samueldeng / udptunnel

Tunnel TCP data through UDP messages.
GNU General Public License v3.0
32 stars 7 forks source link

Please support fixed connection destination #2

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
It would be nice if udptunnel allowed to start the server such that the
destination host and port is fixed. The usecase for this is providing
access to a single service over UDP as well as TCP. For example to work
around your ISPs firewall rules that forbid incoming TCP connections.

Without that feature, udptunnel unnecessarily tears a big hole into your
network's security.

Original issue reported on code.google.com by rott...@gmail.com on 28 Oct 2009 at 12:00

GoogleCodeExporter commented 9 years ago
Just as heads-up, I've started working on this, in a bit more general
fashion: the server can be started with a white-list of host:port
combinations, and any connections to destinations not covered by that
list will be denied.

Right now, I have this working, for example:

    % udptunnel -s localhost 2222 nathot:22

    # Another terminal:
    % udptunnel -vvv -c localhost 1235 localhost 2222 nathot 23 &
    % telnet localhost 1235

    # On the first terminal again:
    Connection to nathot:23 denied

I will post a patch once I've had time to test this more thoroughly.

Original comment by rott...@gmail.com on 28 Oct 2009 at 3:07

GoogleCodeExporter commented 9 years ago
That's a good idea and would be a good feature. Thanks for working on that.

Original comment by dmeek...@gmail.com on 31 Oct 2009 at 8:37

GoogleCodeExporter commented 9 years ago
Here is the promised patch; it seems to work fine in basic tests. Still 
missing: more
thorough command-line parsing/error reporting, documentation.

Original comment by rott...@gmail.com on 31 Oct 2009 at 9:33

Attachments:

GoogleCodeExporter commented 9 years ago
Extended the 'destination' patch into an 'acl' component. Now the source 
IP/port and destination IP/port can be specified. Multiple rules are allowed 
and matches can be allowed or denied.

Original comment by dmeek...@gmail.com on 12 Mar 2011 at 6:33

GoogleCodeExporter commented 9 years ago
Extended the 'destination' patch into an 'acl' component. Now the source 
IP/port and destination IP/port can be specified. Multiple rules are allowed 
and matches can be allowed or denied.

Original comment by dmeek...@gmail.com on 12 Mar 2011 at 6:33