How port forwarding programs really work?

Tech-Archive recommends: Fix windows errors by optimizing your registry

hello,

I'm trying to code a port forwarding program using raw sockets.
something like 'STL Port Forward' (http://www.skylarktechnology.com/
software/stlportforward.php). but seems I'm missing some pieces of a
puzzle to understand how port forwarding generally works and googling
didn't help.

let's take the following scenario as an example:
- there's a computer 'S' on which some game server (or any server like
HTTP server) is running. the server itself uses UDP for communication
with clients (players). we don't have much control over the computer
'S'.
- there're a bunch of clients (players) 'C1', 'C2', ... wanting to
connect to the game server.
- there's a computer 'PF' which is our computer running our port
forwarding program. we want it to be a middle man between the game
server 'S' and all the clients and possibly keep both 'S' and clients
oblivious that we're in fact in the middle.

C1, C2, C3, ... <-> PF <-> S

ok, so we start the game server on 'S', let's say it runs on some port
like 1234 and waits for UDP packets. we start our port forwarding
program on computer 'PF' and configure it to receive packets on some
port like 5678 and send those packets to game server 'S' on port 1234.
so 'PF' is reading client packets (removing them from socket buffers)
and then sending new packets with the same content to 'S'.

that way all the packets coming to our 'PF' on 5678 will just get
forwarded to 'S' on port 1234. so the clients are trying to connect
and play a game on our computer 'PF' on port 5678 instead of directly
to the game server 'S'. and we want it to work like it would normally
work.

I don't see a problem when receiving the UDP packets from clients. our
'PF' will just receive the packet and send it to 'S'. if we don't
modify the IP header, 'S' will belive the packet is coming from the
computer 'PF'. if we modify IP packet header by spoofing the address
to the real client's address, we can even trick 'S' into thinking the
packet is coming directly from a client, not from out 'PF' computer.

now comes the hard part...

if we don't modify the IP header of incoming client packets and if we
resend those packets to 'S', then 'S' will for sure send the response
packet to us. but when we receive that packet, how will we know to
which client we need to send it? there's no information in the packet
telling us to which client it should go. so many clients are sending
packets to us, we are forwarding the packets to 'S' and receiving many
response packets from 'S' which should then be forwarded to correct
clients. how to know to which client exactly?

on the other hand, if we receive a packet from a client, we read it
and prepare to send a packet to 'S' just like before, but this time we
first modify the IP header of this packet to spoof the source address
by setting the source IP address to the client's one (source address
would be ours, from 'PF' computer), then 'S' would really belive this
packet came from specific client. and I assume then 'S' would try to
send the response packet directly to the client, bypassing our 'PF'
computer which is not ok. so I also don't see how this would work...

so, either way I see the problem I don't understand how to deal with.
how port forwarding programs really works? I mean, I can use this 'STL
Port Forward' program and it really works properly. I tried it with
couple of games. it's just a simple executable (no NDIS drivers
installed) meaning it's using the raw sockets as well to do its magic.

so there's a way how to do it, I just don't understand how. any help?

thanks!
.

Relevant Pages

  • Re: How port forwarding programs really work?
    ... So for each client you will can map a dedicated source port on the PF server that is used to handle the request/response between the PF and S for the specific client. ... - there's a computer 'S' on which some game server (or any server like ... like 1234 and waits for UDP packets. ...
    (microsoft.public.win32.programmer.networks)
  • Re: Question about sockets/listeners
    ... a script that simulates lots of clients sending UDP packets to the ... These clients should send a UDP packet from a particular port ... trying to run each simulated client in a different thread. ...
    (comp.lang.ruby)
  • Re: Setting up a Windows VPN through a Fedora Linux gateway
    ... >>port redirection, ... The windows vpn is a client, ... > need for port forwarding at the client end. ... Then you can see what packets are going ...
    (comp.os.linux.networking)
  • RE: UDP Port Sweep question
    ... These port numbers are all in the range used by UDP-based versions ... The client is being hit on the same 8 ... > cisco IDS sensors and I am unsure as to how to get the actual packet ... > Might I suggest you post some of the packets here? ...
    (Incidents)
  • Re: port forwading problem
    ... > S is a server for a database package on port 12345 ... > C is a client ... > F has port forwarding enabled with the following two lines in sshd_config ...
    (comp.security.ssh)