client UDP 5093 -> TCP 5555 and vice versa in Server (TCP 5555 -> UDP 5093)
Hi, I have a project where several students with IBM SPSS installed need to connect to a server where the IBM SPSS Network License Manager (Sentinel RMS) is installed and it requires that UDP port 5093 be open on the server's firewall to allow the clients to communicate and retrieve licenses. In my case this is not allowed in the firewall and I am trying to find solutions. One solution is to create VPN users to ensure that only allowed clients can communicate on this port (UDP 5093). But I prefer to keep the port closed for everyone. So the question is of it is possible with stunnel to convert / wrap e.g. by users the UDP port 5093, to "convert" it to TCP e.g. 5555 thus bypassing the firewall policy on the server side (TCP/UDP 5093 is not allowed), and on the server side to do the reverse, i.e. the "conversion" from TCP 5555 to UDP 5093 or is it a stupid idea? Has anyone done a similar project? THX John
Am 19.04.26 um 02:46 schrieb admin--- via stunnel-users:
So the question is of it is possible with stunnel to convert / wrap e.g. by users the UDP port 5093, to "convert" it to TCP e.g. 5555
stunnel does only TCP. socat *may* be able to do that conversion (it knows both UDP and TCP and the manpage doesn't seem to specifically rule the combo out, but I didn't try it), but I would expect the resulting packets to have subtle changes that the software might balk at. A *license* service *should* try to reject manipulated/simulated peers, after all. NATing UDP traffic to a different UDP port that the firewall lets pass would IMHO be preferable, followed by proper tunneling (which includes variants that are "not quite a VPN yet"). Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
participants (2)
-
admin@igram.gr -
Jochen Bern