17

I am proxying a VNC TCP server port with netcat. The proxy machine runs linux.

This is the comand I use:

mkfifo backpipe
nc -l 5902  0<backpipe | nc 10.1.1.116 5902 1>backpipe

10.1.1.116 is the "remote" machine with the original VNC service running on port 5902. After this command VNC service is available on localhost for other machines.

But after each VNC session the netcat "proxy server" stops, which is how netcat works.

How can I make netcat keep the "proxy service" running after a VNC session was terminated?


As a workaround I am putting the netcat command line in an infinite Loop:

mkfifo backpipe
while true; do   nc -l 5902  0<backpipe | nc 10.1.1.116 5902 1>backpipe; done

But I would prefer an "oficial" netcat solution that does not interrupt the service at all.


I have read about the "-" parameter but I am not sure if this fits the case and I was not yet able to apply it correctly.


Additional remarks:

Of course I can do this with ssh tunneling in different ways, but I wanted a solution without the encryption overhead to make it as responsive as possible for the VNC client. A different proxy solution would be OK otherwise.

The client has to be VNC, no other protocols are possible.

Alojz Janez
  • 473
  • 2
  • 5
  • 16
  • Thank you for your example! I want to proxy port <1024, and i need run this bash cycle with sudo. How? – S.H. Jun 01 '22 at 08:48

1 Answers1

25

The -k option should do the trick.

From the manpage of nc(1):

 -k      Forces nc to stay listening for another connection after its
         current connection is completed.  It is an error to use this
         option without the -l option.

I've noticed the netcat-traditional package on Debian/Ubuntu does not keep listening as it should. In that case use the netcat-openbsd package instead and try again!

Alternatively, use socat, which is more targeted to your usecase of a proxy server. A random TCP-forwarder example from the manpage of socat which needs some modifications of course.

   socat -d -d -lmlocal2 \
   TCP4-LISTEN:80,bind=myaddr1,reuseaddr,fork,su=nobody,range=10.0.0.0/8 \
   TCP4:www.domain.org:80,bind=myaddr2

          TCP  port  forwarder,  each  side  bound to another local IP
          address (bind). This example  handles  an  almost  arbitrary
          number  of parallel or consecutive connections by fork'ing a
          new process after each accept() . It provides a little secu‐
          rity by su'ing to user nobody after forking; it only permits
          connections from the private  10  network  (range);  due  to
          reuseaddr,   it   allows   immediate  restart  after  master
          process's termination, even if some child  sockets  are  not
          completely  shut down.  With -lmlocal2, socat logs to stderr
          until successfully reaching the accept loop. Further logging
          is directed to syslog with facility local2.
gertvdijk
  • 3,362
  • 4
  • 30
  • 46
  • @AlojzJanez Yes, it's kinda obvious, to be honest. Make reading manpages a habit. :) – gertvdijk Dec 12 '12 at 14:12
  • Please, please, please write example using this -k key instead of a piece of "man"! I KNOW about this key, byt this dont work for me! may be, O dont undestand where write this key? Please, give an example? – S.H. Jun 01 '22 at 08:25
  • "Debian's implementation of Netcat does have the -k option". Thank you, but your advice is not applicable... – S.H. Jun 01 '22 at 08:30
  • 1
    @S.H. 1) Please be advised I wrote the answer 10 years ago. 2) Re-read my answer about the choice of the package `netcat-openbsd` i.o. `netcat-traditional` and verify which one you have installed. 3) Please add the source for your statement. – gertvdijk Jun 01 '22 at 09:57
  • 1
    I believe his source is this accepted answer https://superuser.com/questions/1008348/netcat-keep-listening-for-connection-in-debian#1008382, but the answer both states that the option exists (although it is unreliable) _and_ the solution to said unreliability. Additionally, @gertvdijk's answer contains another solution. – Bjonnfesk Jul 10 '22 at 11:37