Port redirectable clients
This page covers port bouncer client
compatibility.
Barefoot supports TCP and UDP. Other protocols (e.g., ICMP, SCTP)
are not supported.
No special client configuration is necessary for use with a port
bouncer, but there are some limitations on the application protocols that
can be used with a port bouncer, and some practical consequences resulting
from port bouncing that it is useful to be aware of.
Protocols that specify IP-addresses for use
Clients connect to the port bouncer, which will typically have a
different address from the actual servers that traffic is forwarded
to. If one of the actual servers inserts it's own IP-address
somewhere in the protocol exchange between itself and the client,
this IP-address will typically be an IP-address that the client
cannot reach directly if a port bouncer is used.
An example of this is if passive FTP is used, wherein an FTP server will
provide the client with an IP-address and port number to connect to. The
IP-address provided will however be that of the internal FTP
server. Active FTP has similar problems, as the FTP server on the
internal network may not be able to connect to the FTP client on the
external network.
Barefoot is a traffic relayer and will not rewrite data
transmitted through it in cases like this.
Compatible protocols
The following is a non-exhaustive list of some popular protocols that
can generally be used with a port bouncer.
- HTTP/HTTPS
- DNS
- SSH (care should be taken with keys)
- SMTP
- POP
- IMAP
- ...
Less suited protocols
These protocols are either not usable, or not easily usable:
|