tcp tunneling port-forwarding
edited May 8 '11 at 13:26
Gilles
532k12810651592
asked Apr 1 '11 at 5:07
waitinforatrainwaitinforatrain
430157
add a comment |
I have a development server, which is only accessible from 127.0.0.1:8000, not 192.168.1.x:8000. As a quick hack, is there a way to set up something to listen on another port (say, 8001) so that from the local network I could connect 192.168.1.x:8001 and it would tunnel the traffic between the client and 127.0.0.1:8000?
networking tcp tunneling port-forwarding
edited May 8 '11 at 13:26
Gilles
532k12810651592
asked Apr 1 '11 at 5:07
waitinforatrainwaitinforatrain
430157
4
netcat can do this.
– Andy
Apr 1 '11 at 5:25
add a comment |
I have a development server, which is only accessible from 127.0.0.1:8000, not 192.168.1.x:8000. As a quick hack, is there a way to set up something to listen on another port (say, 8001) so that from the local network I could connect 192.168.1.x:8001 and it would tunnel the traffic between the client and 127.0.0.1:8000?
networking tcp tunneling port-forwarding
edited May 8 '11 at 13:26
Gilles
532k12810651592
asked Apr 1 '11 at 5:07
waitinforatrainwaitinforatrain
430157
I have a development server, which is only accessible from 127.0.0.1:8000, not 192.168.1.x:8000. As a quick hack, is there a way to set up something to listen on another port (say, 8001) so that from the local network I could connect 192.168.1.x:8001 and it would tunnel the traffic between the client and 127.0.0.1:8000?
networking tcp tunneling port-forwarding
networking tcp tunneling port-forwarding
edited May 8 '11 at 13:26
Gilles
532k12810651592
asked Apr 1 '11 at 5:07
waitinforatrainwaitinforatrain
430157
edited May 8 '11 at 13:26
Gilles
532k12810651592
asked Apr 1 '11 at 5:07
waitinforatrainwaitinforatrain
430157
edited May 8 '11 at 13:26
Gilles
532k12810651592
edited May 8 '11 at 13:26
Gilles
532k12810651592
edited May 8 '11 at 13:26
Gilles
532k12810651592
532k12810651592
asked Apr 1 '11 at 5:07
waitinforatrainwaitinforatrain
430157
asked Apr 1 '11 at 5:07
waitinforatrainwaitinforatrain
430157
asked Apr 1 '11 at 5:07
waitinforatrainwaitinforatrain
430157
430157
4
netcat can do this.
– Andy
Apr 1 '11 at 5:25
add a comment |
4
netcat can do this.
– Andy
Apr 1 '11 at 5:25
4
4
netcat can do this.
– Andy
Apr 1 '11 at 5:25
netcat can do this.
– Andy
Apr 1 '11 at 5:25
add a comment |
7 Answers
7
active
oldest
votes
Using ssh is the easiest solution.
ssh -g -L 8001:localhost:8000 -f -N user@remote-server.com
This forwards the local port 8001 on your workstation to the localhost address on remote-server.com port 8000.-g means allow other clients on my network to connect to port 8001 on my workstation. Otherwise only local clients on your workstation can connect to the forwarded port.-N means all I am doing is forwarding ports, don't start a shell.-f means fork into background after a successful SSH connection and log-in.
Port 8001 will stay open for many connections, until ssh dies or is killed. If you happen to be on Windows, the excellent SSH client PuTTY can do this as well. Use 8001 as the local port and localhost:8000 and the destination and add a local port forwarding in settings. You can add it after a successful connect with PuTTY.
edited Jun 13 '17 at 13:23
Marián Černý
1677
answered Apr 1 '11 at 5:55
penguin359penguin359
8,72423040
4
What does theuser@remote-server.comdo? It's definitely unneeded for port forwarding, however ssh mandates having this argument, more over, it tries to connect there. And upon setting this pesky option to hostname it outputs…port 22: Connection refused(no, I didn't use the 22 port). Unless I'm missing something, the command plainly doesn't work.
– Hi-Angel
Dec 1 '16 at 13:43
@Hi-Angeluser@remote-server.comis just an example and you should not take it literally. You have to replace this with a name of computer you want to connect to and your username on this computer. This information is needed to establish ssh connection. Only after ssh connection is established ports can be forwarded through this connection.
– Piotr Dobrogost
Feb 1 '17 at 23:45
If you want the port to be available from boot then see "autossh" in a systemd service using the above method - everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh
– Richard Hollis
Oct 27 '17 at 13:03
I also get "connection refused". And I still don't understand why the user@remote-server.com argument is needed when there is no SSH connection involved (according to -N). Should just forward packets.
– Alexander Taylor
Dec 10 '17 at 7:42
@AlexanderTaylor-Ndoes not mean there is no SSH connection. It simply meansdo not execute a remote command(see the man page). The<user>@<host>argument is necessary, because this does open an SSH connection to<host>(which for OP's case would belocalhost), and forwards the desired port through that SSH tunnel. It is one solution for OP's problem, but not the simplest. To forward to localhost without using ssh, you can usesocatornetcatas in StephaneChazelas and not-a-user 's answers
– user143943
Apr 18 '18 at 11:35
add a comment |
With socat on the server:
socat tcp-listen:8001,reuseaddr,fork tcp:localhost:8000
By default, socat will listen on TCP port 8001 on any IPv4 or IPv6 address (if supported) on the machine. You can restrict it to IPv4/6 by replacing tcp-listen with tcp4-listen or tcp6-listen, or to a specific local address by adding a ,bind=that-address.
Same for the connecting socket you're proxying to, you can use any address in place of localhost, and replace tcp with tcp4 or tcp6 if you want to restrict the address resolution to IPv4 or IPv6 addresses.
Note that for the server listening on port 8000, the connection will appear as coming from the proxy (in the case of localhost, that will be localhost), not the original client. You'd need to use DNAT approaches (but which requires superuser privileges) for the server to be able to tell who's the client.
edited May 31 '17 at 19:55
quantum
1054
answered Feb 26 '15 at 16:57
Stéphane ChazelasStéphane Chazelas
301k55564916
Thanks, this is great since you do not have to have a local ssh server running.
– jontro
Dec 15 '15 at 15:11
Can I use the same port but different address?
– Amos
Feb 14 '17 at 4:35
@amos, see edit.
– Stéphane Chazelas
Feb 14 '17 at 18:23
Would it also be possible to forward traffic only from specific IPs?
– Phate
Aug 23 '18 at 18:05
1
@Phate, see Tell socat to listen to connections from a single IP address (and therangeandtcpwrapoptions in thesocatman page).
– Stéphane Chazelas
Aug 23 '18 at 18:38
add a comment |
Using the traditional nc is the easiest solution:
nc -l -p 8001 -c "nc 127.0.0.1 8000"
This version of nc is in the netcat-traditional package on Ubuntu. (You have to update-alternatives or call it nc.traditional.)
