这里是openkava 的blog,关注程序开发的一切技术。 ZZ 表示转载的文章,如涉及版权,请和我联系删除。 在这里你可以看到关于以下技术的文章: 移动开发技术,ANDROID ,IOS,WINDOWS PHONE平台开发,企业ERP开发,动态脚本PYTHON ,OPENGL ES 3D技术,游戏开发技术,HTML5 ,JAVASCRIPT ,MYSQL,AMAZON EC2 ,GOOGLE GAE ,GOOGLE CLOUD SQL 等 。 本站发展历程: 2010年,正式把所有的blog移到这里,租用godaddy的空间,记录生活和工作上的一些心得。 下面是关于我的个人介绍,写在这里权当凑字数啦。 职业:软件开发,开发经验6年,管理经验3年; 工作上使用的技术:C#, SQL SERVER 个人使用的技术:PYTHON,PHP, CSS, JAVA ,ANDROID ,object-c 等等 联系我请发邮件:<a href=""><img class="alignnone size-full wp-image-96" title="邮箱" src="" alt="" width="174" height="24" /></a>

Use socat tool for port forwarding.


socat TCP4-LISTEN:188,reuseaddr,fork TCP4: &

(Listen on port 188 locally and forward requests to port 123 on


cmd:> socat TCP4-LISTEN:1234,reuseaddr,fork TCP4:

TCP4-LISTEN: Establishes a TCP ipv4 protocol listening port locally;
reuseaddr: Binds a local port;
fork: Sets multiple connection mode, which means that after a connection is established, it automatically duplicates the same port and listens again.

When starting socat in listening mode, it occupies a shell in the foreground, so it needs to be executed in the background.
socat -d -d tcp4-listen:8900,reuseaddr,fork tcp4: # Port forwarding

server: socat exec:/bin/sh tcp4.x.x.x:999
client: socat tcp-listen:999 - # The server opens an sh terminal and displays it to the client
socat -d -d tcp4-listen:8901,reuseaddr,fork tcp4:
socat -d -d tcp4-listen:8903,reuseaddr,fork tcp4:

ssl tunnel:
server: socat tcp-listen:8888,reuseaddr,fork,tcp4:10.0.0.client
client: socat tcp4:10.0.0.server tcp-connect:hostname:8888

tun: Create a channel between two servers and a client
socat -d -d tcp-listen:9999,reuseaddr tun:,up #server
socat socat tcp.x.x.x:9999 tun:,up


To be honest, it's a bit outdated. It's my first time using socat until now.
But today, I took a look and realized that netcat (nc) hasn't been maintained for years. There was something called nc110, but it became so popular that people didn't want to change its functionality, resulting in no progress for many years... It seems that the current RHEL5 is also derived from nc110. Another branch is netcat, which is the easiest to find on Google when searching for netcat, but it hasn't been updated for many years either... Due to these circumstances, socat came into being. Although it has been around for many years, I just got to know it...

Let's try a few commonly used netcat commands with socat for comparison:

  1. Listen on TCP port 12345

nc -l 12345#

socat tcp-listen:12345 -#

  1. Send some text to remote TCP port 12345

echo "test" | nc 12345#

echo "test" | socat - tcp-connect:

  1. Listen on UDP port 23456

nc -u -l 23456#

socat udp-listen:23456 -#

  1. Send some text to remote UDP port 23456

echo "test" | nc -u 23456#

echo "test" | socat - udp-connect:

  1. Listen on Unix socket /tmp/unix.socket

nc -U -l /tmp/unix.socket#

Netcat does not have the -U option

socat unix-listen:/tmp/unix.socket -#

  1. Send some text to local Unix socket /tmp/unix.socket

echo "test" | nc -U /tmp/unix.socket#

Netcat does not have the -U option

echo "test" | socat - unix-connect:/tmp/unix.sock#

  1. Listen on local Unix datagram socket /tmp/unix.dg.sock
    nc110 cannot handle this, netcat cannot handle this either

socat unix-recvfrom:/tmp/unix.dg.sock -#

  1. Send some text to local Unix datagram socket /dev/log
    nc110 cannot handle this, netcat cannot handle this either

echo "test" | socat - unix-sendto:/tmp/unix.dg.sock#


UDP port mapping in Linux
Original link:

  1. Actual problem
    The SNMP listening port is default to UDP 161. When the monitoring server cannot access it directly, port mapping is needed!
    The same problem exists for the DNS server's UDP 53 port.

