So, if you scan your system from a system outside your network while netcat is listening to 6666, the outside system sees it's got something running. But when you try from inside your network to connect to your external IP address to route it back in, it's giving an error and netcat shows nothing connecting? I'd almost suspect you're having a routing issue trying to go from your local machine to the router and back in, perhaps a NAT issue with your hardware. What device are you using? You might want to check to see if this is the case by trying to connect to that port (or have a friend try it) from outside your network and see if the result is the same.
The -k
option should do the trick.
From the manpage of nc(1)
:
-k Forces nc to stay listening for another connection after its
current connection is completed. It is an error to use this
option without the -l option.
I've noticed the netcat-traditional
package on Debian/Ubuntu does not keep listening as it should. In that case use the netcat-openbsd
package instead and try again!
Alternatively, use socat
, which is more targeted to your usecase of a proxy server. A random TCP-forwarder example from the manpage of socat
which needs some modifications of course.
socat -d -d -lmlocal2 \
TCP4-LISTEN:80,bind=myaddr1,reuseaddr,fork,su=nobody,range=10.0.0.0/8 \
TCP4:www.domain.org:80,bind=myaddr2
TCP port forwarder, each side bound to another local IP
address (bind). This example handles an almost arbitrary
number of parallel or consecutive connections by fork'ing a
new process after each accept() . It provides a little secu‐
rity by su'ing to user nobody after forking; it only permits
connections from the private 10 network (range); due to
reuseaddr, it allows immediate restart after master
process's termination, even if some child sockets are not
completely shut down. With -lmlocal2, socat logs to stderr
until successfully reaching the accept loop. Further logging
is directed to syslog with facility local2.
Best Answer
You should use
openssl s_client -connect server:port
to debug applications over SSL connections.