Note that in contrast to ssh this is not encrypted. Keep that in mind if you use it outside one host.
answered Nov 20 '13 at 11:18
not-a-usernot-a-user
657811
2
anyone know the equivalent onnetcat-openbsd?
– user7000
Jul 23 '17 at 18:20
2
Analog fornetcatversion that is included inbusybox:nc -v -lk -p 8001 -e /usr/bin/nc 127.0.0.1 8000. (Description of params)
– Ivan Kolmychek
Mar 16 '18 at 13:30
1
Working, but thenccommand ends after the first remote connection. Add-kif you need to keep it running.
– Sopalajo de Arrierez
Jun 20 '18 at 23:49
I'm getting this error:nc: cannot use -p and -lon CentOS 6.4. Is there a work around?
– Nick Predey
Jul 16 '18 at 15:52
I prefer this solution over the ssh one because it makes it easier to use as root, when one needs to locally forward a privileged port.
– Christian
Aug 15 '18 at 0:58
add a comment |
OpenBSD netcat is available by default on Linux and also on OS X.
OSX:
mkfifo a
mkfifo b
nc 127.0.0.1 8000 < b > a &
nc -l 8001 < a > b &
Linux:
mkfifo backpipe
nc -l 12345 0<backpipe | nc www.google.com 80 1>backpipe
An alternative that works on OS X bash is to use a bidirectional pipe. It may work on other Unixes:
nc 127.0.0.1 8000 <&1 | nc -l 8001 >&0
edited Aug 19 '17 at 19:36
Ivan Malyshev
1032
answered Jul 1 '13 at 22:37
Mark A.Mark A.
22922
I didn't notice at first that you were using openbsd netcat. This is better than having to install another netcat from an Ubuntu package.
– RobertR
Feb 26 '15 at 15:24
OpenBSD example failed on Ubuntu 15.04. With the shell redirects, netcat fails to open the port for listening as seen byss -tanornetstat -tan.
– Justin C
Sep 3 '15 at 0:12
⁺¹. FTR: the alternative way works on Ubuntu
– Hi-Angel
Nov 30 '16 at 10:41
I don't understand your solution. Can you explain it?
– Trismegistos
Sep 19 '17 at 8:21
@trismegistos In these examples the netcat listener and client redirect input into some shared files (mkfifo pipes..first in first out), and use those shared files as their source/destination of input/output, effectively creating a tunnel. Usually client/listener are used, but some techniques use client+client/listener+listener- wiki.securityweekly.com/… and slideshare.net/amiable_indian/secrets-of-top-pentesters are must reads.
– Info5ek
Oct 4 '17 at 18:02
add a comment |
Quoting a David Spillett's answer on ServerFault
rinetd should do the job, and a Windows binary for it can be had from http://www.boutell.com/rinetd/ (for anyone looking for the same thing under Linux, rinetd is in the standard repositories of just about every distro so can be installed with "apt-get install rinetd" or "yum install rinetd" or similar)
It is a simple binary that takes a configuration file in the format
bindaddress bindport connectaddress connectport
For example:
192.168.1.1 8001 127.0.0.1 8000
or
0.0.0.0 8001 127.0.0.1 8000
if you want to bind the incoming port to all the interfaces.
answered Mar 15 '18 at 8:57
psychowoodpsychowood
1412
add a comment |
iptables -t nat -A PREROUTING -p tcp --dport <origin-port> -j REDIRECT --to-port <destination-port>
service iptables save
service iptables restart
answered May 27 '16 at 9:27
Santanu DeySantanu Dey
1212
Upon trying to connect todport, as innc -v localhost 2345, I'm gettingConnection refused. I'm not very good in iptables, but I guess the dport has to have a listening app.
– Hi-Angel
Dec 1 '16 at 12:49
What if origin-port is on different interface than destination port?
– Trismegistos
Sep 19 '17 at 8:19
add a comment |
this is a new way to tunnel two udp port on server:
https://github.com/9crk/udpeer
udpeer 8001 8002
test:
nc -u xxxx.com 8001
nc -u xxxx.com 8002
answered 20 mins ago
9crk9crk
1
New contributor
9crk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f10428%2fsimple-way-to-create-a-tunnel-from-one-local-port-to-another%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
7 Answers
7
active
oldest
votes
7 Answers
7
active
oldest
votes
active
oldest
votes
active
oldest
votes
Using ssh is the easiest solution.
ssh -g -L 8001:localhost:8000 -f -N user@remote-server.com
This forwards the local port 8001 on your workstation to the localhost address on remote-server.com port 8000.-g means allow other clients on my network to connect to port 8001 on my workstation. Otherwise only local clients on your workstation can connect to the forwarded port.-N means all I am doing is forwarding ports, don't start a shell.-f means fork into background after a successful SSH connection and log-in.
Port 8001 will stay open for many connections, until ssh dies or is killed. If you happen to be on Windows, the excellent SSH client PuTTY can do this as well. Use 8001 as the local port and localhost:8000 and the destination and add a local port forwarding in settings. You can add it after a successful connect with PuTTY.
edited Jun 13 '17 at 13:23
Marián Černý
1677
answered Apr 1 '11 at 5:55
penguin359penguin359
8,72423040
4
What does theuser@remote-server.comdo? It's definitely unneeded for port forwarding, however ssh mandates having this argument, more over, it tries to connect there. And upon setting this pesky option to hostname it outputs…port 22: Connection refused(no, I didn't use the 22 port). Unless I'm missing something, the command plainly doesn't work.
– Hi-Angel
Dec 1 '16 at 13:43
@Hi-Angeluser@remote-server.comis just an example and you should not take it literally. You have to replace this with a name of computer you want to connect to and your username on this computer. This information is needed to establish ssh connection. Only after ssh connection is established ports can be forwarded through this connection.
– Piotr Dobrogost
Feb 1 '17 at 23:45
If you want the port to be available from boot then see "autossh" in a systemd service using the above method - everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh
– Richard Hollis
Oct 27 '17 at 13:03
I also get "connection refused". And I still don't understand why the user@remote-server.com argument is needed when there is no SSH connection involved (according to -N). Should just forward packets.
– Alexander Taylor
Dec 10 '17 at 7:42
@AlexanderTaylor-Ndoes not mean there is no SSH connection. It simply meansdo not execute a remote command(see the man page). The<user>@<host>argument is necessary, because this does open an SSH connection to<host>(which for OP's case would belocalhost), and forwards the desired port through that SSH tunnel. It is one solution for OP's problem, but not the simplest. To forward to localhost without using ssh, you can usesocatornetcatas in StephaneChazelas and not-a-user 's answers
– user143943
Apr 18 '18 at 11:35
add a comment |
Using ssh is the easiest solution.
ssh -g -L 8001:localhost:8000 -f -N user@remote-server.com
This forwards the local port 8001 on your workstation to the localhost address on remote-server.com port 8000.-g means allow other clients on my network to connect to port 8001 on my workstation. Otherwise only local clients on your workstation can connect to the forwarded port.-N means all I am doing is forwarding ports, don't start a shell.-f means fork into background after a successful SSH connection and log-in.
