Port Forwarding Gateway • Overview
Port Forwarding Gateway 2.0: It is a very powerful port forwarding gateway solution. By using http tunnel technology, you can easily bypass strong firewall or your ISP to access internet resources or any final destination you want. It support any tcp-based protocol, like http or telnet protocol.
The Port Forwarding Gateway soluton contain two parts. One is the client that will run on your local computer based on Windows system and One is the server that run on our gateway computer based on Linux system.
Normally, a strong firewall will forbid any outgoing port except 80 port. Because 80 port will be used for surfing internet. For example, if you want to remote access a computer on internet by using telnet. This can not be done because of 21 port will be used by telnet protocol. The outgoing 21 port will be filtered by the firewall.
By using our Port Forwarding Gateway solution, what you need to do is just deploy the Port Forwarding Gateway Client on your computer and config Gateway address and port. Then it is like magically, you can remote access your computer now! Because the client will send your request to the server by using 80 port, so your firewall can not block you. When the gateway server receive request from client, it will forward the request to the final destination further and finally tunnel back the response to your local computer.
Another scenario you can use our Port Forwarding Gateway is bypass some port is blocked by your ISP. For example, if you want to use some VOIP service. The VOIP software need to use 5060 port to access VOIP server. But if your ISP block the 5060 port, then you can not use VOIP service. So the VOIP service provider can use our Port Forwarding Gateway to resolve this.
Main gui of Port Forwarding Gateway Client
Add port mapping dialog box
Listen Port: This is the port that source address should connect into. Then the Port Forwarding Gateway Client will forward data received from this listen port to Port Forwarding Gateway Server, and the server will forward the data to final destination further.
Bind Address: "ALL" means listen your port on all IPs of your computer.
Gateway Address : This is the ip address of your gateway computer.
Gateway Port: This is the port that gateway server will listen. Port Forwarding Gateway Client will connect to this port.
About the Port Forwarding Gateway Server software, the first step is create a user for the software, for example, the user name is john. Then the home directory of the user might be /home/john.
Then upload the software to the home directory of user john and execute commands "gzip -d pfg.tar.gz" and "tar xvf pfg.tar". Then you get a directory named /home/john/pfg now.
Then set environment variable "export PFG_HOME=/home/john/pfg" in the file named .profile(This might be different according to your shell).
Then go to directory /home/john/pfg/conf to config your gateway server.
<?xml version="1.0" encoding="ISO-8859-1"?>
<target name="main" license="">
<!-- Users allow to connect to the Gateway. Passwd must be 10 characters. -->
You can config users that can connect to your gateway server. If you want to add a new user, you can just add one line like <user email="firstname.lastname@example.org" passwd="1234567890" />
<?xml version="1.0" encoding="ISO-8859-1"?>
Here you can config which port that Port Forwarding Gateway server will listen and the destination address will forward to.
listen_port: This is the port that your gateway server will listen and this is the port that gateway client should connect.
destination_ip: Gateway server will forward data from its listen_port to this address.
destination_port: Gateway server will connect to this port and forward data to it.
If you want to add a new port that gateway server will listen, you can just add one line <task name="forwarding443" listen_port="443" destination_ip="192.168.30.5" destination_port="21">
Then you can just go to directory /home/john/pfg/bin, execute command "./pfg" or "./pfg -s" to execute it as a daemon.
When you want to your Port Forwarding Gateway server listen on the port that below 1024. You will get a "listen on port error". Because Linux system will not allow none root user to listen on port that below 1024. You can switch to root user to execute it or just use iptables commands to resolve this problem.
1. vi /etc/sysctl.conf, if you see the line "net.ipv4.ip_forward = 0", then modify it to be "net.ipv4.ip_forward =1";
2. Then execute command "/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 -j REDIRECT --to-port 1080". This command will let Linux system forward data from 80 port to 1080 port. Then you can just config your Port Forwarding Gateway server to listen on port 1080. So there will be no error happen again, because 1080 port is larger than 1024;
3. Then execute command "/sbin/iptables-save > /etc/init.d/iptables.up.rule". This command will save your configuration of iptables to the file iptables.up.rule;
4. Then execute command "/sbin/service iptables restart";
5. Then open file "/etc/network/interfaces" and add one line "pre-up iptables-restore < /etc/init.d/iptables.up.rules". This will make your iptables auto effect when your computer power on.
Pls notice, those above commands based on Ubuntu. Others Linux system may need different commands.