July 6 2022

Introduction to socat, a multipurpose forwarding tool for Linux

If you need an advanced system administration tool for your toolbox, this is the one. Socat allows bidirectional data transfers from one location to another.

Socat Linux
Print Friendly, PDF & Email

Socat it is useful for connect applications inside separate boxes . Imagine you have box A and box B and inside box A there is a database server application running. Furthermore, Box A is closed to the public, but Box B is open. Our network will allow a connection from Box B to Box A.

Now, suppose a user wants to read the database log. We don't want the user to enter Box A, but it's okay if the user wants to enter Box B.

Socat can link the database log in box A with a text reader in box B. In this way, the user can read the log in box B. We must not compromise the security of box A for the user to do the job.

Socat it can work in both directions. The user in box B might want to send some database queries to the database server application in box A. Then, the database server application might send the result to the user in box B. Socat it also supports two-way communication .

The socat utility is a relay proxy for bidirectional data transfers between two independent data channels.

There are many different types of channels that socatcan be linked, including:

  • Fillet
  • pipe
  • Devices (serial line, pseudo-terminal, etc)
  • Socket (UNIX, IP4, IP6 - RAW, UDP, TCP)
  • SSL socket
  • CONNECT proxy connections
  • File descriptors (stdin, etc.)
  • The GNU line editor (readline)
  • Programs
  • Combinations of two of these

This tool is considered to be the enhanced version of netcat. They do similar things, but socathas more additional features, such as allowing multiple clients to listen on one port or reuse connections.

Why do we need Socat?

There are many ways to use it in socatvery effectively.

Here are some examples:

  • TCP port forwarder (one-shot or daemon)
  • External socket
  • Tool for attacking weak firewalls (security and audit)
  • Shell interface for Unix sockets
  • IP6 relay
  • Redirect TCP-oriented programs to a serial line
  • Logically connect serial lines on different computers
  • Establish a relatively safe environment ( sue chroot) for running client or server shell scripts with network connections

How do we use socat?

The syntax for socatit's quite simple:

socat [options] <address> <address>

You must provide the source and destination addresses for this to work. The syntax for these addresses is:

protocol:ip:port

Examples of using socat

Let's start with some basic usage examples socatfor various connections.

1. Connect to TCP port 80 on the local or remote system:

# socat - TCP4:www.example.com:80

In this case, socattransfers data between STDIO (-) and a TCP4 connection to port 80 on a host named www.example.com.

2. Use socatas TCP port forwarder:

For a single connection, enter:

# socat TCP4-LISTEN:81 TCP4:192.168.1.10:80

For multiple connections, use the forkoption used in the following examples:

# socat TCP4-LISTEN:81,fork,reuseaddr TCP4:TCP4:192.168.1.10:80

This example listens on port 81, accepts connections, and forwards connections to port 80 on the remote host.

# socat TCP-LISTEN:3307,reuseaddr,fork UNIX-CONNECT:/var/lib/mysql/mysql.sock 

The above example listens on port 3307, accepts connections, and forwards connections to a Unix socket on the remote host.

3. Implement a simple network-based message collector:

# socat -u TCP4-LISTEN:3334,reuseaddr,fork OPEN:/tmp/test.log,creat,append

In this example, when a client connects to port 3334, a new child process is spawned. All data sent by the clients is added to the file /tmp/test.log. If the file does not exist, socatcreates it. The option reuseaddrallows an immediate restart of the server process.

4. Send a broadcast to the local network:

# socat - UDP4-DATAGRAM:224.255.0.1:6666,bind=:6666,ip-add-membership=224.255.0.1:eth0

In this case, socattransfers data from the address stdinmulticast specified using UDP on port 6666 for both local and remote connections. The command also tells the eth0 interface to accept multicast packets for the given group.

Practical uses for socat

Socatis a great troubleshooting tool. It is also useful for making remote connections easily. Basically, I used it socatfor remote MySQL connections. In the example below, I show how socatconnect my web application to a remote MySQL server by connecting via local socket.

1. On my remote MySQL server, I enter:

# socat TCP-LISTEN:3307,reuseaddr,fork UNIX-CONNECT:/var/lib/mysql/mysql.sock &

This command starts it socatand configures it for listening using port 3307.

2. On my web server I enter:

# socat UNIX-LISTEN:/var/lib/mysql/mysql.sock,fork,reuseaddr,unlink-early,user=mysql,group=mysql,mode=777 TCP:192.168.100.5:3307 &

The above command connects to the remote server 192.168.100.5 using port 3307.

However, all communication will be done on the Unix socket /var/lib/mysql/mysql.sockand this makes it appear that it is a local server.

Conclusions

socatit is a sophisticated utility and indeed an excellent tool for any system administrator for getting things done and for troubleshooting.

Do you have doubts? Not sure where to start? Contact us


We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.

0256569681

Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.

PRACTICAL

ManagedServer.it is the leading Italian provider of high performance hosting solutions. Our subscription model is affordable and predictable, so customers can access our reliable hosting technologies, dedicated servers and the cloud. ManagedServer.it also offers excellent support and consulting services on Hosting of the main Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Magento.

Back to top