udpxd - A general purpose UDP relay/port forwarder/proxy
Usage: udpxd [-lbdfpvhV]
udpxd can be used to forward or proxy UDP client traffic to another port on another system. It also supports binding to a specific ip address which will be used as the source for outgoing packets.
It listens on the ip address and port specified with -l and waits for incoming udp packets. If one arrives, it sends it to the destination specified with -t. Responses will be sent back accordingly.
If -b has not been specified, udpxd uses the operating systems default (e.g. routing) as the source where it sends requests packets out. If -b has been specified, then it binds to the given ip address and uses this as the source address.
In any case, udpxd behaves like a proxy. The receiving end (-t) only sees the source ip address of the outgoing interface of the system running udpxd or the address specified with -b.
The options -l and -t are mandatory.
If the option -d has been specified, udpxd forks into
the background and becomes a daemon. It writes it pidfile to
C, which can be changed with the -p
option. If started as root, it also drops privileges to the
Caution: if not running in daemon mode, udpxd does not drop its privileges and will continue to run as root (if started as root).
Udpxd supports ip version 4 and 6, it doesn't support hostnames, -l, -t and -b must be ip addresses. In order to specify an ipv6 address and a port, use:
that is, surround the ipv6 address with brackets.
Port forwardings can be mixed:
listen | forward to -------+----------- ipv4 | ipv4 ipv6 | ipv4 ipv4 | ipv6 ipv6 | ipv6
Let's say you operate a multihomed unix system named 'foo' with two interfaces: eth0 on the inside, eth1 on the outside:
foo: eth0: 192.168.1.1 eth1: 10.0.0.1
And let's say, you have a client in network 10.0.0.0/24 who whiches to reach an ntp server in network 192.168.1.0/24; and you dont operate a firewall, nat or routing on 'foo'. Run udpxd like this:
udpxd -l 10.0.0.1:123 -t 192.168.1.199:123
Now, if a client with the source ip address 10.0.0.110 sends a ntp request to 10.0.0.1:123, udpxd will forward that packet to 192.168.1.199:123 with the source ip address 192.168.1.1 (because this is where the route points to: eth0). Responses from the ntp server will reach udpxd, which in turn sends them back to the client, where they arrive with the source address (and port) where udpxd is listening.
As you can see, udpxd can be used to implement hiding nat for udp services in user space.
Another example would be, if 'foo' has multiple ip addresses on eth0 (aliases) and you don't want to use the primary address of the interface for outgoing packets.
foo, again: eth0: 192.168.1.1,192.168.1.45 eth0: 10.0.0.1
In order to use 192.168.1.45 as the source ip address, use the -b parameter:
udpxd -l 10.0.0.1:123 -t 192.168.1.199:123 -b 192.168.1.45
In this case for the client everything looks as before, but the ntp server on the other end will see ntp requests coming from 192.168.1.45 instead.
Here we listen on the ip v6 loopback address and forward traffic to another ip v6 destination address:
udpxd -l [::1]:53 -t [2001:4860:4860::8888]:53
Or, we could listen on an ip v4 address and forward to an ip v6 address:
udpxd -l 192.168.1.1:53 -t [2001:4860:4860::8888]:53
/var/run/udpxd.pid: created if running in daemon mode (-d).
In order to report a bug, unexpected behavior, feature requests or to submit a patch, please open an issue on github: https://github.com/TLINDEN/udpxd/issues.
This software is licensed under the GNU GENERAL PUBLIC LICENSE version 3.
Copyright (c) 2015-2017 by T. v. Dein.
This software uses uthash (bundled), which is Copyright (c) 2003-2013 by Troy D. Hanson.
T.v.Dein tom AT vondein DOT org