| Here is my problem. | I am a contract computer programmer. One of the good things about my | job is that I can pretty much work from anywhere I can get an internet | connection. The problem is that I often need to use ports that most | people don't and which therefore are blocked from many wireless | hotspots. | | The most common one is port number 1433 for connecting to Database | servers. The servers are not mine but my clients so I cannot change | the port number on the server end.
This one is blocked for a good reason. There are insecure databases that listen on this port all over the internet. This attracts lots of would-be crackers that perform massive probes looking for insecure ports. Your wireless hot-spot would be saturated by one of these crackers that found they could do their deed there. The hot-spot would not be serving it's real intended purpose. So blocking this port makes crackers move along to somewhere else.
| Basically this is my idea to solve the problem | | 1. Leave a computer online at my house that would forward my request | from the hotspot onto the server. | 2. I would then change the requests that I am making to the server from | the wireless hotspot to actually make the requests to my home PC on a | port that is not blocked at the hotspot. Say port 80. | 3. The computer at home would forward all requests on the designated | port number onto the server on port number 1433 It would then return | all responses from the server back to me on the hotspot.
Some providers block port 1433 (and many others) coming inbound at their border, to help protect their customers that are security idiots, and to keep down the cracking traffic on their network. Be sure yours does not or else you'll have to establish this special gateway inside the network that hosts the database.
| For step 3 above I would like to find a utility program that I could | set up to do this. I also could write a program in java that I could | run on home pc to do this but I would rather not if there is already | something out there.
I wrote a program called tcprelay that does this. You'll need a UNIX compatible system to run it. BSD or Linux would be ideal. Maybe you could get it to run in Windows with Cygwin, or run Linux inside Windows with coLinux (I've never tried any of the Windows options).
Another alternative is a program called stunnel. If you can layer your client connections in TLS/SSL, stunnel decrypts the traffic and passes on the data stream.
You'd get the most out of TLS/SSL encryption if you host stunnel inside the network running the database.
| Any suggestions on programs that would do this? | Can this be done? Any ideas on problems I would run into trying to | program this? |
My tcprelay program is included as a demo program inside LIBH, a library for C programmers, to demonstrate a part of that library that makes it easier to create a daemon in C.
formatting link
The tcprelay program is started at a command line or in a shell script by giving it the port number to listen on, and the host and port to connect to. It has no security.
-- |---------------------------------------/----------------------------------| | Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below | | first name lower case at ipal.net / snipped-for-privacy@ipal.net | |------------------------------------/-------------------------------------|