Proxying through complex situations
I was recently in need of access to my Windows XP desktop machine which is has
been left at my parents house due to lack of space anywhere I’ve lived in
London. I had previously set up a port forwarding rule on their home router to
push any RDP connections through to my desktop. Annoyingly as I found these
didn’t want to work. I don’t know what is wrong with my parents router but it
won’t forward any ports, this might have something to do with the DMZ which is
also turned on. I’ve never been a big fan of remote router access so I got on
to their file server via SSH, installed elinks with SpiderMonkey javascript
support and attempted to connect to the router to see if I’d set up the port
forwarding. This didn’t work as the javascript location.replace is apparently
not a function. This left me a bit stumped as to how I might be able to pull
this off.
After a bit of searching through the SSH manpage I gave the following a try
ssh -D 8080 -f -C -q -N parents-fileserver
this created a SOCKS proxy through which I could tunnel into their local network and view the routers management interface. It was after a bit of unsuccessful playing here that I found out their router doesn’t always forward ports properly. This left me in a bit of conundrum.
Netcat
I would say that the majority of Unix people would have heard of Netcat, aka
nc. Netcat is a networking tool which lets you do just about anything you
could possibly want to with TCP or UDP. So I wondered if I could create an
instance of nc to listen on the RDP port and then somehow pass that through
to my desktop machine. A very quick google turned up this command
$ nc -l -p 3389 | nc 10.0.0.10 3389 | nc -b -l -p 3389
though many of the command switches had disappeared or their combinations were now invalid I turned it into this
$ nc -l 3389 | nc 10.0.0.10 3389 | nc -l 3389
and tried to connect up to my desktop. This command should create an instance
of nc that listens on the RDP port and pipes whatever it gets through to
another instance of nc which is connected to my desktop machine, this again
pipes whatever it gets back through the listening port.
This didn’t work… at all.
So a bit more googling turned up this on the freebsd mailing lists
$ mkfifo /tmp/fifo
$ nc -l 3389 < /tmp/fifo | nc 10.0.0.10 3389 > /tmp/fifo
this should again pipe anything hitting the server RDP port to the desktop RDP
port, the desktop RDP traffic gets written into /tmp/fifo which is then sent
back to the originating client.
This also didn’t work… at all.
So now I was at a bit of a loss, but the freebsd mailing list entry mentioned
a website from which they were basing their experiment on, so I went to check
that out. The bottom of the page mentioned an alternative solution using a
program called socat. Ok, I thought, lets give that a try and installed that.
So I ran the following command to create the socat proxy
$ socat tcp4-listen:3389,reuseaddr,fork TCP:10.0.0.10:3389
This worked… very, very well.
So now when I need to get into my desktop machine I can SSH to the file server and setup the proxy, do what I need to and then shut it down when I’m done.
