Results 1 to 7 of 7

Thread: Conditional portforwarding possible

  1. #1
    Join Date
    Apr 2012
    Beans
    4

    Conditional portforwarding possible

    Let me desribe the problem first:
    My server application "Blunzen's App" listens on port 1234 for client requests which works fine for nice clients. But there are also evil "Blunzen's App" clients that destroy my server. Unfortunately my "Blunzen's App" server is silly and therefore not able to distinguish good from evil. I can't change the "Blunzen's App" server protocol to make it smarter to defend itselves.

    And here is my solution idea:
    I want to invent a "Blunzen's App Guard" service that listens on port 1234, that, instead of the "Blunzen's App" server, checks client requests for good and evil and only forwards the good requests to the "Blunzen's App" server that now listens on port 4321.
    The good clients show a permit to the "Blunzen's App Guard" service. With a valid permit all packages from a good client should be forwarded to port 4321. All bad requests should be ignored.

    Suggestions for implementation are welcome.

  2. #2
    Join Date
    Aug 2008
    Location
    Washington DC
    Beans
    2,186
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Conditional portforwarding possible

    what is with all the homework requests lately.

  3. #3
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,552
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Conditional portforwarding possible

    A port knocker utility is one possibility. The client would send a "combination" that would unlock the port and the port would open for that client's IP address specifically -- requires use of firewalls.

    If you don't want something that complex, you could really lock down the port to specific IP addresses or usernames through just using a firewall itself.

  4. #4
    Join Date
    Dec 2011
    Location
    The Netherlands
    Beans
    1,093
    Distro
    Ubuntu 11.10 Oneiric Ocelot

    Re: Conditional portforwarding possible

    I'm not gonna do your homework.
    But if the good clients always have the same ip, just make some firewall rules.
    That's the way my private git repo is secured. (only 3pc's can even see it)
    "Everything that has a beginning, has an end." --an unexpectedly wise wallpaper

  5. #5
    Join Date
    Apr 2012
    Beans
    4

    Re: Conditional portforwarding possible

    Quote Originally Posted by roelforg View Post
    I'm not gonna do your homework.
    But if the good clients always have the same ip, just make some firewall rules.
    That's the way my private git repo is secured. (only 3pc's can even see it)
    Unfortunately the IPs and also the users of the good clients are not predictable.

  6. #6
    Join Date
    Apr 2012
    Beans
    4

    Re: Conditional portforwarding possible

    Quote Originally Posted by kevdog View Post
    A port knocker utility is one possibility. The client would send a "combination" that would unlock the port and the port would open for that client's IP address specifically -- requires use of firewalls.

    If you don't want something that complex, you could really lock down the port to specific IP addresses or usernames through just using a firewall itself.
    I forgot to mention that I want to keep my "Blunzen's App" as public as possible. I don't know the users and the IPs who acquire the good clients.
    Thank you for the hint with port knocking. I think that can be the solution.

  7. #7
    Join Date
    Apr 2012
    Beans
    4

    Re: Conditional portforwarding possible

    Quote Originally Posted by kevdog View Post
    A port knocker utility is one possibility. The client would send a "combination" that would unlock the port and the port would open for that client's IP address specifically -- requires use of firewalls.

    If you don't want something that complex, you could really lock down the port to specific IP addresses or usernames through just using a firewall itself.

    Thank you for the port knocker hint. I think it is exactely what I need.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •