Use socat as tcp forwarder on Windows and restrict a few hosts to connect to it

Jephe Wu - http://linuxtechres.blogspot.com

Objective: on the company LAN, only one Windows server is able to connect to smtp server, some other servers need to connect to smtp server as well
Environment: Windows 2000 server A with one NIC, another Windows 2000 server B will be connecting to A at port 25 to reach company smtp server smtp.domain.com.


Steps:

1. download and setup socat for Windows on server A
download 2 files below from http://www.gentilkiwi.com/telechargements-s43-t-socat.htm#englishversion

socat-1.7.1.3.zip and cyg-dep.zip

Create c:\socat directory and extract both zip files under it

How to test it?
c:
cd socat
socat
2010/10/06 10:59:02 socat[15822] E exactly 2 addresses required (there are 0); use option "-h" for help

Note: once you see above output, that means socat is installed successfully.

2. run socat command with options to do tcp port forwarder
on Windows server A:
cd socat
socat -d -d -lf socat.txt tcp4-listen:25,reuseaddr,fork,tcpwrap=socat,allow-table=socat-allow,deny-table=socat-deny tcp4:smtp.jephe.com:25

the following are the content inside socat-allow and socat-deny files:
For socat-allow:
socat:1.2.3.4,5.6.7.8

For socat-deny:
socat:all

on Windows server B:
You can use server A as smtp server which will be forwarded by socat to smtp.domain.com

note: you can use range option to restrict the source ip such as 10.0.0.0/8 if that's better for your situation.

Appendix:
a. You can use plugdaemon (http://www.taronga.com/plugdaemon/) on Linux or iptables(snat/dnat, even for single NIC with kernel parameter net.ipv4.ip_forward enabled) to achive port forwarding function also.
b. socat website is at http://www.dest-unreach.org/socat/

at 10/06/2010 02:29:00 PM

Labels: