5

I have a scenario which requires the use of a TCP Relay. Before I set out to write something custom, I wanted to see if anyone knows of existing software that can do this for me.

I have 2 devices on separate networks that cannot connect to each other. Let's call them networks A and B. These devices need to communicate, and they can do so via a "middleman" relay on network C. A can connect to C, and B can connect to C. C cannot connect to either A or B.

A -> C <- B

The idea is as follows:

  1. A establishes a TCP connection to C and simply waits
  2. B establishes a TCP connection to C when it wants something from A.
  3. C reads the data from B and responds with it to the already open connection from A.
  4. A processes the data and responds to C, which relays to B.

Is there an existing tool out there that can do this?

Val Blant
  • 183
  • 1
  • 5
  • If at the very least "C" is a Linux based machine, reverse SSH tunnels might be what you're looking for. – dannosaur Oct 08 '14 at 18:45
  • What's the point of establishing A -> C connection ? Don't you just want a stateful NAT where B can contact A through C and get its answer back but direct connections from A and C are blocked ? – Xavier Lucas Oct 08 '14 at 22:42
  • This reads like a question on circumventing security policy, which is [off-topic](http://serverfault.com/help/on-topic) here. – Andrew Schulman Oct 10 '14 at 02:00

1 Answers1

2

If your relay machine is running Linux or any UNIX-like OS, you can use socat (http://www.dest-unreach.org/socat/, it is included as a package in many Linux distributions). In its simplest form, you can start the relay with something like:

socat TCP4-LISTEN:12345 TCP4-LISTEN:54321

(where 12345 and 54321 are the ports on which the server listens for each connection). One of the clients connects one one port, the other on the other port, and then data is exchanged in both directions. If one machine sends data before the other connects, it is buffered and sent after the connection.

See also here: socat connect-connect "proxy" two inbound TCP connections to expose a firewalled service?.

Community
  • 1
Ale
  • 1,613
  • 17
  • 25