How forward one port to other using ssh or any other tool?

Question

I have a legacy application listening on port 5050 bound to localhost interface (i.e. 127.0.0.1). This app runs on a Linux box (an embedded system). I have an app, lets call it App C that runs on PC and would like to connect to it. But can't as legacy app doesn't accept connections from outside the box. I don't have the option of changing legacy app source code.
Is there a way to run something like ssh to listen on port 7070 on embedded box and forward incoming traffic to port 5050? I know ssh allows that. But it expects ssl type connections from outside. I am wondering if it can be launched just to do port forwarding without any kind of ssl tunnel stuff. Something like SOCKS proxy.

Feel free to suggest other tools if you know one that does the job.

Does iptables exist on the embedded system? If so, you can should be able to take care of this using a DNAT rule, which is probably the "right" way to handle this. — cjc, Sep 06 '11 at 14:20

score 3 · Answer 1 · answered Sep 06 '11 at 16:03

You might also be able to configure xinetd to do this:

Define a new service running on port 7070, and configure it using redirect (from man xinetd.conf)

redirect Allows a tcp service to be redirected to another host. When xinetd receives a tcp connection on this port it spawns a process that establishes a connection to the host and port number specified, and forwards all data between the two hosts.

This is very similar to rinetd that I ended up using. But thanks for your tip. — videoguy, Sep 08 '11 at 14:05

score 2 · Answer 2 · answered Sep 06 '11 at 14:22

2

SSH can do what you want. Refer to The SSH man page, specifically the -L and -R options (-L creates a listener on the Local machine, forwarding to something on the remote machine/network. -R creates a listener on the Remote side forwarding to something on the local machine/network).

Ports forwarded with -L or -R do not require any specific protocol handshake - the forwarding is transparent to the applications connecting to that port, though the channel is encrypted by SSH.

answered Sep 06 '11 at 14:22

voretaq7

79,345
17
128
213

I found [rinetd](http://www.boutell.com/rinetd/) which can do this easily. SSH expects sshd somewhere to establish encrypted tunnel which is more hoops to jump through compared to rinetd. – videoguy Sep 06 '11 at 15:55
@videoguy that's a new one on me -- looks pretty useful. You should post it as an answer and come back later to accept it :) – voretaq7 Sep 06 '11 at 17:08

score 1 · Answer 3 · answered Sep 06 '11 at 14:34

1

Should be possible. Try with

ssh -R *: 7070:localhost:5050 -N host.example.com

answered Sep 06 '11 at 14:34

Matteo

457
3
14

I get ```Bad remote forwarding specification '*:'``` – dgmdan Mar 05 '13 at 20:15

score 0 · Answer 4 · answered Sep 08 '11 at 14:03

I found rinetd which can do this easily. SSH expects sshd somewhere to establish encrypted tunnel through which incoming connections get connected. rinetd is pretty good as it doesn't have dependencies on other entities. It just does port forwarding.

How forward one port to other using ssh or any other tool?

4 Answers4