473,883 Members | 1,708 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Tunneling UDP over SSH

5 New Member
It's hard to find a suitable forum for this question, but I suppose this should be one of the more appropriate ones. Mind that this is probably a pretty 'advanced' question ;)

I have this situation: a game server (Enemy Territory) is running inside an isolated network which only has a few access points to the outside world by means of SSH. Someone outside this network wants to play on this game server. If the game would be using TCP for network connections, it would be quite simple: setting up an SSH tunnel should do the trick. However, like most FPS games, ET uses UDP, on port 27960. SSH does not allow tunneling UDP traffic.
However, there are ways to convert (or 'bridge') UDP traffic to TCP traffic and vice versa. For instance, "netcat" on Linux/UNIX can do this. So I tried the following.

'client' is the computer outside the protected network.
'intermediate' is the computer inside the network, which allows SSH access from outside.
'server' is the computer inside the network, on which the ET server runs.
In short, I set up an UDP->TCP bridge on 'client', tunnel the TCP traffic through an SSH tunnel to 'intermediate', where it's converted back to UDP and sent to 'server'.

In more detail: the first thing I do is setting up an SSH tunnel from client to intermediate, on some arbitrary TCP port:
ssh -L 5901:127.0.0.1: 5901 intermediate
Next, I set up a TCP->UDP bridge on intermediate, which directs the UDP traffic to server:
netcat -u -L server:27960 -t -p 5901
Finally, I set up an UDP->TCP bridge on client:
netcat -t -L 127.0.0.1:5901 -u -p 27960
So now I would theoretically just need to start ET on the client an connect to 127.0.0.1. However, this doesn't work, it keeps waiting for a connection. Yet, if I connect to UDP port 27960 on the client with netcat, I can talk to the ET server, so the UDP tunnel seems to be working. Does anyone have any idea why it doesn't work with ET itself?
Dec 14 '06 #1
3 46156
sashi
1,754 Recognized Expert Top Contributor
It's hard to find a suitable forum for this question, but I suppose this should be one of the more appropriate ones. Mind that this is probably a pretty 'advanced' question ;)

I have this situation: a game server (Enemy Territory) is running inside an isolated network which only has a few access points to the outside world by means of SSH. Someone outside this network wants to play on this game server. If the game would be using TCP for network connections, it would be quite simple: setting up an SSH tunnel should do the trick. However, like most FPS games, ET uses UDP, on port 27960. SSH does not allow tunneling UDP traffic.
However, there are ways to convert (or 'bridge') UDP traffic to TCP traffic and vice versa. For instance, "netcat" on Linux/UNIX can do this. So I tried the following.

'client' is the computer outside the protected network.
'intermediate' is the computer inside the network, which allows SSH access from outside.
'server' is the computer inside the network, on which the ET server runs.
In short, I set up an UDP->TCP bridge on 'client', tunnel the TCP traffic through an SSH tunnel to 'intermediate', where it's converted back to UDP and sent to 'server'.

In more detail: the first thing I do is setting up an SSH tunnel from client to intermediate, on some arbitrary TCP port:
ssh -L 5901:127.0.0.1: 5901 intermediate
Next, I set up a TCP->UDP bridge on intermediate, which directs the UDP traffic to server:
netcat -u -L server:27960 -t -p 5901
Finally, I set up an UDP->TCP bridge on client:
netcat -t -L 127.0.0.1:5901 -u -p 27960
So now I would theoretically just need to start ET on the client an connect to 127.0.0.1. However, this doesn't work, it keeps waiting for a connection. Yet, if I connect to UDP port 27960 on the client with netcat, I can talk to the ET server, so the UDP tunnel seems to be working. Does anyone have any idea why it doesn't work with ET itself?
Hi there,

I don't think you'll be able to connect to <127.0.0.1> as it's the localhost IP address. Am sure you know that <127.0.0.1> doesn't accept any external connection, replace <127.0.0.1> with your external IP address, hope it works. Good luck & Take care.
Dec 15 '06 #2
DrLex
5 New Member
Maybe it was't entirely clear, but in this experiment I'm running ET on the same machine as where the UDP traffic is tunneled to. So the local netcat forwards the packets to 127.0.0.1 and I connect with ET to 127.0.0.1. Of course, if someone else would want to use the tunnel, they should connect to my public IP.

