Port mirroring as a Windows service
Is anyone familiar with a port mirroring or port translation tool for Windows (2k8 if it makes a difference)? I have an installation of Openfire that needs to run over 443, however, it doesn't support client connections on that port (currently is on port 5222). Currently the firewall is handling this port translation, however, this doesn't work for internal users as DNS is pointed to a local address and not the firewall.
You could use rinetd which is a similar solution to that of the other answers, or you could run Openfire as an administrator which will allow it to listen on ports <1024, such as 443, without any port mirroring.
I am not sure if this works using the same local IP address as remote adress, but you could try this free tool: RelayTCP
RelayTCP allows to redirect TCP/IP connections from a local port to a remote IP and port.
There is two versions of the software:
- RelayTCP command line: is a command line executable to make one socket redirection.
- RelayTCP service: is a NT service that allows make multiple redirections.
If you don't mind having your XMPP sessions encrypted (and why would you?!) you should be able to use stunnel
to proxy between the two ports.
There are Windows binaries available, although I don't know if it can run as a service "out of the box".
You could try socat under cygwin, it is a "swiss army knife" like netcat, but works for bidrectional connections:
http://www.dest-unreach.org/socat/
one example from the man-page:
socat -d -d -lmlocal2 \
TCP4-LISTEN:80,bind=myaddr1,su=nobody,fork,range=10.0.0.0/8,reuseaddr \
TCP4:www.domain.org:80,bind=myaddr2
TCP port forwarder, each side bound to another local IP address (bind). This example handles an almost arbitrary number of parallel or consecutive connections by fork'ing a new process after each accept() . It provides a little security by su'ing to user nobody after forking; it only permits connections from the private 10 network (range); due to reuseaddr, it allows immediate restart after master process's termination, even if some child sockets are not completely shut down. With -lmlocal2, socat logs to stderr until successfully reaching the accept loop. Further logging is directed to syslog with facility local2.