Port 8001 will stay open for many connections, until ssh dies or is killed. If you happen to be on Windows, the excellent SSH client PuTTY can do this as well. Use 8001 as the local port and localhost:8000 and the destination and add a local port forwarding in settings. You can add it after a successful connect with PuTTY.
edited Jun 13 '17 at 13:23
Marián Černý
1677
answered Apr 1 '11 at 5:55
penguin359penguin359
8,72423040
4
What does theuser@remote-server.comdo? It's definitely unneeded for port forwarding, however ssh mandates having this argument, more over, it tries to connect there. And upon setting this pesky option to hostname it outputs…port 22: Connection refused(no, I didn't use the 22 port). Unless I'm missing something, the command plainly doesn't work.
– Hi-Angel
Dec 1 '16 at 13:43
@Hi-Angeluser@remote-server.comis just an example and you should not take it literally. You have to replace this with a name of computer you want to connect to and your username on this computer. This information is needed to establish ssh connection. Only after ssh connection is established ports can be forwarded through this connection.
– Piotr Dobrogost
Feb 1 '17 at 23:45
If you want the port to be available from boot then see "autossh" in a systemd service using the above method - everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh
– Richard Hollis
Oct 27 '17 at 13:03
I also get "connection refused". And I still don't understand why the user@remote-server.com argument is needed when there is no SSH connection involved (according to -N). Should just forward packets.
– Alexander Taylor
Dec 10 '17 at 7:42
@AlexanderTaylor-Ndoes not mean there is no SSH connection. It simply meansdo not execute a remote command(see the man page). The<user>@<host>argument is necessary, because this does open an SSH connection to<host>(which for OP's case would belocalhost), and forwards the desired port through that SSH tunnel. It is one solution for OP's problem, but not the simplest. To forward to localhost without using ssh, you can usesocatornetcatas in StephaneChazelas and not-a-user 's answers
– user143943
Apr 18 '18 at 11:35
add a comment |
Using ssh is the easiest solution.
ssh -g -L 8001:localhost:8000 -f -N user@remote-server.com
This forwards the local port 8001 on your workstation to the localhost address on remote-server.com port 8000.-g means allow other clients on my network to connect to port 8001 on my workstation. Otherwise only local clients on your workstation can connect to the forwarded port.-N means all I am doing is forwarding ports, don't start a shell.-f means fork into background after a successful SSH connection and log-in.
Port 8001 will stay open for many connections, until ssh dies or is killed. If you happen to be on Windows, the excellent SSH client PuTTY can do this as well. Use 8001 as the local port and localhost:8000 and the destination and add a local port forwarding in settings. You can add it after a successful connect with PuTTY.
edited Jun 13 '17 at 13:23
Marián Černý
1677
answered Apr 1 '11 at 5:55
penguin359penguin359
8,72423040
Using ssh is the easiest solution.
ssh -g -L 8001:localhost:8000 -f -N user@remote-server.com
This forwards the local port 8001 on your workstation to the localhost address on remote-server.com port 8000.-g means allow other clients on my network to connect to port 8001 on my workstation. Otherwise only local clients on your workstation can connect to the forwarded port.-N means all I am doing is forwarding ports, don't start a shell.-f means fork into background after a successful SSH connection and log-in.
Port 8001 will stay open for many connections, until ssh dies or is killed. If you happen to be on Windows, the excellent SSH client PuTTY can do this as well. Use 8001 as the local port and localhost:8000 and the destination and add a local port forwarding in settings. You can add it after a successful connect with PuTTY.
edited Jun 13 '17 at 13:23
Marián Černý
1677
answered Apr 1 '11 at 5:55
penguin359penguin359
8,72423040
edited Jun 13 '17 at 13:23
Marián Černý
1677
edited Jun 13 '17 at 13:23
Marián Černý
1677
edited Jun 13 '17 at 13:23
Marián Černý
1677
1677
answered Apr 1 '11 at 5:55
penguin359penguin359
8,72423040
answered Apr 1 '11 at 5:55
penguin359penguin359
8,72423040
answered Apr 1 '11 at 5:55
penguin359penguin359
8,72423040
8,72423040
4
What does theuser@remote-server.comdo? It's definitely unneeded for port forwarding, however ssh mandates having this argument, more over, it tries to connect there. And upon setting this pesky option to hostname it outputs…port 22: Connection refused(no, I didn't use the 22 port). Unless I'm missing something, the command plainly doesn't work.
– Hi-Angel
Dec 1 '16 at 13:43
@Hi-Angeluser@remote-server.comis just an example and you should not take it literally. You have to replace this with a name of computer you want to connect to and your username on this computer. This information is needed to establish ssh connection. Only after ssh connection is established ports can be forwarded through this connection.
– Piotr Dobrogost
Feb 1 '17 at 23:45
If you want the port to be available from boot then see "autossh" in a systemd service using the above method - everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh
– Richard Hollis
Oct 27 '17 at 13:03
I also get "connection refused". And I still don't understand why the user@remote-server.com argument is needed when there is no SSH connection involved (according to -N). Should just forward packets.
– Alexander Taylor
Dec 10 '17 at 7:42
@AlexanderTaylor-Ndoes not mean there is no SSH connection. It simply meansdo not execute a remote command(see the man page). The<user>@<host>argument is necessary, because this does open an SSH connection to<host>(which for OP's case would belocalhost), and forwards the desired port through that SSH tunnel. It is one solution for OP's problem, but not the simplest. To forward to localhost without using ssh, you can usesocatornetcatas in StephaneChazelas and not-a-user 's answers
– user143943
Apr 18 '18 at 11:35
add a comment |
4
What does theuser@remote-server.comdo? It's definitely unneeded for port forwarding, however ssh mandates having this argument, more over, it tries to connect there. And upon setting this pesky option to hostname it outputs…port 22: Connection refused(no, I didn't use the 22 port). Unless I'm missing something, the command plainly doesn't work.
– Hi-Angel
Dec 1 '16 at 13:43
@Hi-Angeluser@remote-server.comis just an example and you should not take it literally. You have to replace this with a name of computer you want to connect to and your username on this computer. This information is needed to establish ssh connection. Only after ssh connection is established ports can be forwarded through this connection.
– Piotr Dobrogost
Feb 1 '17 at 23:45
If you want the port to be available from boot then see "autossh" in a systemd service using the above method - everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh
– Richard Hollis
Oct 27 '17 at 13:03
I also get "connection refused". And I still don't understand why the user@remote-server.com argument is needed when there is no SSH connection involved (according to -N). Should just forward packets.