After verifying everything, I actually managed to connect to the server, but the game stays stuck at "Awaiting gamestate". I have no idea why, because in theory it should work. The verbose mode of netcat and tcpdump show lots of traffic when connecting, but it suddenly stops. Maybe netcat can't handle some type of packet that's required for the game. Ah well, it was worth a try.
Dec 21 '06 #3
bdaddy
1 New Member
That's pretty clever. I don't know anything about the ET UDP protocol, but based on experience with other UDP protocols, I can see at least one potential problem with this strategy. When you bridge a stream of UDP messages to a TCP stream, you will lose the boundaries between UDP messages. So usually UDP protocols implement well-defined messages that will fit into a single UDP packet. If you shove a bunch of small UDP packets through your solution, it may end up showing up on the other side as a single large UDP packet. And and the reciever might not be expecting this, or ready to handle it. You might even end up with a UDP packet getting split as a result of this setup.

What you really need to do is have a client-server protocol on the TCP<->TCP part of your bridge that will package up each UDP packet into a super packet that can be sent out seperately after going through the TCP tunnel.

You could use tcpdump to debug this to see if this kind of corruption is occuring. Even without knowing the specific details of the ET UDP protocol, you could take a network dump of a successful UDP connection, a network dump on each side of your TCP tunnel, and perform a differential analysis between the two. The kind of thing you would want to look for is packet size so see if they are getting corrupted after going through your TCP tunnel.

Hope that helps,
Jan 28 '07 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

0
2200
by: Marko | last post by:
Hello, Don't know if this is the right group... On our LAN, we have PhpMyAdmin 2.5.7-pl1 installed and PmaAbsoluteURI is set to http://192.168.1.200:81. When accessed from LAN, it works great. However, if I connect from home with SSH tunnel and map the localhost:81 to 192.168.1.200:81, I can see the first page of PhpMyAdmin, but if I try to select the database from the pull-down menu, it tries to connect to 192.168.1.200, which, of...
5
4444
by: Zach | last post by:
This is all on linux using jdk1.3. My application is written in AWT, no swing. The application requires running it on the host machine and tunneling the GUI back to a client. I've been doing this via an ssh session. In the building the GUI works pretty much as if I was running it directly from the host machine, no lags or performance problems. Over longer distances I start to see some lagging, the GUI loses some responsiveness, it's...
22
6187
by: Bloke | last post by:
Hi all. Some time ago (years) I had a script on Python 2.2 that would retieve a HTTPS web site. I used python22-win32-ssl.zip to handle the SSL aspect and it worked wonderfully. I am revisiting the project and need to update it to Python 2.4.1. python22-win32-ssl.zip isn't compatable (duh) and I can't find a newer version. I have had a search and can't find anything to point me in the right direction. Can someone please help?
1
1523
by: Jim Hubbard | last post by:
What is the best way to do tunneling via HTTP? I must use ports 80 and/or 443 (as I cannot control where the clients will be connecting to one another from). I want to implement a tunneling server for an in-house application that allows chicken farmers (you know....those big chicken houses that smell really bad when it gets hot) to connect to an in-house P2P solution. The P2P client and server are already written for use on a local...
1
1550
by: tvmaly | last post by:
My host does not provide a good web based management tool for the sql server database I am using. They queue imports and exports so it takes several hours before things are finished. They provide this web based access and access through asp or asp.net. Does anyone know how I could tunnel a connection from enterprise manager to the database using a asp.net web application? Thanks Ty
4
3491
by: Paul Dodowa | last post by:
Is it possible (i.e. are there any modules out there) that allows one to do HTTP tunneling from PHP? (Google is only bringing up ASP.NET links) I'm working with PHP5 so ideally, the code is PHP5 (or at least OO). tia
0
2361
by: Juan Segura | last post by:
Hello: I'm developing a proxy server in VS 2005 C# and i got a problem with the HTTPS tunneling protocol. The secuence I follow is something like that: 1. I read the client request with a new Socket object. 2. If the request is like "CONNECT server:443 HTTP..." go on, else jump to
0
1132
by: db2admin | last post by:
I am really new to the AIX, but i need to create a tunnelling in one of AIX m/c My problem : Machine 1 can connect to a server S1 with port x My client can only access Machine1 and can use any port. Can I use Tunnelling technique so that i can create a tunnel in Machine1 which points to server S1 and thus my client can access the server.
2
3086
by: mochinushi | last post by:
Im a newb C++ programmer trying to figure out what concepts and protocols i should be reading on... What im trying to accomplish is a "stealth" tunnel/forwarder from my computer at the dorm to a remote vps. By stealh i mean so that the evil admin doesnt see what im doing :P First i used ssh tunneling but he noticed the excessive traffic on port 22 and forbid any use of tunneling/encryption stuff :/ Im quite a noob when it comes to...
0
9935
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
10742
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10844
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
10410
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
0
9571
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7970
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7122
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
1
4609
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
3231
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.