Browse Prior Art Database

Program for Exporting Transmission Control Protocol-Based Services through Firewalls

IP.com Disclosure Number: IPCOM000119168D
Original Publication Date: 1997-Dec-01
Included in the Prior Art Database: 2005-Apr-01
Document File: 2 page(s) / 91K

Publishing Venue

IBM

Related People

Guruprasad, V: AUTHOR

Abstract

Disclosed is a program that mirrors Transmission Control Protocol (TCP)-based services and can be used to export a TCP-based service over a firewall using SOCKS v4.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Program for Exporting Transmission Control Protocol-Based Services
through Firewalls

      Disclosed is a program that mirrors Transmission Control
Protocol (TCP)-based services and can be used to export a TCP-based
service over a firewall using SOCKS v4.

      The program, called tcprelay, is designed to run in either of
two modes, called double-server and double-client modes,
respectively.  In the double-server mode, the program binds and
listens for TCP connections on two ports, specified as run-time
parameters in the current embodiment.  In the double-client mode, the
program attempts to connect to two TCP servers, also specified by
run-time parameters.  These modes may be thought of as "gender
changers" for TCP.

      Typically, the two modes are instantiated in pairs and one
connection of the double-client is directed to one port, say Port1,
of the double-server, as shown in the Figure.  This connection will
be called the private channel.  The second connection of the
double-client is directed to an existing TCP server, which will be
hereafter called the real server.  A real client now connects to the
other port, say Port2, on the double-server.  The program is designed
such that all messages are faithfully relayed between the real client
and the real server via the private channel.  For completeness, for
each connection  made (or broken) by a real client to Port2, a
corresponding connection  is made (or broken) by the double-client
instance to the real server, and  conversely, if the real server
breaks a connection, the corresponding real client connection is
broken by the double-server instance. Messages  from individual real
clients are multiplexed over the private channel and  demultiplexed
to the corresponding connections to the real server, and  messages
from the real server on individual connections are likewise
faithfully demultiplexed to the real clients.  Port2 of the
double-server instance, thus, mirrors the real server, and the
double-client instance  correspondingly appears to the real server as
a reflection of one or more  real clients.  The double-server and
double-client modes, thus, function  as virtual server and virtual
client, respectively.  The current embodiment allows one to limit the
number of simultaneous real connections.

      The program provides one way to "virtual-host" a TCP service,
say an Hyper Text Transfer Protocol (HTTP) server.  This by itself is
sometime...