ISO simple non-forking TCP connection forward/balance tool

Adam Vande More amvandemore at
Fri Jan 22 20:21:53 UTC 2010

On Fri, Jan 22, 2010 at 2:01 PM, Chris Peiffer <bsdlists at>wrote:

> I'm looking for a simple program I can use to forward incoming TCP
> connections to several other addr:port pairs. (including one on the
> machine itself.) Holding the connections open and passing the data
> back and forth until both parties close their ends.
> I need a solution that doesn't fork. One way to do it is just fork
> ad-hoc netcat pipes with inetd, but I'm trying to avoid the process
> overhead.
> An ssh tunnel is another option, but the crypto involves too much cpu
> overhead.
> I've investigaged ipnat rdr rules, but ipnat seems like it's too
> low-level, it wants to divert the packet directly w/o rewriting the
> "from" addr. This means that the return packet is a mismatch unless I
> make the machine running the forwarder into the router.
> I found a simple program called "balance" floating around out there,
> but unfortunately it uses an extremely naive fork-after-accept method
> that results in the same process overhead.
> Is there a simple kq-driven tcp forwarder out there? Is there a
> pure-TCP forwarding module for lighttpd? (or some other
> single-threaded app server?)
> Or is there a good way to do it in the kernel that I'm missing, and
> can someone direct me to an ipnat ruleset that creates new
> connections, so the TCP forwarding machine doesn't also need to be a
> router?
> Thanks very much for your help.
A few lines in python should do what you're looking for, see socket lib,
twisted if you have high performance needs.

Adam Vande More

More information about the freebsd-questions mailing list