PortFusion
PortFusion copied to clipboard
corsis
Cant seem to make DMZ case work
Using 1.2.1
I have a similar case as http://serverfault.com/questions/254855/socat-connect-connect-proxy-two-inbound-tcp-connections-to-expose-a-firewalled. The "server" is in my DMZ zone, and I have a TCP-service running in my secure-zone (client-A). People need to connect to my service at client-A, via DMZ (using "server) from the internet (client-B).
Running the following on my client-A machine:
./PortFusion 5000 localhost - 10000 server [ 5000
Running the following on my DMZ "server":
./PortFusion ] 192.168.98.181:10000 [
(192.168.98.181 is an IP on which client-A and client-B can see "server" - this is just a simulation)
As soon as I have just started the two PortFusions above, data starts rapidly flowing in both the console-logs. On client-A I see lots of log-sequences like this (where "the random port", 60391 in this case, is different from log-sequence to log-sequence):
Open :.: PeerLink (Just 192.168.201.89:60391) (Just 192.168.98.181:10000)
Send ((:-<-:) 5000) :.: PeerLink (Just 192.168.201.89:60391) (Just 192.168.98.181:10000)
Open :.: PeerLink (Just [::1]:60392) (Just [::1]:5000)
Establish ::: FusionLink (Just 192.168.98.181:10000) (Just 60392) (Just [::1]:5000)
Terminate ::: FusionLink (Just 192.168.98.181:10000) (Just 60392) (Just [::1]:5000)
Close :.: PeerLink (Just 192.168.201.89:60391) (Just 192.168.98.181:10000)
Close :.: PeerLink (Just [::1]:60392) (Just [::1]:5000)
(192.168.201.89 is the IP of client-A) On "server", at the same time, I see lots of log-sequences like this:
Accept :.: PeerLink (Just 192.168.98.181:10000) (Just 192.168.3.10:60391)
Receive ((:-<-:) 5000) :.: PeerLink (Just 192.168.98.181:10000) (Just 192.168.3.10:60391)
Close :.: PeerLink (Just 192.168.98.181:10000) (Just 192.168.3.10:60391)
All this, when I have just started the PortFusion processes on client-A and "server". Why are "random ports" involved in this at all? I do not know where that traffic comes from, but it may my my "Operations department" :-) that is running port-scans or something. Never mind.
Ignoring all this logging, and trying to see if things work as I expect, I now start my tcp-server on client-A
./myTCPserver --port 5000
When I do that, it is clear that lots of connections are made to it and quickly closed again. It seems to match the traffic sketched by the log-sequences of the PortFusion processes.
Also ignoring that, I try to see if I can connect to the service on client-A (192.168.201.89) port 5000 from client-B via "server" (192.168.98.181). Running the following on client-B
telnet 192.168.98.181 5000
But that does not work:
Trying 192.168.98.181...
telnet: Unable to connect to remote host: Connection refused
Do you understand what I am trying to do? Any idea why it does not work?
