------------------------------------------------------------------------------- socat Hints and tips Socat is a sort of netcat on steroids. Home Page (examples galore!) http://www.dest-unreach.org/socat/ Like netcat it can connect stdin/stdout to any network port (client or server) but it can also connect between any data channel, and any other data channel either uni-directionally or bi-directionally. It generally takes two arguments and generally only handles one connection though for listen connections it can fork a sub-connection... ------------------------------------------------------------------------------- Examples (this is just the tip of the iceberg)... listen, and send (use two different windows) echo "from server" | socat tcp-listen:8080 - echo "from client" | socat tcp:localhost:8080 - #> hello -- output on each terminal Note that socat order does not matter, as socat creates fully bi-directional connections (both stdin and stdout). That is this is exactly the same... echo "from server" | socat - tcp-listen:8080 echo "from client" | socat - tcp:localhost:8080 Telnet like TCP connection... socat tcp:www.domain.org:5555 - Network shell -- for the above socat tcp-listen:5555 exec:bash,setsid,pty,stderr Set up a proxy to forward anything that connects to port 443 (HTTPS) to the local port 22 (SSH) socat tcp-listen:443,reuseaddr,fork tcp:localhost:22 Or a mini-inetd program forker... Connects a PTY wrappered program to port 5555 when a connection is recieved. socat TCP4-LISTEN:5555,fork \ EXEC:'/bin/myscript',su-d=nobody,pty,stderr Remote control (direct timed feed) of ssh connection in a pty... (sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) | socat - EXEC:'ssh user@server',pty,setsid,ctty The pty,setsid,ctty is needed to make ssh think it really is interactive! Add 'readline' history to a FTP connection but do not echo the ftp password! socat READLINE,noecho='[Pp]assword:' \ EXEC:'ftp ftp.server.com',pty,setsid,ctty ------------------------------------------------------------------------------- Forked web server, of a shell function... This is an expandsion on the 'mini-inetd' service above.... =======8<--------CUT HERE---------- send_web_page() { output=( ROCK PAPER SCISSORS ) result=${output[RANDOM%3]}$'\r\n' printf "HTTP/1.0 200 OK\r\nContent-Length: %d\r\n\r\n%s" \ ${#result} "$result" } # export the function to sub-shells export -f send_web_page # looped server, using socat socat tcp-listen:8080,fork exec:'bash -c send_web_page' =======8<--------CUT HERE---------- ------------------------------------------------------------------------------- IP range protection Limit where IP connections come from Single IP socat tcp-listen:443,range=192.168.1.3/32,reuseaddr,fork \ tcp:localhost:22 Range of IPs socat tcp-listen:443,range=192.168.0.0/24,reuseaddr,fork \ tcp:localhost:22 Host Allow a list of IPs from port 443 to ssh port 22 socat tcp-listen:443,allow-table=iplist,reuseaddr,fork \ tcp:localhost:22 # iplist contents: ALL: 192.168.100.1: ALLOW ALL: ALL: DENY -------------------------------------------------------------------------------