  2. Using nc for UDP port mapping
    Assuming the IP of the monitored server is, the host used for port mapping is a public IP such as, and the port to be mapped is UDP 161 with the forwarding port set to 1161 (custom recommendation is to use ports above 1024).
    Perform the following steps on the port mapping server, where nc needs to be installed (usually already installed on the system);
    [Note: nc has security vulnerabilities, so be sure to set up a firewall]
    First, create a named pipe using mkfifo

mkfifo /tmp/snmpfifo#

Establish port mapping using nc -l for listening mode, -u for UDP, and -p for the local port; map the internal monitoring port 161 to the local port 1161;

nc -l -u -p 1161 < /tmp/snmpfifo | nc -u 161 > /tmp/snmpfifo#

Check if netstat is listening on port 1161

netstat -nlp | grep :1161#

udp 0 0* 31472/nc

Test if data can be collected on the monitoring server:
IF-MIB::ifIndex.1 = INTEGER: 1
IF-MIB::ifIndex.2 = INTEGER: 2
IF-MIB::ifIndex.3 = INTEGER: 3
IF-MIB::ifIndex.4 = INTEGER: 4
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: eth0

snmpwalk -c public -v2c if#

Configuration successful; the only issue is that the port listened by nc hangs up after each connection. One way to solve this is to create a script and execute it every minute using crontab;
The main reason for this problem will be analyzed when discussing socat below;
This method works fine for SNMP data collection, but not for DNS services.

  1. Using socat, an upgraded version of nc, to achieve UDP port mapping
    Download the software package from:
    Installation is as simple as configure, make, make install.
    The main feature of socat is establishing a channel between two data streams; it supports many protocols and connection methods: ip, tcp, udp, ipv6, pipe, exec, system, open, proxy, openssl, socket, etc.
    I won't go into detail here!
    If you're interested, you can check the official documentation:
    Let's talk about how to use socat to establish UDP port mapping

socat udp4-listen:11161,reuseaddr,fork UDP:[monitoring server IP]:161#

udp4-listen: Establishes a UDP ipv4 protocol listening port locally;
reuseaddr: Binds a local port;
fork: Sets multiple connection mode, which means that after a connection is established, it automatically duplicates the same port and listens again;

[Note: nc lacks the fork mode, so it can only handle one connection at a time]
Socat is a powerful tool, and I hope to learn more about it together with colleagues who have similar needs!
PS: Whether using the nc method or the socat method, starting the listening mode will occupy a shell in the foreground, so please execute it in the background or use tools like screen!


Socat official documentation:

Socat is a replacement for netcat (nc) and can be called nc++. The main feature of socat is establishing a bidirectional channel between two streams. Socat supports many address types, including ip, tcp, udp, ipv6, pipe, exec, system, open, proxy, openssl, socket, etc. Let's look at an example:

c:> socat - tcp:

This command is equivalent to nc 80. In socat, there must be two streams, so the first parameter "-" represents standard input/output, and the second stream is connected to port 80 on Let's look at another example of reverse telnet:

On the server:
c:> socat tcp-listen:23 exec,pty,stderr

This command binds cmd to port 23 and redirects cmd's stderr to stdout.

On the client:
c:> socat readline tcp:server:23

Connecting to port 23 on the server will give you a cmd shell. Readline is a GNU command line editor with history functionality.

Let's look at an example of file transfer. Netcat is often used for file transfer, but it has a drawback of not knowing when the file transfer is complete. Usually, Ctrl+c is used to terminate it or an estimated time is used with the -w parameter to automatically terminate it. With socat, it's not that complicated:

On host 1:
c:> socat -u open.exe,binary tcp-listen:999

On host 2:
c:> socat -u tcp:host1:999 open.exe,create,binary

This command transfers the file myfile.exe in binary mode from host 1 to host 2. "-u" indicates unidirectional data flow from the first parameter to the second parameter, and "-U" indicates the opposite. Once the file transfer is complete, it automatically exits.

Here's another example that people like to use. In a NAT environment, how do you connect to an internal port from the outside? You just need to run socat internally.

c:> socat tcp-listen:1234 tcp-listen:3389

c:> socat tcp:outerhost:1234 tcp:

Now, port 3389 on your external machine is mapped to port 3389 on the internal network

Socat also has a unique feature called read-write splitting. For example:

c:> socat open.txt!!open.txt,create,append tcp-listen:80,reuseaddr,fork

This command creates a fake web server that sends the contents of read.txt to the client and saves the client's data to write.txt. "!!" is used to merge the read and write streams, with the former for reading and the latter for writing.


Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.