tgcd: extend the accessibility of TCP/IP based network services beyond firewalls

by do son · May 27, 2018

tgcd is a simple Unix network utility to extend the accessibility of TCP/IP based network services beyond firewalls. This can also be used by network analysts and security experts for penetration testing and analyze the security of their network. It has three different modes:

ConnectConnect (or CC, specified by option -C)
ListenListen (or LL, specified by option -L)
Port Forwarder (or PF, specified by option -F)

The ConnectConnect and ListenListen instances of tgcd are used jointly together, while the Port Forwarder mode acts standalone. The ConnectConnect instance resides somewhere on the network (inside the LAN) where it can access the desired server, while the ListenListen will be where the external client can access it (outside the LAN). The ConnectConnect instance, when started, tries to establish a control connection to ListenListen instance (if failed it will retry every n seconds specified by -i ). The ListenListen instance upon receiving a connection from the client will send a request to ConnectConnect (over the already established control connection) to establish a connection to the server as well as another connection to ListenListen for data transferring. In the Port Forwarder mode, tgcd will pump data from one port to another providing a basic port forwarding functionality.

For all three modes, one can choose (using -m option) between two different ways of handling multiple connections. By choosing the Select method, the program will use less system memory in the expense of slower handling of multiple connections, and on the other side by choosing Fork method tgcd will handle the multiple connections faster in the expense of system memory.

tgcd links with libwrap (if available at build time) to provide a simple access control mechanism that’s provided by hosts_access(5).

Features

command line interface
compatible with most Unix family operating systems
High performance
low memory footprint

Download

Usage

-C, --ccnode

Become a CC (ConnectConnect) node.

-s, --server <host:port>

The host and port of the actual server

-c, --llhost <host:port>

The host and port of the ListenListen node.

-i, --interval <seconds>

Time interval to periodically report to LL (default: 40s).

-k, --key <number>

poorman's encryption (0-255, default: 0, means no encryption)

-a, --auth <password>

HMAC password to authenticate a control connection with LL In order to use this feature, tgcd must be configured and built with --with-mhash

Options for ListenListen mode:

-L, --llnode

Become a LL (ListenListen) node.

-q, --llport number

The port to listen on for incoming connection from a CC node

-p, --port number

The port to listen of for incoming actual client connection

-e, --interface <interface IP>

The interface for incomming actual client connection (default: all interfaces)

-k, --key number

poorman's encryption (0-255, default: 0, means no encryption)

-a, --auth <password>

HMAC password to authenticate an incoming CC control connection In order to use this feature, tgcd must be configured and built with --with-mhash

Port forwarder options:

-F, --lcnode

Become a ListenConnect node, i.e. just a simple port forwarder

-p, --port number

The port to listen of for incoming actual client connection

-s, --server host:port

The host and port of the destination server

Common options:

-m, --method {f|s}

f: Fork s: Select (default: s)

-l, --log file

Write logs to file. (default:'/dev/null')

-g, --level number

Log level detail (default:0).

-n, --nodaemon

Do not become daemon

-h, --help

Display this.

-v, --version

Display version number.