TCP Gender Changer
TCP Gender Changer is a method in computer networking for making an internal TCP/IP based network server accessible beyond its protective firewall.
Mechanism
It consists of two nodes, one resides on the internal the local area network where it can access the desired server, and the other node runs outside of the local area network, where the client can access it. These nodes are respectively called CC (Connect-Connect) and LL (Listen-Listen).
The reason behind naming the nodes are the fact that Connect-Connect node initiates two connections one to the Listen-Listen node and one to the actual server. The Listen-Listen node, however, passively Listens on two TCP/IP ports, one to receive a connection from CC and the other one for an incoming connection from the client.
The CC node, which runs inside the network will establish a control connection to the LL, and waiting for LL's signal to open a connection to the internal server. Upon receiving a client connection LL will signal the CC node to connect the server, once done CC will let LL know of the result and if successful LL will keep the client connection and thus the client and server can communicate while CC and LL both relay the data back and forth.
Use cases
One of the cases where it can be very useful is to connect to a desktop machine behind a firewall running VNC, which would make the desktop remotely accessible over the network and beyond the firewall. Another useful scenario would be to create a VPN using PPP over SSH, or even simply using SSH to connect to an internal Unix based server.
See also
References
External links
Implementations
- tgcd, TCP Gender Changer Daemon is a Unix daemon implementation of TCP Gender Changer method (GNU GPL 2+)
- revinetd is an implementation of the TCP gender changer (GNU GPL 2)
- An implementation using socat utility (GNU GPL with OpenSSL linking exception)
- Firewall Tunnel is a Firewall Tunnel based on the TCP Gender Changer method (GNU GPL 2)