{"id":22178159,"url":"https://github.com/cmason3/portfwd","last_synced_at":"2025-03-24T18:42:54.301Z","repository":{"id":219162136,"uuid":"747835602","full_name":"cmason3/portfwd","owner":"cmason3","description":"TCP/UDP Port Forwarder","archived":false,"fork":false,"pushed_at":"2024-12-12T17:18:00.000Z","size":113,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-29T23:25:10.424Z","etag":null,"topics":["chacha20-poly1305","cryptography","golang","post-quantum","tcp","udp"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cmason3.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-24T18:27:52.000Z","updated_at":"2024-12-12T17:18:03.000Z","dependencies_parsed_at":"2024-01-29T13:43:32.423Z","dependency_job_id":"98a09de4-e19d-4f09-a0c4-457e69646218","html_url":"https://github.com/cmason3/portfwd","commit_stats":null,"previous_names":["cmason3/portfwd"],"tags_count":11,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmason3%2Fportfwd","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmason3%2Fportfwd/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmason3%2Fportfwd/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmason3%2Fportfwd/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cmason3","download_url":"https://codeload.github.com/cmason3/portfwd/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245330498,"owners_count":20597775,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["chacha20-poly1305","cryptography","golang","post-quantum","tcp","udp"],"created_at":"2024-12-02T08:45:39.513Z","updated_at":"2025-03-24T18:42:54.269Z","avatar_url":"https://github.com/cmason3.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# TCP/UDP Port Forwarder\n\nA simple TCP and UDP based port forwarder for IPv4 and IPv6 which supports concurrent connections and secure tunnels using hybrid post-quantum crypto.\n\n### Usage\n\n```\n portfwd -tcp [\u003cbind_host\u003e:]\u003clisten_port\u003e[s]:\u003cremote_host\u003e:\u003cremote_port\u003e[s]\n         -udp [\u003cbind_host\u003e:]\u003clisten_port\u003e:\u003cremote_host\u003e:\u003cremote_port\u003e\n         -logfile \u003cportfwd.log\u003e\n         -config \u003cportfwd.conf\u003e\n         -ft-tcp\n```\n\nYou can specify as many TCP and/or UDP forwarders as you wish on the command line - if you omit `bind_host` then it defaults to `localhost` - to listen on all IPs use `0.0.0.0` for IPv4 or `[::]` for IPv6. If you duplicate `bind_host` and `listen_port` then it will load balance between the destinations (round-robin by default). For TCP connections instead of round-robin load balancing you can specify `-ft-tcp`, which will keep using the same destination until it fails and will then move to the next (fault tolerant).\n\nFor `bind_host` and `remote_host` you can either specify an IPv4 address (e.g. `192.0.2.1`), IPv6 address (e.g. `[2001:db8::1]`) or a DNS hostname (e.g. `host.domain`).\n\nYou also have the option of specifying multiple TCP and/or UDP forwarders (one per line) within a configuration file, e.g:\n\n```\ntcp [\u003cbind_host\u003e:]\u003clisten_port\u003e[s]:\u003cremote_host\u003e:\u003cremote_port\u003e[s]\nudp [\u003cbind_host\u003e:]\u003clisten_port\u003e:\u003cremote_host\u003e:\u003cremote_port\u003e\n```\n\nCommand line arguments can be shortened as long as they don't become ambiguous (e.g. `-t` for `-tcp` and `-c` for `-config`).\n\n### PQC Secure Tunnel (Experimental)\n\nIf you specify \"s\" after the port number then it will establish a secure tunnel between two instances of PortFwd. It uses the draft X-Wing KEM (https://datatracker.ietf.org/doc/html/draft-connolly-cfrg-xwing-kem), which is a hybrid post-quantum key encapsulation mechanism to generate ephemeral encryption/decryption keys, which are used by ChaCha20-Poly1305. It should be noted that this only provides confidentiality and integrity - it doesn't authenticate the hosts.\n\nEach TCP session will use a different set of encryption and decryption keys that are generated randomly when the TCP session is established. The maximum amount of data a single TCP session can send using the same set of keys is 2\u003csup\u003e64\u003c/sup\u003e packets (18.4 quintillion) as we use a `uint64` packet counter as the `nonce`. It is extremely unlikely that any TCP session is going to get anywhere near this number, but to prevent `nonce` re-use it will terminate the TCP session if you do.\n\nTo create a secure tunnel for HTTP traffic you could use it as follows:\n\n#### Host 1\n\n\u003cpre\u003e\nportfwd -tcp 0.0.0.0:8080:\u0026lt;Host 2\u0026gt;:8080\u003cb\u003es\u003c/b\u003e\n\u003c/pre\u003e\n\n#### Host 2\n\n\u003cpre\u003e\nportfwd -tcp 0.0.0.0:8080\u003cb\u003es\u003c/b\u003e:\u0026lt;Server\u0026gt;:80\n\u003c/pre\u003e\n\nIf a Client then connects to Host 1 on port 8080 then it will tunnel the traffic towards the Server via Host 2 using an encrypted tunnel.\n\n### Installation\n\nIf you want to background the process and log the connections to a file then you can use the following syntax:\n\n```\nportfwd \u003carguments\u003e -logfile \u003cportfwd.log\u003e \u0026\n```\n\nAlternatively you can run it as a system service via Systemd using the following commands:\n\n```\ncat \u003c\u003cEOF | sudo tee /etc/systemd/system/portfwd.service 1\u003e/dev/null\n[Unit]\nDescription=TCP/UDP Port Forwarder\n\n[Service]\nExecStart=/usr/local/bin/portfwd -conf /etc/portfwd.conf\nRestart=on-success\n\n[Install]\nWantedBy=default.target\nEOF\n\nsudo systemctl daemon-reload\n\nsudo systemctl enable --now portfwd.service\n\nsudo systemctl status portfwd.service\n```\n\n\u003e [!CAUTION]\n\u003e There are no guarantees the code in any branch will compile or work successfully at any given time - only release tags are guaranteed to compile and work.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcmason3%2Fportfwd","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcmason3%2Fportfwd","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcmason3%2Fportfwd/lists"}