– Alexander Taylor
Dec 10 '17 at 7:42
@AlexanderTaylor-Ndoes not mean there is no SSH connection. It simply meansdo not execute a remote command(see the man page). The<user>@<host>argument is necessary, because this does open an SSH connection to<host>(which for OP's case would belocalhost), and forwards the desired port through that SSH tunnel. It is one solution for OP's problem, but not the simplest. To forward to localhost without using ssh, you can usesocatornetcatas in StephaneChazelas and not-a-user 's answers
– user143943
Apr 18 '18 at 11:35
4
4
What does the
user@remote-server.com do? It's definitely unneeded for port forwarding, however ssh mandates having this argument, more over, it tries to connect there. And upon setting this pesky option to hostname it outputs …port 22: Connection refused (no, I didn't use the 22 port). Unless I'm missing something, the command plainly doesn't work.– Hi-Angel
Dec 1 '16 at 13:43
What does the
user@remote-server.com do? It's definitely unneeded for port forwarding, however ssh mandates having this argument, more over, it tries to connect there. And upon setting this pesky option to hostname it outputs …port 22: Connection refused (no, I didn't use the 22 port). Unless I'm missing something, the command plainly doesn't work.– Hi-Angel
Dec 1 '16 at 13:43
@Hi-Angel
user@remote-server.com is just an example and you should not take it literally. You have to replace this with a name of computer you want to connect to and your username on this computer. This information is needed to establish ssh connection. Only after ssh connection is established ports can be forwarded through this connection.– Piotr Dobrogost
Feb 1 '17 at 23:45
@Hi-Angel
user@remote-server.com is just an example and you should not take it literally. You have to replace this with a name of computer you want to connect to and your username on this computer. This information is needed to establish ssh connection. Only after ssh connection is established ports can be forwarded through this connection.– Piotr Dobrogost
Feb 1 '17 at 23:45
If you want the port to be available from boot then see "autossh" in a systemd service using the above method - everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh
– Richard Hollis
Oct 27 '17 at 13:03
If you want the port to be available from boot then see "autossh" in a systemd service using the above method - everythingcli.org/ssh-tunnelling-for-fun-and-profit-autossh
– Richard Hollis
Oct 27 '17 at 13:03
I also get "connection refused". And I still don't understand why the user@remote-server.com argument is needed when there is no SSH connection involved (according to -N). Should just forward packets.
– Alexander Taylor
Dec 10 '17 at 7:42
I also get "connection refused". And I still don't understand why the user@remote-server.com argument is needed when there is no SSH connection involved (according to -N). Should just forward packets.
– Alexander Taylor
Dec 10 '17 at 7:42
@AlexanderTaylor
-N does not mean there is no SSH connection. It simply means do not execute a remote command (see the man page). The <user>@<host> argument is necessary, because this does open an SSH connection to <host> (which for OP's case would be localhost), and forwards the desired port through that SSH tunnel. It is one solution for OP's problem, but not the simplest. To forward to localhost without using ssh, you can use socat or netcat as in StephaneChazelas and not-a-user 's answers– user143943
Apr 18 '18 at 11:35
@AlexanderTaylor
-N does not mean there is no SSH connection. It simply means do not execute a remote command (see the man page). The <user>@<host> argument is necessary, because this does open an SSH connection to <host> (which for OP's case would be localhost), and forwards the desired port through that SSH tunnel. It is one solution for OP's problem, but not the simplest. To forward to localhost without using ssh, you can use socat or netcat as in StephaneChazelas and not-a-user 's answers– user143943
Apr 18 '18 at 11:35
add a comment |
With socat on the server:
socat tcp-listen:8001,reuseaddr,fork tcp:localhost:8000
By default, socat will listen on TCP port 8001 on any IPv4 or IPv6 address (if supported) on the machine. You can restrict it to IPv4/6 by replacing tcp-listen with tcp4-listen or tcp6-listen, or to a specific local address by adding a ,bind=that-address.
Same for the connecting socket you're proxying to, you can use any address in place of localhost, and replace tcp with tcp4 or tcp6 if you want to restrict the address resolution to IPv4 or IPv6 addresses.
Note that for the server listening on port 8000, the connection will appear as coming from the proxy (in the case of localhost, that will be localhost), not the original client. You'd need to use DNAT approaches (but which requires superuser privileges) for the server to be able to tell who's the client.
edited May 31 '17 at 19:55
quantum
1054
answered Feb 26 '15 at 16:57
Stéphane ChazelasStéphane Chazelas
301k55564916
Thanks, this is great since you do not have to have a local ssh server running.
– jontro
Dec 15 '15 at 15:11
Can I use the same port but different address?
– Amos
Feb 14 '17 at 4:35
@amos, see edit.
– Stéphane Chazelas
Feb 14 '17 at 18:23
Would it also be possible to forward traffic only from specific IPs?
– Phate
Aug 23 '18 at 18:05
1
@Phate, see Tell socat to listen to connections from a single IP address (and therangeandtcpwrapoptions in thesocatman page).
– Stéphane Chazelas
Aug 23 '18 at 18:38
add a comment |
With socat on the server:
socat tcp-listen:8001,reuseaddr,fork tcp:localhost:8000
By default, socat will listen on TCP port 8001 on any IPv4 or IPv6 address (if supported) on the machine. You can restrict it to IPv4/6 by replacing tcp-listen with tcp4-listen or tcp6-listen, or to a specific local address by adding a ,bind=that-address.
Same for the connecting socket you're proxying to, you can use any address in place of localhost, and replace tcp with tcp4 or tcp6 if you want to restrict the address resolution to IPv4 or IPv6 addresses.
Note that for the server listening on port 8000, the connection will appear as coming from the proxy (in the case of localhost, that will be localhost), not the original client. You'd need to use DNAT approaches (but which requires superuser privileges) for the server to be able to tell who's the client.
edited May 31 '17 at 19:55
quantum
1054
answered Feb 26 '15 at 16:57
Stéphane ChazelasStéphane Chazelas
301k55564916
Thanks, this is great since you do not have to have a local ssh server running.
– jontro
Dec 15 '15 at 15:11
Can I use the same port but different address?
– Amos
Feb 14 '17 at 4:35
@amos, see edit.
– Stéphane Chazelas
Feb 14 '17 at 18:23
Would it also be possible to forward traffic only from specific IPs?
– Phate
Aug 23 '18 at 18:05
1
@Phate, see Tell socat to listen to connections from a single IP address (and therangeandtcpwrapoptions in thesocatman page).
– Stéphane Chazelas
Aug 23 '18 at 18:38
add a comment |
With socat on the server:
socat tcp-listen:8001,reuseaddr,fork tcp:localhost:8000
By default, socat will listen on TCP port 8001 on any IPv4 or IPv6 address (if supported) on the machine. You can restrict it to IPv4/6 by replacing tcp-listen with tcp4-listen or tcp6-listen, or to a specific local address by adding a ,bind=that-address.
