barefoot   Frontpage - Barefoot - Download - Usage - Status - Support - Modules - Docs - Links - Survey
 

Port redirectable clients

This page covers port bouncer client compatibility.

Barefoot supports TCP and UDP. Other protocols (e.g., ICMP, SCTP) are not supported.

No special client configuration is necessary for use with a port bouncer, but there are some limitations on the application protocols that can be used with a port bouncer, and some practical consequences resulting from port bouncing that it is useful to be aware of.

Protocols that specify IP-addresses for use

Clients connect to the port bouncer, which will typically have a different address from the actual servers that traffic is forwarded to. If one of the actual servers inserts it's own IP-address somewhere in the protocol exchange between itself and the client, this IP-address will typically be an IP-address that the client cannot reach directly if a port bouncer is used.

An example of this is if passive FTP is used, wherein an FTP server will provide the client with an IP-address and port number to connect to. The IP-address provided will however be that of the internal FTP server. Active FTP has similar problems, as the FTP server on the internal network may not be able to connect to the FTP client on the external network.

Barefoot is a traffic relayer and will not rewrite data transmitted through it in cases like this.

Compatible protocols

The following is a non-exhaustive list of some popular protocols that can generally be used with a port bouncer.

  • HTTP/HTTPS
  • DNS
  • SSH (care should be taken with keys)
  • SMTP
  • POP
  • IMAP
  • ...

Less suited protocols

These protocols are either not usable, or not easily usable:

  • FTP

Copyright © 1998-2018 Inferno Nettverk A/S