I hadn't heard of socat until recently, and found it incredibly useful. Here's a snip from its man page:
Socat is a command line based utility that establishes two bidirectional byte streams and transfers data between them. Because the streams can be constructed from a large set of different types of data sinks and sources (see address types), and because lots of address options may be applied to the streams, socat can be used for many different purposes. It might be one of the tools that one `has already needed´.
You can install it (on Debian) with your favourite command:
apt-get install socat
socat - TCP4:www.domain.org:80
Transfers data between STDIO (-) and a TCP4 connection to port 80 of host
www.domain.org. This example results in an interactive connection similar to tel-
net or netcat. The stdin terminal parameters are not changed, so you may close the
relay with ^D or abort it with ^C.
socat -d -d READLINE,history=$HOME/.http_history \
TCP4:www.domain.org:www,crnl
This is similar to the previous example, but you can edit the current line in a
bash like manner (READLINE) and use the history file .http_history; socat prints
messages about progress (-d -d). The port is specified by service name (www), and
correct network line termination characters (crnl) instead of NL are used.
socat TCP4-LISTEN:www TCP4:www.domain.org:www
Installs a simple TCP port forwarder. With TCP4-LISTEN it listens on local port
"www" until a connection comes in, accepts it, then connects to the remote host
(TCP4) and starts data transfer. It will not accept a second connection.
socat -d -d -lmlocal2 \
TCP4-LISTEN:80,bind=myaddr1,su=nobody,fork,range=10.0.0.0/8,reuseaddr \
TCP4:www.domain.org:80,bind=myaddr2
TCP port forwarder, each side bound to another local IP address (bind). This exam-
ple handles an almost arbitrary number of parallel or consecutive connections by
fork´ing a new process after each accept(). It provides a little security by
su´ing to user nobody after forking; it only permits connections from the private
10 network (range); due to reuseaddr, it allows immediate restart after master
process´s termination, even if some child sockets are not completely shut down.
With -lmlocal2, socat logs to stderr until successfully reaching the accept loop.
Further logging is directed to syslog with facility local2.
socat TCP4-LISTEN:5555,fork,tcpwrap=script \
EXEC:/bin/myscript,chroot=/home/sandbox,su-d=sandbox,pty,stderr
A simple server that accepts connections (TCP4-LISTEN) and fork´s a new child pro-
cess for each connection; every child acts as single relay. The client must match
the rules for daemon process name "script" in /etc/hosts.allow and
/etc/hosts.deny, otherwise it is refused access (see "man 5 hosts_access"). For
EXEC´uting the program, the child process chroot´s to /home/sandbox, su´s to user
sandbox, and then starts the program /home/sandbox/bin/myscript. Socat and
myscript communicate via a pseudo tty (pty); myscript´s stderr is redirected to
stdout, so its error messages are transferred via socat to the connected client.
socat EXEC:"mail.sh target@domain.com",fdin=3,fdout=4 \
TCP4:mail.relay.org:25,crnl,bind=alias1.server.org,mss=512
mail.sh is a shell script, distributed with socat, that implements a simple SMTP
client. It is programmed to "speak" SMTP on its FDs 3 (in) and 4 (out). The fdin
and fdout options tell socat to use these FDs for communication with the program.
Because mail.sh inherits stdin and stdout while socat does not use them, the
script can read a mail body from stdin. Socat makes alias1 your local source
address (bind), cares for correct network line termination (crnl) and sends at
most 512 data bytes per packet (mss).
socat - /dev/ttyS0,raw,echo=0,crnl
Opens an interactive connection via the serial line, e.g. for talking with a
modem. raw and echo set ttyS0´s terminal parameters to practicable values, crnl
converts to correct newline characters. Consider using READLINE instead of `-´.
socat UNIX-LISTEN:/tmp/.X11-unix/X1,fork \
SOCKS4:host.victim.org:127.0.0.1:6000,socksuser=nobody,sourceport=20
With UNIX-LISTEN, socat opens a listening UNIX domain socket /tmp/.X11-unix/X1.
