Proxy with netcat forever

linux tcp proxy service netcat

I am proxying a VNC TCP server port with netcat. The proxy machine runs linux.

This is the comand I use:

mkfifo backpipe
nc -l 5902  0<backpipe | nc 10.1.1.116 5902 1>backpipe

10.1.1.116 is the "remote" machine with the original VNC service running on port 5902. After this command VNC service is available on localhost for other machines.

But after each VNC session the netcat "proxy server" stops, which is how netcat works.

How can I make netcat keep the "proxy service" running after a VNC session was terminated?

As a workaround I am putting the netcat command line in an infinite Loop:

mkfifo backpipe
while true; do   nc -l 5902  0<backpipe | nc 10.1.1.116 5902 1>backpipe; done

But I would prefer an "oficial" netcat solution that does not interrupt the service at all.

I have read about the "-" parameter but I am not sure if this fits the case and I was not yet able to apply it correctly.

Additional remarks:

Of course I can do this with ssh tunneling in different ways, but I wanted a solution without the encryption overhead to make it as responsive as possible for the VNC client. A different proxy solution would be OK otherwise.

The client has to be VNC, no other protocols are possible.


The -k option should do the trick.

From the manpage of nc(1):

 -k      Forces nc to stay listening for another connection after its
         current connection is completed.  It is an error to use this
         option without the -l option.

I've noticed the netcat-traditional package on Debian/Ubuntu does not keep listening as it should. In that case use the netcat-openbsd package instead and try again!

Alternatively, use socat, which is more targeted to your usecase of a proxy server. A random TCP-forwarder example from the manpage of socat which needs some modifications of course.

   socat -d -d -lmlocal2 \
   TCP4-LISTEN:80,bind=myaddr1,reuseaddr,fork,su=nobody,range=10.0.0.0/8 \
   TCP4:www.domain.org:80,bind=myaddr2

          TCP  port  forwarder,  each  side  bound to another local IP
          address (bind). This example  handles  an  almost  arbitrary
          number  of parallel or consecutive connections by fork'ing a
          new process after each accept() . It provides a little secu‐
          rity by su'ing to user nobody after forking; it only permits
          connections from the private  10  network  (range);  due  to
          reuseaddr,   it   allows   immediate  restart  after  master
          process's termination, even if some child  sockets  are  not
          completely  shut down.  With -lmlocal2, socat logs to stderr
          until successfully reaching the accept loop. Further logging
          is directed to syslog with facility local2.

Related

systemd: how do I view journals with journalctl without switching to root on CentOS 7?
Absolute path with ls?
Get list of transferred files from rsync?
Referer is passed from HTTPS to HTTP in some cases... How?
What is the difference between "route" and "ip route"?
What does the sync command do?
DNS.EXE allocates 5000+ ports immediately
Need a technique to coerce sysadmins to log the reason for accessing a prod server
How can I *include* folders through Dropbox's selective sync feature in Linux, from the command line?
Do changes in SPF records take time to propagate?
How to fix .. 554 Message rejected: Email address is not verified
Cannot conect MySQL (error 2026) after upgrade to Ubuntu 20.04