BLOG

July 6 2022

Introduction to socat, a multipurpose forwarding tool for Linux

If you need an advanced system administration tool for your toolbox, this is the one. Socat allows bidirectional data transfers from one location to another.

Socat Linux

Socat it is useful for connect applications inside separate boxes . Imagine you have box A and box B and inside box A there is a database server application running. Furthermore, Box A is closed to the public, but Box B is open. Our network will allow a connection from Box B to Box A.

Now, suppose a user wants to read the database log. We don't want the user to enter Box A, but it's okay if the user wants to enter Box B.

Socat can link the database log in box A with a text reader in box B. In this way, the user can read the log in box B. We must not compromise the security of box A for the user to do the job.

Socat it can work in both directions. The user in box B might want to send some database queries to the database server application in box A. Then, the database server application might send the result to the user in box B. Socat it also supports two-way communication .

The socat utility is a relay proxy for bidirectional data transfers between two independent data channels.

There are many different types of channels that socatcan be linked, including:

  • Fillet
  • pipe
  • Devices (serial line, pseudo-terminal, etc)
  • Socket (UNIX, IP4, IP6 - RAW, UDP, TCP)
  • SSL socket
  • CONNECT proxy connections
  • File descriptors (stdin, etc.)
  • The GNU line editor (readline)
  • Programs
  • Combinations of two of these

This tool is considered to be the enhanced version of netcat. They do similar things, but socathas more additional features, such as allowing multiple clients to listen on one port or reuse connections.

Why do we need Socat?

There are many ways to use it in socatvery effectively.

Here are some examples:

  • TCP port forwarder (one-shot or daemon)
  • External socket
  • Tool for attacking weak firewalls (security and audit)
  • Shell interface for Unix sockets
  • IP6 relay
  • Redirect TCP-oriented programs to a serial line
  • Logically connect serial lines on different computers
  • Establish a relatively safe environment ( sue chroot) for running client or server shell scripts with network connections

How do we use socat?

The syntax for socatit's quite simple:

socat [options] <address> <address>

You must provide the source and destination addresses for this to work. The syntax for these addresses is:

protocol:ip:port

Examples of using socat

Let's start with some basic usage examples socatfor various connections.

1. Connect to TCP port 80 on the local or remote system:

# socat - TCP4:www.example.com:80

In this case, socattransfers data between STDIO (-) and a TCP4 connection to port 80 on a host named www.example.com.

2. Use socatas TCP port forwarder:

For a single connection, enter:

# socat TCP4-LISTEN:81 TCP4:192.168.1.10:80

For multiple connections, use the forkoption used in the following examples:

# socat TCP4-LISTEN:81,fork,reuseaddr TCP4:TCP4:192.168.1.10:80

This example listens on port 81, accepts connections, and forwards connections to port 80 on the remote host.

# socat TCP-LISTEN:3307,reuseaddr,fork UNIX-CONNECT:/var/lib/mysql/mysql.sock 

The above example listens on port 3307, accepts connections, and forwards connections to a Unix socket on the remote host.

3. Implement a simple network-based message collector:

# socat -u TCP4-LISTEN:3334,reuseaddr,fork OPEN:/tmp/test.log,creat,append

In this example, when a client connects to port 3334, a new child process is spawned. All data sent by the clients is added to the file /tmp/test.log. If the file does not exist, socatcreates it. The option reuseaddrallows an immediate restart of the server process.

4. Send a broadcast to the local network:

# socat - UDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0

In this case, socattransfers data from the address stdinmulticast specified using UDP on port 6666 for both local and remote connections. The command also tells the eth0 interface to accept multicast packets for the given group.

Practical uses for socat

Socatis a great troubleshooting tool. It is also useful for making remote connections easily. Basically, I used it socatfor remote MySQL connections. In the example below, I show how socatconnect my web application to a remote MySQL server by connecting via local socket.

1. On my remote MySQL server, I enter:

# socat TCP-LISTEN:3307,reuseaddr,fork UNIX-CONNECT:/var/lib/mysql/mysql.sock &

This command starts it socatand configures it for listening using port 3307.

2. On my web server I enter:

# socat UNIX-LISTEN:/var/lib/mysql/mysql.sock,fork,reuseaddr,unlink-early,user=mysql,group=mysql,mode=777 TCP:192.168.100.5:3307 &

The above command connects to the remote server 192.168.100.5 using port 3307.

However, all communication will be done on the Unix socket /var/lib/mysql/mysql.sockand this makes it appear that it is a local server.

Conclusions

socatit is a sophisticated utility and indeed an excellent tool for any system administrator for getting things done and for troubleshooting.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

INFORMATION

Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds owns the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Facebook, Inc. owns the rights to Facebook®; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV This site is not affiliated, sponsored, or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a registered trademark at European level by MANAGED SERVER SRL Via Enzo Ferrari, 9 62012 Civitanova Marche (MC) Italy.

Back to top