port forwarding on linux without root or ssh

5

2

I was wondering whether it is possible to get port forwarding without being root or ssh.

Currently I do

ssh -L 20080:othermachine:80 localhost

Using ssh can get you certain benefits like creating encrypted tunnels etc. In the above example I don't do that so using ssh seems unnecessary overhead. Is there an easier way to do this?

I suppose it is not that hard to create a program that reads all data on one socket and sends it to another and vice versa. There must be some tool that does that job better than I can ever write.

BlackShift

Posted 2009-10-03T08:53:48.260

Reputation: 371

You wouldn't need root for that example. – Arjan – 2009-10-03T14:04:28.320

1I think I should have made clearer that I did not have a particular problem. It was more that although this worked, I thought there must be other solutions that could be better. (As for the root part, I would be able to use port forwarding with iptables, but that would require root.) – BlackShift – 2009-10-04T12:17:56.620

Answers

10

i would also prefer ssh BECAUSE of the encryption, but 'socat' should work fine for you as well.

akira

Posted 2009-10-03T08:53:48.260

Reputation: 52 754

1A standard persistent port tunnel from port 8880 on localhost to port 80 on target.example.com: socat TCP4-LISTEN:8880,fork,reuseaddr TCP4:target.example.com:80. If you want it to persist after you end your shell session, send it to the background (Ctrl-Z) then bg and disown it disown socal – Rolf – 2018-10-12T17:49:45.170

Thanks! never heard of socat, this program can do much more than I ever hoped. I'm sure I'll find more uses for it than just port forwarding. – BlackShift – 2009-10-04T12:04:01.327

3

You ask: Is there an easier way to do this? The simple answer would be 'no'. SSH does what you need, and it's a well-used, well-know, very efficient program with (I would imagine) very few bugs, it's available on every platform you can imagine, and it's secure to boot. You don't state that performance is an issue, so I don't see a reason why not to use SSH, personally.

If you want to forward a local port to a port on a different machine, you need something that will authenticate on that remote host. That's SSH. If you only want to mess with local ports, then as mentioned already, socat may be just what you're looking for.

Joe Casadonte

Posted 2009-10-03T08:53:48.260

Reputation: 3 945

Another case where ssh is not optimal is when you are moving large quantities of data and have limited processing power available. The CPU load imposed by ssh's encryption is large in this case and also slows transfers. Still, this doesn't mean that you can neglect security for the sake of performance, however in some cases, the layer of security is unnecessary (such as you are communicating over a private network) – wojtow – 2015-12-19T08:10:22.287

There was not a specific reason to not use ssh at this time, but I wanted to broaden my collection of tools, and socat seems very powerful. (akira was first to propose it, so I checked his answer.) – BlackShift – 2009-10-04T12:10:18.540

btw, three reasons when ssh is not optimal: 1) it is not available (like on my phone, but I doubt I can install socat there), 2) no sshd, or in my case a limited amount of allowed logins, 3) no account on the remote machine (so an encrypted/compressed tunnel is not possible anyway) – BlackShift – 2009-10-04T12:12:55.383

1

If what you are doing works, and you aren't seeing any performance problems, I wouldn't change anything. If you aren't transferring large amounts of data, it shouldn't have much of an impact. And if you are, ssh can compress the data, so you still might be better off.

The only problem might be with latency. It looks like you are tunneling http traffic, so it should be negligible.

KeithB

Posted 2009-10-03T08:53:48.260

Reputation: 8 506

(From man ssh: Compression is desirable on modem lines and other slow connections, but will only slow down things on fast networks.) – Arjan – 2009-10-03T13:52:37.057

I saw that, but don't quite agree. It depends on the speed of the network, the speed of the network, and the amount of data being moved. I have had good experience using it for large (multi gigabyte) amounts of data over GigE networks using fast servers. – KeithB – 2009-10-03T17:30:21.767

1

Just a quick note, it seems that ncat that comes with the new nmap 5 can do similar things as socat: http://nmap.org/ncat/

BlackShift

Posted 2009-10-03T08:53:48.260

Reputation: 371

0

Whatever tool you use: when not using Windows then you will always (and only) need to run with superuser privileges when using privileged ports ("well known ports"). So: when using ports up to and including 1023.

Arjan

Posted 2009-10-03T08:53:48.260

Reputation: 29 084

2forwarding to a low port (that is already listening) does not require superuser privileges, only for the accepting port (which was 10080 in my example). – BlackShift – 2009-10-04T12:15:02.600

Asked: 2009-10-03T08:53:48.260

Viewed: 7 973 times

Active: 2009-11-30T15:55:41.500