Same for the connecting socket you're proxying to, you can use any address in place of localhost, and replace tcp with tcp4 or tcp6 if you want to restrict the address resolution to IPv4 or IPv6 addresses.
Note that for the server listening on port 8000, the connection will appear as coming from the proxy (in the case of localhost, that will be localhost), not the original client. You'd need to use DNAT approaches (but which requires superuser privileges) for the server to be able to tell who's the client.
edited May 31 '17 at 19:55
quantum
1054
answered Feb 26 '15 at 16:57
Stéphane ChazelasStéphane Chazelas
301k55564916
With socat on the server:
socat tcp-listen:8001,reuseaddr,fork tcp:localhost:8000
By default, socat will listen on TCP port 8001 on any IPv4 or IPv6 address (if supported) on the machine. You can restrict it to IPv4/6 by replacing tcp-listen with tcp4-listen or tcp6-listen, or to a specific local address by adding a ,bind=that-address.
Same for the connecting socket you're proxying to, you can use any address in place of localhost, and replace tcp with tcp4 or tcp6 if you want to restrict the address resolution to IPv4 or IPv6 addresses.
Note that for the server listening on port 8000, the connection will appear as coming from the proxy (in the case of localhost, that will be localhost), not the original client. You'd need to use DNAT approaches (but which requires superuser privileges) for the server to be able to tell who's the client.
edited May 31 '17 at 19:55
quantum
1054
answered Feb 26 '15 at 16:57
Stéphane ChazelasStéphane Chazelas
301k55564916
edited May 31 '17 at 19:55
quantum
1054
edited May 31 '17 at 19:55
quantum
1054
edited May 31 '17 at 19:55
quantum
1054
1054
answered Feb 26 '15 at 16:57
Stéphane ChazelasStéphane Chazelas
301k55564916
answered Feb 26 '15 at 16:57
Stéphane ChazelasStéphane Chazelas
301k55564916
answered Feb 26 '15 at 16:57
Stéphane ChazelasStéphane Chazelas
301k55564916
301k55564916
Thanks, this is great since you do not have to have a local ssh server running.
– jontro
Dec 15 '15 at 15:11
Can I use the same port but different address?
– Amos
Feb 14 '17 at 4:35
@amos, see edit.
– Stéphane Chazelas
Feb 14 '17 at 18:23
Would it also be possible to forward traffic only from specific IPs?
– Phate
Aug 23 '18 at 18:05
1
@Phate, see Tell socat to listen to connections from a single IP address (and therangeandtcpwrapoptions in thesocatman page).
– Stéphane Chazelas
Aug 23 '18 at 18:38
add a comment |
Thanks, this is great since you do not have to have a local ssh server running.
– jontro
Dec 15 '15 at 15:11
Can I use the same port but different address?
– Amos
Feb 14 '17 at 4:35
@amos, see edit.
– Stéphane Chazelas
Feb 14 '17 at 18:23
Would it also be possible to forward traffic only from specific IPs?
– Phate
Aug 23 '18 at 18:05
1
@Phate, see Tell socat to listen to connections from a single IP address (and therangeandtcpwrapoptions in thesocatman page).
– Stéphane Chazelas
Aug 23 '18 at 18:38
Thanks, this is great since you do not have to have a local ssh server running.
– jontro
Dec 15 '15 at 15:11
Thanks, this is great since you do not have to have a local ssh server running.
– jontro
Dec 15 '15 at 15:11
Can I use the same port but different address?
– Amos
Feb 14 '17 at 4:35
Can I use the same port but different address?
– Amos
Feb 14 '17 at 4:35
@amos, see edit.
– Stéphane Chazelas
Feb 14 '17 at 18:23
@amos, see edit.
– Stéphane Chazelas
Feb 14 '17 at 18:23
Would it also be possible to forward traffic only from specific IPs?
– Phate
Aug 23 '18 at 18:05
Would it also be possible to forward traffic only from specific IPs?
– Phate
Aug 23 '18 at 18:05
1
1
@Phate, see Tell socat to listen to connections from a single IP address (and the
range and tcpwrap options in the socat man page).– Stéphane Chazelas
Aug 23 '18 at 18:38
@Phate, see Tell socat to listen to connections from a single IP address (and the
range and tcpwrap options in the socat man page).– Stéphane Chazelas
Aug 23 '18 at 18:38
add a comment |
Using the traditional nc is the easiest solution:
nc -l -p 8001 -c "nc 127.0.0.1 8000"
This version of nc is in the netcat-traditional package on Ubuntu. (You have to update-alternatives or call it nc.traditional.)
Note that in contrast to ssh this is not encrypted. Keep that in mind if you use it outside one host.
answered Nov 20 '13 at 11:18
not-a-usernot-a-user
657811
2
anyone know the equivalent onnetcat-openbsd?
– user7000
Jul 23 '17 at 18:20
2
Analog fornetcatversion that is included inbusybox:nc -v -lk -p 8001 -e /usr/bin/nc 127.0.0.1 8000. (Description of params)
– Ivan Kolmychek
Mar 16 '18 at 13:30
1
Working, but thenccommand ends after the first remote connection. Add-kif you need to keep it running.
– Sopalajo de Arrierez
Jun 20 '18 at 23:49
I'm getting this error:nc: cannot use -p and -lon CentOS 6.4. Is there a work around?
– Nick Predey
Jul 16 '18 at 15:52
I prefer this solution over the ssh one because it makes it easier to use as root, when one needs to locally forward a privileged port.
– Christian
Aug 15 '18 at 0:58
add a comment |
Using the traditional nc is the easiest solution:
nc -l -p 8001 -c "nc 127.0.0.1 8000"
This version of nc is in the netcat-traditional package on Ubuntu. (You have to update-alternatives or call it nc.traditional.)
Note that in contrast to ssh this is not encrypted. Keep that in mind if you use it outside one host.
answered Nov 20 '13 at 11:18
not-a-usernot-a-user
657811
2
anyone know the equivalent onnetcat-openbsd?
– user7000
Jul 23 '17 at 18:20
2
Analog fornetcatversion that is included inbusybox:nc -v -lk -p 8001 -e /usr/bin/nc 127.0.0.1 8000. (Description of params)
– Ivan Kolmychek
Mar 16 '18 at 13:30
1
Working, but thenccommand ends after the first remote connection. Add-kif you need to keep it running.
– Sopalajo de Arrierez
Jun 20 '18 at 23:49
I'm getting this error:nc: cannot use -p and -lon CentOS 6.4. Is there a work around?
– Nick Predey
Jul 16 '18 at 15:52
I prefer this solution over the ssh one because it makes it easier to use as root, when one needs to locally forward a privileged port.
