From owner-freebsd-questions@FreeBSD.ORG Fri Jan 22 20:21:53 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 697331065676 for ; Fri, 22 Jan 2010 20:21:53 +0000 (UTC) (envelope-from amvandemore@gmail.com) Received: from mail-pw0-f44.google.com (mail-pw0-f44.google.com [209.85.160.44]) by mx1.freebsd.org (Postfix) with ESMTP id 3E28C8FC08 for ; Fri, 22 Jan 2010 20:21:52 +0000 (UTC) Received: by pwi15 with SMTP id 15so1109059pwi.3 for ; Fri, 22 Jan 2010 12:21:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=DRb8bE9kpL93M4ejMhRWOOIV0oQcZO3UrQvXCX6ZxWM=; b=XO/W+70OL8G9cY+OwFnI6sRrwKFi0Lb5fcy3MSEvl1zPWHhOaWR68m6MDovKax4iOC 9/7DPpdGklONc2ic0I9gnXAH3Cgr/SSsI7DrWQqkRQv/qTqdIT8bB0FnIGVWgrNzrJFx WNboH0U+5yyNYgwEF2FOzUezqkVhGbuiwKlLY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=KaHv5+LEzgQE9LHUWsG5W/9G4eUYIiQymfQ3GWr1NLb5dJhzcXMY0+sk5URoQOygED rQ8rUQjhO24m6NhFCbBr/brvnX/0P9yoNZzofhQI2Jv86FVZBJ/f2ayULWfZohKsTbPI 8hzlSsBv8SVWwCo1v2o6hMZEA+Svk+H1MG/hk= MIME-Version: 1.0 Received: by 10.142.250.13 with SMTP id x13mr2348626wfh.224.1264191712597; Fri, 22 Jan 2010 12:21:52 -0800 (PST) In-Reply-To: <20100122200138.GA19469@cabstand.com> References: <20100122200138.GA19469@cabstand.com> Date: Fri, 22 Jan 2010 14:21:52 -0600 Message-ID: <6201873e1001221221g5491ba85l75fd6d6f01c009f@mail.gmail.com> From: Adam Vande More To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Re: ISO simple non-forking TCP connection forward/balance tool X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 22 Jan 2010 20:21:53 -0000 On Fri, Jan 22, 2010 at 2:01 PM, Chris Peiffer wrote: > > I'm looking for a simple program I can use to forward incoming TCP > connections to several other addr:port pairs. (including one on the > machine itself.) Holding the connections open and passing the data > back and forth until both parties close their ends. > > I need a solution that doesn't fork. One way to do it is just fork > ad-hoc netcat pipes with inetd, but I'm trying to avoid the process > overhead. > > An ssh tunnel is another option, but the crypto involves too much cpu > overhead. > > I've investigaged ipnat rdr rules, but ipnat seems like it's too > low-level, it wants to divert the packet directly w/o rewriting the > "from" addr. This means that the return packet is a mismatch unless I > make the machine running the forwarder into the router. > > I found a simple program called "balance" floating around out there, > but unfortunately it uses an extremely naive fork-after-accept method > that results in the same process overhead. > > Is there a simple kq-driven tcp forwarder out there? Is there a > pure-TCP forwarding module for lighttpd? (or some other > single-threaded app server?) > > Or is there a good way to do it in the kernel that I'm missing, and > can someone direct me to an ipnat ruleset that creates new > connections, so the TCP forwarding machine doesn't also need to be a > router? > > Thanks very much for your help. > > A few lines in python should do what you're looking for, see socket lib, twisted if you have high performance needs. -- Adam Vande More