This path corresponds to local XWindow display :1 on your machine, so XWindow
client connections to DISPLAY=:1 are accepted. Socat then speaks with the SOCKS4
server host.victim.org that might permit sourceport 20 based connections due to an
FTP related weakness in its static IP filters. Socat pretends to be invoked by
socksuser nobody, and requests to be connected to loopback port 6000 (only weak
sockd configurations will allow this). So we get a connection to the victims XWin-
dow server and, if it does not require MIT cookies or Kerberos authentication, we
can start work. Please note that there can only be one connection at a time,
because TCP can establish only one session with a given set of addresses and
ports.
socat -u /tmp/readdata,seek-end=0,ignoreeof -
This is an example for unidirectional data transfer (-u). Socat transfers data
from file /tmp/readdata (implicit address GOPEN), starting at its current end
(seek-end=0 lets socat start reading at current end of file; use seek=0 or no seek
option to first read the existing data) in a "tail -f" like mode (ignoreeof). The
"file" might also be a listening UNIX domain socket (do not use a seek option
then).
(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |
socat - EXEC:'ssh -l user server',pty,setsid,ctty
EXEC´utes an ssh session to server. Uses a pty for communication between socat and
ssh, makes it ssh´s controlling tty (ctty), and makes this pty the owner of a new
process group (setsid), so ssh accepts the password from socat.
socat -u TCP4-LISTEN:3334,reuseaddr,fork \
OPEN:/tmp/in.log,creat,append
Implements a simple network based message collector. For each client connecting
to port 3334, a new child process is generated (option fork). All data sent by
the clients are append´ed to the file /tmp/in.log. If the file does not exist,
socat creat´s it. Option reuseaddr allows immediate restart of the server pro-
cess.
socat READLINE,noecho=´[Pp]assword:´ EXEC:´ftp ftp.server.com´,pty,setsid,ctty
Puts a command line history (READLINE) in front of the EXEC´uted ftp client util-
ity. This allows editing and reuse of FTP commands for relatively comfortable
browsing through the ftp directory hierarchy. The password is echoed! pty is
required to have ftp issue a prompt. Nevertheless, there may occur some confusion
with the password and FTP prompts.
On server with modem:
socat TCP4-LISTEN:54321,reuseaddr /dev/ttyS0,nonblock
On client: mkdir $HOME/dev
socat PTY,link=$HOME/dev/vmodem0 TCP4:modemserver.us.org:54321
Installs a TCP4 service on a modemserver and generates a pseudo terminal device
(PTY) on the client that can be reached under the symbolic link $HOME/dev/vmodem0.
Now an application on the client that expects a serial line or modem can be con-
figured to use $HOME/dev/vmodem0; its traffic will be directed to /dev/ttyS0 on
the modem server.
socat TCP4-LISTEN:2022,reuseaddr,fork \
PROXY:proxy:www.domain.org:22,proxyport=3128,proxyauth=user:pass
starts a forwarder that accepts connections on port 2022, and directs them through
the proxy daemon listening on port 3128 (proxyport) on host proxy, using the CON-
NECT method, where they are authenticated as "user" with "pass" (proxyauth). The
proxy should establish connections to host www.domain.org on port 22 then.
echo |socat -u - file:/tmp/bigfile,create,largefile,seek=100000000000
creates a 100GB sparse file; this requires a file system type that supports this
(ext2, ext3, reiserfs, jfs; not minix, vfat). The operation of writing 1 byte
might take long (reiserfs: some minutes; ext2: "no" time), and the resulting file
can consume some disk space with just its inodes (reiserfs: 2MB; ext2: 16KB).
socat tcp-l:7777,reuseaddr,fork system:´filan -i 0 -s >&2´,nofork
listens for incoming TCP connections on port 7777. For each accepted connection,
invokes a shell. This shell has its stdin and stdout directly connected to the TCP
socket (nofork). The shell starts filan and lets it print the socket addresses to
stderr (your terminal window).