PacketProxy
Serves your simple, non-admin TCP proxy needs!
By Daniel Stødle, daniels@cs.uit.no
What is PacketProxy?
PacketProxy is a very simple TCP proxy (or gateway, portal, router, call it what you want), that takes incoming traffic on one port, and redirects it to a different host on a (possibly) different port. For the destination host, it will appear as if the traffic originates from the machine where PacketProxy is running. Why is this useful? Well, one example is IP-restricted networks, where parts of the network is restricted to people currently on the network internal to the institution. As an example, consider a webserver that restricts access to certain pages based on the IP address of the requesting party. If you set up PacketProxy on any machine within the institution's network, pointing it toward the webserver in question, you should be able to surf the restricted pages just as you would surf any other page. (This works as long as incoming TCP connections aren't blocked by a firewall -- if this is the case, even more magic is required. See below!)
Features
Being very simple, PacketProxy has only one big feature, which is being able to redirect traffic from one (or several) hosts to a target host, making it appear as though all the connections are coming from the host on which PacketProxy is running. It also gives some statistics on bandwidth usage during sessions, but that's about it. The source code is highly portable, and requires only a POSIX-compliant OS with PThread support to compile. Also, PacketProxy doesn't need administrator or root capabilites to do its packet forwarding (unlike a number of other tools), which makes it easier to set up and use "out of the box."
A second feature, added in version 0.60, is the ability to only forward incoming connections from authorized hosts. The authorized hosts are specified in a separate configuration file, allowing PacketProxy to screen the incoming connections.
Limitations
PacketProxy currently only supports TCP connections, UDP support may be added at a later time. (There are some technical difficulties associated with forwarding UDP packets, as UDP connections are stateless.)
Get it!
The current version of PacketProxy is 0.72. The source distribution is available for download here:
PacketProxy has so far been tested on RedHat 8.0, 9.0 and Slackware, on some random x86 machines, as well as on Mac OS X without any problems.
Using PacketProxy
PacketProxy is very simple to use. It requires two command line switches:
./pproxy -d <destination host> -p <destination port>
In addition, you may supply the port on which PacketProxy listens with the -l flag. You may also specify the maximum number of threads PacketProxy will ever use at once -- this is useful to prevent someone DoS'ing your proxy :) The maximum number of threads defaults to 10, but can be changed with the -m flag.
For example, to have PacketProxy redirect packets to the web-server at www.apple.com, you can start PacketProxy with the following options:
./pproxy -d www.apple.com -p 80
Assuming you started PacketProxy on your own machine, you should now be able to browse www.apple.com by entering the following URL in your webbrowser:
localhost:1999
The number following the hostname specifies PacketProxy's listening port.
Additional details on PacketProxy's usage can be found in the README, included with the PacketProxy distribution.
Feedback
I'd be grateful for any feedback you may have -- send it to me here: daniels@cs.uit.no. I'm interested in hearing about bugs, suggestions and naturally general criticism. If you find it useful, I'd love to know about that too :)
Version history
I've not been very good keeping a version history, but I'll do that starting with 0.71.
- 0.72 - 7. January 2010: Fixed a Y2.1k issue related to logging; thanks to Greg Hewgill for reporting this issue.
- 0.71 - 30. June 2008: Incorporated a bugfix from Michael Demmer, fixing an issue with incorrect thread counts.
- 0.70 - sometime a long time ago: Previous stable release.
License
PacketProxy is available under the BSD-license:
Copyright (c) 2002-2010, Daniel Stoedle <daniels@cs.uit.no>,
Yellow Lemon Software. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
- Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
- Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
- Neither the name of Yellow Lemon Software nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.