Unencrypted equivalent of SSH reverse proxy

Question

I'm looking for an equivalent of this:

ssh -R 8888:10.0.0.2:8888 100.101.102.103

ie. make the service running on port 8888 on the local machine (10.0.0.2) look like a locally running service on a remote machine (100.101.102.103).

However, I don't want the encryption overhead of ssh, since the service in question is https and is thus already encrypted.

Can anyone suggest a tool to do this? Note that the direction of the initiation is important here - ie. it's the equivalent of a reverse tunnel. The local machine, where the service is running, is on a private network and not directly visible to the remote machine; the remote machine has a public IP though.

unix (OS X and Linux) on each end
I have full access to both machines

Google for: "tcp gender change". An article on Wikipedia: en.m.wikipedia.org/wiki/TCP_Gender_Changer. Some tools which do that on Linux: tgcd, revinetd — Fabio, Nov 29 '17 at 15:34

score 8 · Answer 1 · answered Jun 16 '09 at 06:17

8

A pair of netcat sessions would fit the bill, I guess.

man nc

answered Jun 16 '09 at 06:17

Sven

98,649
14
180
226

It would be nice to see an example of how to do that. – Fabio Nov 26 '17 at 07:12

score 5 · Answer 2 · answered Jun 16 '09 at 07:29

5

Just set ssh's encryption cypher to none.

ssh -c none -R 8888:10.0.0.2:8888 100.101.102.103

answered Jun 16 '09 at 07:29

Haakon

1,325
7
11

Not possible on most platforms without the use of a third-party patch. – Dan Carley Jun 16 '09 at 08:21
Probably just as well, it really does nerf the secure bit of ssh. – Haakon Jun 16 '09 at 12:48

score 4 · Answer 3 · answered Jun 16 '09 at 10:26

4

do not forget socat, the swiss army knife of network forwarders ;)

http://www.dest-unreach.org/socat/

answered Jun 16 '09 at 10:26

Aleksandar Ivanisevic

3,377
21
24

Nice ! I didn't know it. – sebthebert Jun 17 '09 at 17:14
It would be nice to see an example of how to use it to achieve that. – Fabio Nov 26 '17 at 07:12

score 3 · Answer 4 · answered Jun 16 '09 at 09:38

I have used rinetd for this in the past with great success.

rinetd is a very small, stable, and simple program that listens for incoming connections and forwards them, the configuration is really simple

# bindadress    bindport  connectaddress  connectport
1.2.3.4         80        4.3.2.1         80
1.2.3.4         443       4.3.2.1         443

There is also a program called "stone" that can do the same: Example... http forward from the gateway to an internal machine (1.2.3.4):

$ stone 1.2.3.4:80 80

score 2 · Answer 5 · answered Jun 16 '09 at 06:26

2

An inetd combined with netcat should do the trick. See Forwarding Ports, although xinetd may be a better choice these days.

answered Jun 16 '09 at 06:26

brian-brazil

3,952
1
22
16

score 0 · Answer 6 · answered Aug 17 '09 at 14:24

0

You could use some sort of firewall rule? Something in iptables to redirect one port to another?

answered Aug 17 '09 at 14:24

Amandasaurus

31,471
65
192
253

score 0 · Answer 7 · answered Aug 17 '09 at 14:27

0

What you are trying to use smells like NAT Port Forwarding to me. One iptables rules and it's done.

answered Aug 17 '09 at 14:27

Antoine Benkemoun

7,314
3
42
60

Unencrypted equivalent of SSH reverse proxy

7 Answers7