[ previous ] [ next ] [ threads ]
 
 From:  Walter Hafner <hafner at augusta dot de>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  TCP Relaying continued
 Date:  Sun, 27 Mar 2005 20:08:22 +0200 
[Sorry, i hit "send" too soon... delete my previous mail]

Hello list,

this is my first mail to the m0n0wall developers list - it's my first
mail to the whole m0n0wall community.

I found out about m0n0wall about 2 months ago when i needed a flexible
platform for possible projects. I work for a small company in IT-security
and we were not satisfied with the existing solutions in the low budget
segment.

So we bought a few WRAP boards and began evaluating m0n0wall...

It's a great piece of software and we are extremly satisfied with
it as a whole.

However, in a current project we needed TCP relaying features, which
m0n0wall currently can't provide.

I won't go into all the details. Please believe me, that we really needed
a TCP relay for remote SSH access to several machines.

Since i didn't find a solution in the n0n0wall mailing list archive, i
coded an image, based on the current 1.2b7. You may download it
from http://www.chilicon.de/~hafner/wrap-1.2b7nc.img

Before you ask: No, i won't do images for other platforms. Since this is
highly inofficial :-) i'd rather wait for a comment from Manuel.

I added three small programs:
/usr/local/bin/nc (netcat)
/usr/local/bin/miniinetd
/usr/local/bin/sockjoin (plus /usr/lib/libstdc++)

I assume, that you are familiar with netcat in this list.

The sources to miniidentd and sockjoin are available at
http://i1.dk/download/

Here's the usage info:

dartpub-server# ./sockjoin 
./sockjoin: 2 non-option arguments expected
Usage: ./sockjoin [-td] <endpoint-1> <endpoint-2>
 -t<timeout>   specifies timeout. default is 3600 seconds
 -d            enables debugging
Endpoint is:
  <port>           for listen operation
  <ip-addr>:<port> for connect operation
   -               for use of stdin/stdout (inetd)

dartpub-server# ./miniinetd 
usage: ./miniinetd [-v] [-m max_children] <port|service> <cmd>
./miniinetd will liste on on <port> (TCP only)
and whenever a connection is established it will spawn the specified command
with fd 0,1 and 2 set to the connection.


With miniinetd+netcat or alternatively sockjoin it is possible to
relay TCP connections:

Simply type "sockjoin 22001 target-ip:22" in the "exec.php" page and add a
rule on the WAN interface, allowing connections on port 22001 to the
m0n0wall-ip and you're done. That's what i'm doing to get SSH access to our
machines.

Question: Is this feature planned for an official image? If it is, i
won't spend time coding a GUI for the relays. If it is not, i'd very much
like to have at least a "sockjoin" binary in the 1.2 release image.

Comments? Questions?

Regards,

-Walter