– Christian
Aug 15 '18 at 0:58
add a comment |
Using the traditional nc is the easiest solution:
nc -l -p 8001 -c "nc 127.0.0.1 8000"
This version of nc is in the netcat-traditional package on Ubuntu. (You have to update-alternatives or call it nc.traditional.)
Note that in contrast to ssh this is not encrypted. Keep that in mind if you use it outside one host.
answered Nov 20 '13 at 11:18
not-a-usernot-a-user
657811
Using the traditional nc is the easiest solution:
nc -l -p 8001 -c "nc 127.0.0.1 8000"
This version of nc is in the netcat-traditional package on Ubuntu. (You have to update-alternatives or call it nc.traditional.)
Note that in contrast to ssh this is not encrypted. Keep that in mind if you use it outside one host.
answered Nov 20 '13 at 11:18
not-a-usernot-a-user
657811
answered Nov 20 '13 at 11:18
not-a-usernot-a-user
657811
answered Nov 20 '13 at 11:18
not-a-usernot-a-user
657811
answered Nov 20 '13 at 11:18
not-a-usernot-a-user
657811
657811
2
anyone know the equivalent onnetcat-openbsd?
– user7000
Jul 23 '17 at 18:20
2
Analog fornetcatversion that is included inbusybox:nc -v -lk -p 8001 -e /usr/bin/nc 127.0.0.1 8000. (Description of params)
– Ivan Kolmychek
Mar 16 '18 at 13:30
1
Working, but thenccommand ends after the first remote connection. Add-kif you need to keep it running.
– Sopalajo de Arrierez
Jun 20 '18 at 23:49
I'm getting this error:nc: cannot use -p and -lon CentOS 6.4. Is there a work around?
– Nick Predey
Jul 16 '18 at 15:52
I prefer this solution over the ssh one because it makes it easier to use as root, when one needs to locally forward a privileged port.
– Christian
Aug 15 '18 at 0:58
add a comment |
2
anyone know the equivalent onnetcat-openbsd?
– user7000
Jul 23 '17 at 18:20
2
Analog fornetcatversion that is included inbusybox:nc -v -lk -p 8001 -e /usr/bin/nc 127.0.0.1 8000. (Description of params)
– Ivan Kolmychek
Mar 16 '18 at 13:30
1
Working, but thenccommand ends after the first remote connection. Add-kif you need to keep it running.
– Sopalajo de Arrierez
Jun 20 '18 at 23:49
I'm getting this error:nc: cannot use -p and -lon CentOS 6.4. Is there a work around?
– Nick Predey
Jul 16 '18 at 15:52
I prefer this solution over the ssh one because it makes it easier to use as root, when one needs to locally forward a privileged port.
– Christian
Aug 15 '18 at 0:58
2
2
anyone know the equivalent on
netcat-openbsd?– user7000
Jul 23 '17 at 18:20
anyone know the equivalent on
netcat-openbsd?– user7000
Jul 23 '17 at 18:20
2
2
Analog for
netcat version that is included in busybox: nc -v -lk -p 8001 -e /usr/bin/nc 127.0.0.1 8000. (Description of params)– Ivan Kolmychek
Mar 16 '18 at 13:30
Analog for
netcat version that is included in busybox: nc -v -lk -p 8001 -e /usr/bin/nc 127.0.0.1 8000. (Description of params)– Ivan Kolmychek
Mar 16 '18 at 13:30
1
1
Working, but the
nc command ends after the first remote connection. Add -k if you need to keep it running.– Sopalajo de Arrierez
Jun 20 '18 at 23:49
Working, but the
nc command ends after the first remote connection. Add -k if you need to keep it running.– Sopalajo de Arrierez
Jun 20 '18 at 23:49
I'm getting this error:
nc: cannot use -p and -l on CentOS 6.4. Is there a work around?– Nick Predey
Jul 16 '18 at 15:52
I'm getting this error:
nc: cannot use -p and -l on CentOS 6.4. Is there a work around?– Nick Predey
Jul 16 '18 at 15:52
I prefer this solution over the ssh one because it makes it easier to use as root, when one needs to locally forward a privileged port.
– Christian
Aug 15 '18 at 0:58
I prefer this solution over the ssh one because it makes it easier to use as root, when one needs to locally forward a privileged port.
– Christian
Aug 15 '18 at 0:58
add a comment |
OpenBSD netcat is available by default on Linux and also on OS X.
OSX:
mkfifo a
mkfifo b
nc 127.0.0.1 8000 < b > a &
nc -l 8001 < a > b &
Linux:
mkfifo backpipe
nc -l 12345 0<backpipe | nc www.google.com 80 1>backpipe
An alternative that works on OS X bash is to use a bidirectional pipe. It may work on other Unixes:
nc 127.0.0.1 8000 <&1 | nc -l 8001 >&0
edited Aug 19 '17 at 19:36
Ivan Malyshev
1032
answered Jul 1 '13 at 22:37
Mark A.Mark A.
22922
I didn't notice at first that you were using openbsd netcat. This is better than having to install another netcat from an Ubuntu package.
– RobertR
Feb 26 '15 at 15:24
OpenBSD example failed on Ubuntu 15.04. With the shell redirects, netcat fails to open the port for listening as seen byss -tanornetstat -tan.
– Justin C
Sep 3 '15 at 0:12
⁺¹. FTR: the alternative way works on Ubuntu
– Hi-Angel
Nov 30 '16 at 10:41
I don't understand your solution. Can you explain it?
– Trismegistos
Sep 19 '17 at 8:21
@trismegistos In these examples the netcat listener and client redirect input into some shared files (mkfifo pipes..first in first out), and use those shared files as their source/destination of input/output, effectively creating a tunnel. Usually client/listener are used, but some techniques use client+client/listener+listener- wiki.securityweekly.com/… and slideshare.net/amiable_indian/secrets-of-top-pentesters are must reads.
– Info5ek
Oct 4 '17 at 18:02
add a comment |
OpenBSD netcat is available by default on Linux and also on OS X.
OSX:
mkfifo a
mkfifo b
nc 127.0.0.1 8000 < b > a &
nc -l 8001 < a > b &
Linux:
mkfifo backpipe
nc -l 12345 0<backpipe | nc www.google.com 80 1>backpipe
An alternative that works on OS X bash is to use a bidirectional pipe. It may work on other Unixes:
nc 127.0.0.1 8000 <&1 | nc -l 8001 >&0
edited Aug 19 '17 at 19:36
Ivan Malyshev
1032
answered Jul 1 '13 at 22:37
Mark A.Mark A.
22922
I didn't notice at first that you were using openbsd netcat. This is better than having to install another netcat from an Ubuntu package.
– RobertR
Feb 26 '15 at 15:24
OpenBSD example failed on Ubuntu 15.04. With the shell redirects, netcat fails to open the port for listening as seen byss -tanornetstat -tan.
– Justin C
Sep 3 '15 at 0:12
⁺¹. FTR: the alternative way works on Ubuntu
– Hi-Angel
Nov 30 '16 at 10:41
I don't understand your solution. Can you explain it?
