TCP Gender Changer
How it works
It consists of two nodes, one resides on the internal the local area network where it can access the desired server, and the other node runs outside of the local area network, where the client can access it. These nodes are respectively called CC (Connect-Connect) and LL (Listen-Listen).
The reason behind naming the nodes are the fact that Connect-Connect node initiates two connections one to the Listen-Listen node and one to the actual server. The Listen-Listen node, however, passively Listens on two TCP/IP ports, one to receive a connection from CC and the other one for an incoming connection from the client.
The CC node, which runs inside the network will establish a control connection to the LL, and waiting for LL's signal to open a connection to the internal server. Upon receiving a client connection LL will signal the CC node to connect the server, once done CC will let LL know of the result and if successful LL will keep the client connection and thus the client and server can communicate while CC and LL both relay the data back and forth.
One of the cases where it can be very useful is to connect to a desktop machine behind a firewall running VNC, which would make the desktop remotely accessible over the network and beyond the firewall. Another useful scenario would be to create a VPN using PPP over SSH, or even simply using SSH to connect to an internal Unix based server.
There has been many implementations of this method. Some of its implementations are found in the Reference and External Links sections.
- tgcd, TCP Gender Changer Daemon is a Unix daemon implementation of TCP Gender Changer method (GNU GPL 2+)
- revinetd is an implementation of the TCP gender changer (GNU GPL 2)
- An implementation using socat utility (GNU GPL with OpenSSL linking exception)
- Firewall Tunnel is a Firewall Tunnel based on the TCP Gender Changer method (GNU GPL 2)