(Experiment)Forwarding client data..

I have a technical question.
Suppose i make a small program in user-space that does the following:

It makes a listening socket on port 2000(or whatever > 1024) and also
connects to localhost port 22. So it has an inbound and outbound
connection. Theres also a buffer in the program that stores all data
recieved on port 2000 and quickly sends out on port 22.

Will it then be possible to connect with my ssh client on port 2000 and
reach localhost port 22 where my ssh-server listens?

The question goes to if the ssh-host needs the data(be it connection
request or whatever) with a specific timing or sequence for it to
understand the data?

I know it doesn't make that much sense to do it. But it's part of a
grander scheme:-)

Is it possible. What do i need to consider?

Regards
Martin Holm Pedersen

Martin Holm Pedersen wrote:
> I have a technical question.
> Suppose i make a small program in user-space that does the following:
>
> It makes a listening socket on port 2000(or whatever > 1024) and also
> connects to localhost port 22. So it has an inbound and outbound
> connection. Theres also a buffer in the program that stores all data
> recieved on port 2000 and quickly sends out on port 22.
>
> Will it then be possible to connect with my ssh client on port 2000 and
> reach localhost port 22 where my ssh-server listens?
>
> The question goes to if the ssh-host needs the data(be it connection
> request or whatever) with a specific timing or sequence for it to
> understand the data?
>
> I know it doesn't make that much sense to do it. But it's part of a
> grander scheme:-)
>
> Is it possible. What do i need to consider?

You could use the iptables port forwarding to do the trick.

Maybe the simplest is to add your port (be it 54322 or something)
to the SSH port list in the configuration.

If you insist on an userspace daemon, remember to handle
return traffic also.

--

Tauno Voipio
tauno voipio (at) iki fi

I need to do it more or less as i described. The question is if it is
possible without knowing anything about the the data sent by fx. the
ssh-client.

The applikation of the idea is to take det data from the buffer and send
it out via a custom protocol that lies above TCP/IP. The reason for
doing this is to make a robust way of communicating via two ethernet
devices. That is, if one of the devices break down the custom protocol
will send the data via the other device without having to establish the
connection once again ie. in a running ssh-connection.

But it is possible if I also handle th return traffic?

Regards
- Martin

Tauno Voipio wrote:
> Martin Holm Pedersen wrote:
>
>> I have a technical question.
>> Suppose i make a small program in user-space that does the following:
>>
>> It makes a listening socket on port 2000(or whatever > 1024) and also
>> connects to localhost port 22. So it has an inbound and outbound
>> connection. Theres also a buffer in the program that stores all data
>> recieved on port 2000 and quickly sends out on port 22.
>>
>> Will it then be possible to connect with my ssh client on port 2000
>> and reach localhost port 22 where my ssh-server listens?
>>
>> The question goes to if the ssh-host needs the data(be it connection
>> request or whatever) with a specific timing or sequence for it to
>> understand the data?
>>
>> I know it doesn't make that much sense to do it. But it's part of a
>> grander scheme:-)
>>
>> Is it possible. What do i need to consider?
>
>
> You could use the iptables port forwarding to do the trick.
>
> Maybe the simplest is to add your port (be it 54322 or something)
> to the SSH port list in the configuration.
>
> If you insist on an userspace daemon, remember to handle
> return traffic also.
>

Martin Holm Pedersen wrote:
> I need to do it more or less as i described. The question is if it is
> possible without knowing anything about the the data sent by fx. the
> ssh-client.
>
> The applikation of the idea is to take det data from the buffer and send
> it out via a custom protocol that lies above TCP/IP. The reason for
> doing this is to make a robust way of communicating via two ethernet
> devices. That is, if one of the devices break down the custom protocol
> will send the data via the other device without having to establish the
> connection once again ie. in a running ssh-connection.

OK.

Before you get into designing something involved, have a look
at Linux Ethernet bridging <http://bridge.sourceforge.net/>.

It has an automatic mechanism to provide a redundant Ethernet
connection with the STP (Spanning Tree Protocol). The
redundancy is provided on Ethernet layer, so the TCP and
IP layers (and above) do not need to know about it.

> But it is possible if I also handle th return traffic?

Yes. You need two handlers: one in the forward direction
and another in reverse direction.

-

IMHO, you're solving a sergeant's problem with a pair of captains.

The only reason I see for a custom protocol is some kind
of 'security by obscurity'. Even for privacy, the preferred
method is to use a well-tested VPN system, e.g. OpenVPN.

--

Tauno Voipio
tauno voipio (at) iki fi

Ahh.. Sound like just the the thing. Hmm.. Takeovertime of 12 sec..
Well.. Guess thats okay.. Can you force a new path on some event?

Regards
Martin

Tauno Voipio wrote:
> Martin Holm Pedersen wrote:
>
>> I need to do it more or less as i described. The question is if it is
>> possible without knowing anything about the the data sent by fx. the
>> ssh-client.
>>
>> The applikation of the idea is to take det data from the buffer and
>> send it out via a custom protocol that lies above TCP/IP. The reason
>> for doing this is to make a robust way of communicating via two
>> ethernet devices. That is, if one of the devices break down the custom
>> protocol will send the data via the other device without having to
>> establish the connection once again ie. in a running ssh-connection.
>
>
> OK.
>
> Before you get into designing something involved, have a look
> at Linux Ethernet bridging <http://bridge.sourceforge.net/>.
>
> It has an automatic mechanism to provide a redundant Ethernet
> connection with the STP (Spanning Tree Protocol). The
> redundancy is provided on Ethernet layer, so the TCP and
> IP layers (and above) do not need to know about it.
>
>> But it is possible if I also handle th return traffic?
>
>
> Yes. You need two handlers: one in the forward direction
> and another in reverse direction.
>
> -
>
> IMHO, you're solving a sergeant's problem with a pair of captains.
>
> The only reason I see for a custom protocol is some kind
> of 'security by obscurity'. Even for privacy, the preferred
> method is to use a well-tested VPN system, e.g. OpenVPN.
>