– Trismegistos
Sep 19 '17 at 8:21
@trismegistos In these examples the netcat listener and client redirect input into some shared files (mkfifo pipes..first in first out), and use those shared files as their source/destination of input/output, effectively creating a tunnel. Usually client/listener are used, but some techniques use client+client/listener+listener- wiki.securityweekly.com/… and slideshare.net/amiable_indian/secrets-of-top-pentesters are must reads.
– Info5ek
Oct 4 '17 at 18:02
add a comment |
OpenBSD netcat is available by default on Linux and also on OS X.
OSX:
mkfifo a
mkfifo b
nc 127.0.0.1 8000 < b > a &
nc -l 8001 < a > b &
Linux:
mkfifo backpipe
nc -l 12345 0<backpipe | nc www.google.com 80 1>backpipe
An alternative that works on OS X bash is to use a bidirectional pipe. It may work on other Unixes:
nc 127.0.0.1 8000 <&1 | nc -l 8001 >&0
edited Aug 19 '17 at 19:36
Ivan Malyshev
1032
answered Jul 1 '13 at 22:37
Mark A.Mark A.
22922
OpenBSD netcat is available by default on Linux and also on OS X.
OSX:
mkfifo a
mkfifo b
nc 127.0.0.1 8000 < b > a &
nc -l 8001 < a > b &
Linux:
mkfifo backpipe
nc -l 12345 0<backpipe | nc www.google.com 80 1>backpipe
An alternative that works on OS X bash is to use a bidirectional pipe. It may work on other Unixes:
nc 127.0.0.1 8000 <&1 | nc -l 8001 >&0
edited Aug 19 '17 at 19:36
Ivan Malyshev
1032
answered Jul 1 '13 at 22:37
Mark A.Mark A.
22922
edited Aug 19 '17 at 19:36
Ivan Malyshev
1032
edited Aug 19 '17 at 19:36
Ivan Malyshev
1032
edited Aug 19 '17 at 19:36
Ivan Malyshev
1032
1032
answered Jul 1 '13 at 22:37
Mark A.Mark A.
22922
answered Jul 1 '13 at 22:37
Mark A.Mark A.
22922
answered Jul 1 '13 at 22:37
Mark A.Mark A.
22922
22922
I didn't notice at first that you were using openbsd netcat. This is better than having to install another netcat from an Ubuntu package.
– RobertR
Feb 26 '15 at 15:24
OpenBSD example failed on Ubuntu 15.04. With the shell redirects, netcat fails to open the port for listening as seen byss -tanornetstat -tan.
– Justin C
Sep 3 '15 at 0:12
⁺¹. FTR: the alternative way works on Ubuntu
– Hi-Angel
Nov 30 '16 at 10:41
I don't understand your solution. Can you explain it?
– Trismegistos
Sep 19 '17 at 8:21
@trismegistos In these examples the netcat listener and client redirect input into some shared files (mkfifo pipes..first in first out), and use those shared files as their source/destination of input/output, effectively creating a tunnel. Usually client/listener are used, but some techniques use client+client/listener+listener- wiki.securityweekly.com/… and slideshare.net/amiable_indian/secrets-of-top-pentesters are must reads.
– Info5ek
Oct 4 '17 at 18:02
add a comment |
I didn't notice at first that you were using openbsd netcat. This is better than having to install another netcat from an Ubuntu package.
– RobertR
Feb 26 '15 at 15:24
OpenBSD example failed on Ubuntu 15.04. With the shell redirects, netcat fails to open the port for listening as seen byss -tanornetstat -tan.
– Justin C
Sep 3 '15 at 0:12
⁺¹. FTR: the alternative way works on Ubuntu
– Hi-Angel
Nov 30 '16 at 10:41
I don't understand your solution. Can you explain it?
– Trismegistos
Sep 19 '17 at 8:21
@trismegistos In these examples the netcat listener and client redirect input into some shared files (mkfifo pipes..first in first out), and use those shared files as their source/destination of input/output, effectively creating a tunnel. Usually client/listener are used, but some techniques use client+client/listener+listener- wiki.securityweekly.com/… and slideshare.net/amiable_indian/secrets-of-top-pentesters are must reads.
– Info5ek
Oct 4 '17 at 18:02
I didn't notice at first that you were using openbsd netcat. This is better than having to install another netcat from an Ubuntu package.
– RobertR
Feb 26 '15 at 15:24
I didn't notice at first that you were using openbsd netcat. This is better than having to install another netcat from an Ubuntu package.
– RobertR
Feb 26 '15 at 15:24
OpenBSD example failed on Ubuntu 15.04. With the shell redirects, netcat fails to open the port for listening as seen by
ss -tan or netstat -tan.– Justin C
Sep 3 '15 at 0:12
OpenBSD example failed on Ubuntu 15.04. With the shell redirects, netcat fails to open the port for listening as seen by
ss -tan or netstat -tan.– Justin C
Sep 3 '15 at 0:12
⁺¹. FTR: the alternative way works on Ubuntu
– Hi-Angel
Nov 30 '16 at 10:41
⁺¹. FTR: the alternative way works on Ubuntu
– Hi-Angel
Nov 30 '16 at 10:41
I don't understand your solution. Can you explain it?
– Trismegistos
Sep 19 '17 at 8:21
I don't understand your solution. Can you explain it?
– Trismegistos
Sep 19 '17 at 8:21
@trismegistos In these examples the netcat listener and client redirect input into some shared files (mkfifo pipes..first in first out), and use those shared files as their source/destination of input/output, effectively creating a tunnel. Usually client/listener are used, but some techniques use client+client/listener+listener- wiki.securityweekly.com/… and slideshare.net/amiable_indian/secrets-of-top-pentesters are must reads.
– Info5ek
Oct 4 '17 at 18:02
@trismegistos In these examples the netcat listener and client redirect input into some shared files (mkfifo pipes..first in first out), and use those shared files as their source/destination of input/output, effectively creating a tunnel. Usually client/listener are used, but some techniques use client+client/listener+listener- wiki.securityweekly.com/… and slideshare.net/amiable_indian/secrets-of-top-pentesters are must reads.
