Please support fixed connection destination

Question

Please support fixed connection destination

GoogleCodeExporter opened this issue 10 years ago · 5 comments

GoogleCodeExporter commented 10 years ago

It would be nice if udptunnel allowed to start the server such that the
destination host and port is fixed. The usecase for this is providing
access to a single service over UDP as well as TCP. For example to work
around your ISPs firewall rules that forbid incoming TCP connections.

Without that feature, udptunnel unnecessarily tears a big hole into your
network's security.

Original issue reported on code.google.com by rott...@gmail.com on 28 Oct 2009 at 12:00

Answer 1 · 2015-03-18T19:13:28.000Z

Just as heads-up, I've started working on this, in a bit more general
fashion: the server can be started with a white-list of host:port
combinations, and any connections to destinations not covered by that
list will be denied.

Right now, I have this working, for example:

    % udptunnel -s localhost 2222 nathot:22

    # Another terminal:
    % udptunnel -vvv -c localhost 1235 localhost 2222 nathot 23 &
    % telnet localhost 1235

    # On the first terminal again:
    Connection to nathot:23 denied

I will post a patch once I've had time to test this more thoroughly.

Original comment by rott...@gmail.com on 28 Oct 2009 at 3:07

Answer 2 · 2015-03-18T19:13:29.000Z

Here is the promised patch; it seems to work fine in basic tests. Still 
missing: more
thorough command-line parsing/error reporting, documentation.

Original comment by rott...@gmail.com on 31 Oct 2009 at 9:33

Attachments:

restrict.patch

Answer 3 · 2015-03-18T19:13:29.000Z

Extended the 'destination' patch into an 'acl' component. Now the source 
IP/port and destination IP/port can be specified. Multiple rules are allowed 
and matches can be allowed or denied.

Original comment by dmeek...@gmail.com on 12 Mar 2011 at 6:33

Changed state: Fixed
Added labels: Type-Enhancement
Removed labels: Type-Defect

Answer 4 · 2015-03-18T19:13:29.000Z

That's a good idea and would be a good feature. Thanks for working on that.

Original comment by dmeek...@gmail.com on 31 Oct 2009 at 8:37

Answer 5 · 2015-03-18T19:13:29.000Z

Extended the 'destination' patch into an 'acl' component. Now the source 
IP/port and destination IP/port can be specified. Multiple rules are allowed 
and matches can be allowed or denied.

Original comment by dmeek...@gmail.com on 12 Mar 2011 at 6:33