Error: could not start remote microservice for service[tcp-remote-forward]

Question

Error: could not start remote microservice for service[tcp-remote-forward]

Ricardonacif opened this issue 7 years ago · comments

Hey guys,

Not sure it is a bug or I am doing something wrong. I have a game listening to port 6900 on VPS SERVER_IP1. I wanna create a TCP proxy to it on VPS SERVER_IP2. So I did the following:

1- On VPS SERVER_IP1, I'm running the ssfs (server) as: ./ssfs -p 6901

2- On VPS SERVER_IP2, I'm running ./ssfc -L SERVER_IP2:6901:127.0.0.1:6900 -p 6901 SERVER_IP1

When I run a telnet 127.0.0.1 6901 inside VPS SERVER_IP2, everything works. But I'm not sure why it doesn't work when I'm outside this VPS and I run telnet SERVER_IP2 6901

Not sure if I understand correct, but if I change the -L to -R I get this:

[2017-03-16 13:16:23][info] config[tls]: cipher suite: <DHE-RSA-AES256-GCM-SHA384>
[2017-03-16 13:16:23][info] config[HTTP proxy]: <None>
[2017-03-16 13:16:23][info] config[circuit]: <None>
[2017-03-16 13:16:23][info] client: connecting to <SERVER_IP1:6901>
[2017-03-16 13:16:23][info] client: running (Ctrl + C to stop)
[2017-03-16 13:16:24][info] client: connected to remote server OK
[2017-03-16 13:16:25][error] service[admin]: could not start remote microservice for service[tcp-remote-forward]
[2017-03-16 13:16:25][error] client: service <tcp-remote-forward> KO

Anyone?

securesocketfunneling · Answer 1 · Wed Mar 22 2017 00:17:36 GMT+0800 (China Standard Time)

Hello,

I removed your server ips as it is not relevant to the problem.

-R option tries to open a listening socket SERVER1 side.

You must use the -g option to allow ssfc to listen on a different network interface than localhost.

./ssfc -L SERVER_IP2:6901:127.0.0.1:6900 -g -p 6901 SERVER_IP1

Do not hesitate to leave a comment to feedback us!

RyccoSN · Answer 2 · Wed Mar 22 2017 01:51:41 GMT+0800 (China Standard Time)

Thanks soooo much! It's working now!

RyccoSN · Answer 3 · Wed Mar 22 2017 02:07:17 GMT+0800 (China Standard Time)

Great, my only issue now is that the program recognizes the ip as 127.0.0.1, which is expected of course, but is there anyway I could solve this? Anyway the proxy server could mimic the external ip?

securesocketfunneling · Answer 4 · Thu Mar 23 2017 00:43:51 GMT+0800 (China Standard Time)

You are looking for much more than port forwarding if you want to do this.
You would like to create a VPN: the traffic is routed (and not forwarded) through a secure tunnel from one point to an other transparently. So that the peer can send back data to the real IP and not its forwarded endpoint.

SSF does not provide a way to create this configuration at the moment.

The only solution is to forward statically all the ports used from the software server to the client. Your client IP must be explicitly set in the reverse port forwarding (-R, -V). We are talking about UDP traffic for this part, right?
If the ports used are not static, you must forward as many ports as necessary. We may add an option to declare range port forwarding in a future version.

CLIENT_SOFTWARE	ssfc option	SERVER_SOFTWARE
TCP:6901	-> `-L IP:6901:localhost:6900`	TCP:6900
UDP:XXXX	<- `-V localhost:XXXX:CLIENT_IP:XXXX`	UDP:localhost:XXXX
UDP:YYYY	<- `-V localhost:YYYY:CLIENT_IP:YYYY`	UDP:localhost:YYYY