tcpforward

simplest tcp forwarder in go

Usage:

  -debug
        more logs
  -jr string
        Send something before rejecting
          bin: random bytes
          text: random hex text
         file: send a file
          none: just close (default "none")
  -jrf string
        Path to file for reject reply
  -l string
        host:port to listen on (default ":2081")
  -m int
        min accepted request (default 10)
  -p string
        String to prefix log output
  -pp string
        host:port for webpage verify (default ":2082")
  -ppa string
        path for webpage verify (default "/verify-mvacrw9khofxsd")
  -pr
        Request webpage is required
  -ps
        SSL For webpage is enabled (default true)
  -psk string
        path to webpage SSL private key (default "SelfSigned")
  -psp string
        path to webpage SSL public cert (default "SelfSigned")
  -r string
        host:port to forward to (default ":2080")
  -t int
        How long a client can take to create enough connections in ms (default 500)
  -tt float
        IP trust reset timer in minute (default 60)

go run ./tcpforward.go -l :2081 -r :2080 -pr -m 13 -jr bin
(date) Client > :2081 > :2080 > Server
(date)
TCPForward init,  Tip:

### Block port from Internet ###
iptables -A INPUT -p tcp --dport :2080 -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport :2080 -j DROP
ip6tables -A INPUT -p tcp --dport :2080 -s ::1 -j ACCEPT
ip6tables -A INPUT -p tcp --dport :2080 -j DROP

### Delete rule ###
iptables -D INPUT -p tcp --dport :2080 -j DROP
ip6tables -D INPUT -p tcp --dport :2080 -j DROP

(execute with root privileges)


(date) request webpage at :2082/verify-mvacrw9khofxsd to verify
(date)   TCPForwarder ready
(date) Rejected connection from 127.0.0.1, 3 Connections in 0ms
(date) Rejected connection from 127.0.0.1, 6 Connections in 1ms
(date) Rejected connection from 127.0.0.1, 9 Connections in 2ms
(date) Rejected connection from 127.0.0.1, 12 Connections in 2ms
(date) Rejected connection from 127.0.0.1, 3 Connections in 0ms
(date) (Webpage) New IP address 127.0.0.1 added
(date) Rejected connection from 127.0.0.1, 3 Connections in 0ms
(date) Rejected connection from 127.0.0.1, 6 Connections in 2ms
(date) Rejected connection from 127.0.0.1, 3 Connections in 1ms
(date) Rejected connection from 127.0.0.1, 3 Connections in 1ms
(date) Rejected connection from 127.0.0.1, 6 Connections in 5ms
(date) Rejected connection from 127.0.0.1, 9 Connections in 10ms
(date) Rejected connection from 127.0.0.1, 3 Connections in 1ms
(date) Rejected connection from 127.0.0.1, 3 Connections in 1ms
(date) Rejected connection from 127.0.0.1, 3 Connections in 0ms
(date) Rejected connection from 127.0.0.1, 6 Connections in 1ms
(date) Rejected connection from 127.0.0.1, 9 Connections in 3ms
(date) Rejected connection from 127.0.0.1, 12 Connections in 4ms
(date) Trust connections from 127.0.0.1

Tip:

Block port from Internet:

Replacement: sudo quickTables -port <PORT_NUMBER> block

sudo iptables -A INPUT -p tcp --dport <PORT_NUMBER> -s 127.0.0.1 -j ACCEPT

sudo iptables -A INPUT -p tcp --dport <PORT_NUMBER> -j DROP

sudo ip6tables -A INPUT -p tcp --dport <PORT_NUMBER> -s ::1 -j ACCEPT

sudo ip6tables -A INPUT -p tcp --dport <PORT_NUMBER> -j DROP

Delete rule:

Replacement: sudo quickTables -port <PORT_NUMBER> unblock

sudo iptables -D INPUT -p tcp --dport <PORT_NUMBER> -j DROP

sudo ip6tables -D INPUT -p tcp --dport <PORT_NUMBER> -j DROP

Build

go build -ldflags "-linkmode=external -extldflags '-static'" ./tcpforward.go