socat connect-connect "proxy" two inbound TCP connections to expose a firewalled service?

redirection firewall port tcp socat

I'm struggling a bit trying to see how to use socat (or a similar TCP port redirector) to expose a firewalled service on a PC.

Here's the scenario: I have a server PC which will be acting as a listen-listen "proxy" / redirector between two client machines. The server can have as many firewall ports open as needed and has a public IP. On the first "client" (as in establishing an outbound connection to the proxy server), Client A, I am hosting a service on port 4200. This PC is behind a firewall which only allows inbound TCP connections based on a previous outbound connection. The same is true of the firewall Client B is behind.

What I need to do is have Client B able to access port 42000 on Client A through the internet-facing TCP proxy server. The problem is that I can only initiate outbound TCP connections from Client A. How can I redirect the TCP connections through the server when both of the relay's clients are behind firewalls which only allow outbound connections? Please see the diagram below & let me know if clarification is in order.

                  ------------
                 |   Server   |
                 |w/ public IP|
                  ------------
                 /            \
          {|<Firewall>|}    {|<Firewall>|}
                |                 |
          ----------          ----------        
         | Client A |        | Client B |
          ----------          ----------
       (hosting a service    (wanting to access
         on port 4200)         Client A port 4200)

I would greatly appreciate any advice, thanks.


Something like

On "Server":

socat TCP4-LISTEN:10000 TCP4-LISTEN:4200

On "Client A"

socat TCP4:Server:10000 TCP4:localhost:4200

On "Client B"
Configure the client to connect to Server:4200

Alternatively, have a look at SSH port forwarding.


You can also use PortFusion which I originally developed personally for this type of scenario, specifically for RDP.

  server> PortFusion                ] 10000        [
client-a> PortFusion 4200 localhost - 10000 server [ 4200

Now client-b can connect to server:4200 for RDP.

IMPORTANT NOTE!!

You should start PortFusion on client-a (or socat or anything else for that matter) as a different user AND ALSO NOT from within the graphical session of the user you want to connect as - otherwise you will get a black screen or a drop, etc.

Hope my answer can be of help.

Related

Routing decision when there are two default gateways on windows
SELinux blocking sudo from zabbix_agentd
Upgrade Centos 5 tot PHP 5.2 or 5.3 [recommended way?]
SQL Server licensing, is it per CPU? So a 32 CPU would mean like 150K in licensing? [closed]
Monitor ESXi hosts with Nagios
Rebuild Fedora 19 ISO adding Kickstart for USB install
How to prevent autofs from mounting over specific directories?
Remote PowerShell, WinRM Failures: WinRM cannot complete the operation
Best practice to disable SpeedStep for Hyper-V hosts?
application monitoring tools
HAProxy not passing SSL traffic in TCP mode (unknown protocol)
What are the implications of expanding an internal subnet mask?