Imagine that you’re nestled deep inside a protective firewall. Somewhere in the outside world is a server that you’d like access to, but only processes on the firewall can reach it. You don’t want to login to the firewall machine each time to access that service.

For example, this might arise if your company’s ISP provides a news-reading service that seems to come from your main firewall machine, but rejects any NNTP connections from any other address. As the administrator of the firewall, you don’t want dozens of people logging on to it, but you would like to let them read and post news from their own workstations.

The program in Example 17.8, fwdport, solves this problem in a generic fashion. You may run as many of these as you like, one per outside service. Sitting on the firewall, it can talk to both worlds. When someone wants to access the outside service, they contact this proxy, which connects on their behalf to the external service. To that outside service, the connection is coming from your firewall, so it lets it in. Then your proxy forks off twin processes, one only reading data from the external server and writing that data back to the internal client, the other only reading data from the internal client and writing that data back to the external server.

For example, you might invoke it this way:

% fwdport -s nntp -l fw.oursite.com -r news.bigorg.com

That means that the program will act as the server for the NNTP service, listening for local connections ...