– Info5ek
Oct 4 '17 at 18:02
add a comment |
Quoting a David Spillett's answer on ServerFault
rinetd should do the job, and a Windows binary for it can be had from http://www.boutell.com/rinetd/ (for anyone looking for the same thing under Linux, rinetd is in the standard repositories of just about every distro so can be installed with "apt-get install rinetd" or "yum install rinetd" or similar)
It is a simple binary that takes a configuration file in the format
bindaddress bindport connectaddress connectport
For example:
192.168.1.1 8001 127.0.0.1 8000
or
0.0.0.0 8001 127.0.0.1 8000
if you want to bind the incoming port to all the interfaces.
answered Mar 15 '18 at 8:57
psychowoodpsychowood
1412
add a comment |
Quoting a David Spillett's answer on ServerFault
rinetd should do the job, and a Windows binary for it can be had from http://www.boutell.com/rinetd/ (for anyone looking for the same thing under Linux, rinetd is in the standard repositories of just about every distro so can be installed with "apt-get install rinetd" or "yum install rinetd" or similar)
It is a simple binary that takes a configuration file in the format
bindaddress bindport connectaddress connectport
For example:
192.168.1.1 8001 127.0.0.1 8000
or
0.0.0.0 8001 127.0.0.1 8000
if you want to bind the incoming port to all the interfaces.
answered Mar 15 '18 at 8:57
psychowoodpsychowood
1412
add a comment |
Quoting a David Spillett's answer on ServerFault
rinetd should do the job, and a Windows binary for it can be had from http://www.boutell.com/rinetd/ (for anyone looking for the same thing under Linux, rinetd is in the standard repositories of just about every distro so can be installed with "apt-get install rinetd" or "yum install rinetd" or similar)
It is a simple binary that takes a configuration file in the format
bindaddress bindport connectaddress connectport
For example:
192.168.1.1 8001 127.0.0.1 8000
or
0.0.0.0 8001 127.0.0.1 8000
if you want to bind the incoming port to all the interfaces.
answered Mar 15 '18 at 8:57
psychowoodpsychowood
1412
Quoting a David Spillett's answer on ServerFault
rinetd should do the job, and a Windows binary for it can be had from http://www.boutell.com/rinetd/ (for anyone looking for the same thing under Linux, rinetd is in the standard repositories of just about every distro so can be installed with "apt-get install rinetd" or "yum install rinetd" or similar)
It is a simple binary that takes a configuration file in the format
bindaddress bindport connectaddress connectport
For example:
192.168.1.1 8001 127.0.0.1 8000
or
0.0.0.0 8001 127.0.0.1 8000
if you want to bind the incoming port to all the interfaces.
answered Mar 15 '18 at 8:57
psychowoodpsychowood
1412
answered Mar 15 '18 at 8:57
psychowoodpsychowood
1412
answered Mar 15 '18 at 8:57
psychowoodpsychowood
1412
answered Mar 15 '18 at 8:57
psychowoodpsychowood
1412
1412
add a comment |
add a comment |
iptables -t nat -A PREROUTING -p tcp --dport <origin-port> -j REDIRECT --to-port <destination-port>
service iptables save
service iptables restart
answered May 27 '16 at 9:27
Santanu DeySantanu Dey
1212
Upon trying to connect todport, as innc -v localhost 2345, I'm gettingConnection refused. I'm not very good in iptables, but I guess the dport has to have a listening app.
– Hi-Angel
Dec 1 '16 at 12:49
What if origin-port is on different interface than destination port?
– Trismegistos
Sep 19 '17 at 8:19
add a comment |
iptables -t nat -A PREROUTING -p tcp --dport <origin-port> -j REDIRECT --to-port <destination-port>
service iptables save
service iptables restart
answered May 27 '16 at 9:27
Santanu DeySantanu Dey
1212
Upon trying to connect todport, as innc -v localhost 2345, I'm gettingConnection refused. I'm not very good in iptables, but I guess the dport has to have a listening app.
– Hi-Angel
Dec 1 '16 at 12:49
What if origin-port is on different interface than destination port?
– Trismegistos
Sep 19 '17 at 8:19
add a comment |
iptables -t nat -A PREROUTING -p tcp --dport <origin-port> -j REDIRECT --to-port <destination-port>
service iptables save
service iptables restart
answered May 27 '16 at 9:27
Santanu DeySantanu Dey
1212
iptables -t nat -A PREROUTING -p tcp --dport <origin-port> -j REDIRECT --to-port <destination-port>
service iptables save
service iptables restart
answered May 27 '16 at 9:27
Santanu DeySantanu Dey
1212
answered May 27 '16 at 9:27
Santanu DeySantanu Dey
1212
answered May 27 '16 at 9:27
Santanu DeySantanu Dey
1212
answered May 27 '16 at 9:27
Santanu DeySantanu Dey
1212
1212
Upon trying to connect todport, as innc -v localhost 2345, I'm gettingConnection refused. I'm not very good in iptables, but I guess the dport has to have a listening app.
– Hi-Angel
Dec 1 '16 at 12:49
What if origin-port is on different interface than destination port?
– Trismegistos
Sep 19 '17 at 8:19
add a comment |
Upon trying to connect todport, as innc -v localhost 2345, I'm gettingConnection refused. I'm not very good in iptables, but I guess the dport has to have a listening app.
– Hi-Angel
Dec 1 '16 at 12:49
What if origin-port is on different interface than destination port?
– Trismegistos
Sep 19 '17 at 8:19
Upon trying to connect to
dport, as in nc -v localhost 2345, I'm getting Connection refused. I'm not very good in iptables, but I guess the dport has to have a listening app.– Hi-Angel
Dec 1 '16 at 12:49
Upon trying to connect to
dport, as in nc -v localhost 2345, I'm getting Connection refused. I'm not very good in iptables, but I guess the dport has to have a listening app.– Hi-Angel
Dec 1 '16 at 12:49
What if origin-port is on different interface than destination port?
– Trismegistos
Sep 19 '17 at 8:19
What if origin-port is on different interface than destination port?
– Trismegistos
Sep 19 '17 at 8:19
add a comment |
this is a new way to tunnel two udp port on server:
https://github.com/9crk/udpeer
udpeer 8001 8002
test:
nc -u xxxx.com 8001
nc -u xxxx.com 8002
answered 20 mins ago
9crk9crk
1
New contributor
9crk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
this is a new way to tunnel two udp port on server:
https://github.com/9crk/udpeer
udpeer 8001 8002
test:
nc -u xxxx.com 8001
nc -u xxxx.com 8002
answered 20 mins ago
9crk9crk
1
New contributor
9crk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
this is a new way to tunnel two udp port on server:
https://github.com/9crk/udpeer
udpeer 8001 8002
test:
nc -u xxxx.com 8001
nc -u xxxx.com 8002
answered 20 mins ago
9crk9crk
1
New contributor
9crk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
this is a new way to tunnel two udp port on server:
https://github.com/9crk/udpeer
udpeer 8001 8002
test:
nc -u xxxx.com 8001
nc -u xxxx.com 8002
answered 20 mins ago
9crk9crk
1
New contributor
9crk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 20 mins ago
9crk9crk
1
New contributor
9crk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 20 mins ago
9crk9crk
1
answered 20 mins ago
9crk9crk
1
1
New contributor
9crk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
9crk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
9crk is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f10428%2fsimple-way-to-create-a-tunnel-from-one-local-port-to-another%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
netcat can do this.
– Andy
Apr 1 '11 at 5:25