Ethernet Gateway

Ethernet Gateway is a lightweight bridge that connects serial devices and legacy systems to modern TCP/IP networks.

Ethernet Gateway is a standalone, retro-themed server written in Rust that bridges vintage and modern computing. It provides telnet and SSH access to a full-featured gateway with XMODEM, XMODEM-1K, YMODEM, ZMODEM, Kermit, and Punter file transfer, SSH and telnet proxying, an AI chat client, a text-mode web browser, weather reports, and Hayes-compatible serial modem emulation on two physically independent serial ports (each port also flips to a telnet-serial console bridge on demand).

Designed to work with hardware as old as the Commodore 64 and CP/M machines while remaining fully functional on modern ANSI terminals, Ethernet Gateway adapts its display automatically to the capabilities of each connected client.

Download: Pre-built binaries are available on the GitHub Releases page.

sudo apt install -y build-essential pkg-config cmake curl libudev-dev

When launched for the first time, Ethernet Gateway creates a configuration file (egateway.conf) and the transfer/ directory automatically.

$ ./ethernet-gateway
Ethernet Gateway v0.6.2
Author: Ricky Bryce

Created default configuration: egateway.conf
Config: telnet=true, port=2323, security=false, transfer_dir=transfer

Terminal type is auto-detected by examining the byte sent when the user presses backspace.

After terminal detection and optional authentication, the main menu is displayed.

Press the highlighted letter to select a feature. Press H at any menu for context-sensitive help. Press Esc (or ← on PETSCII) to return to the main menu from any submenu.

Upload, download, and manage files on the server using XMODEM, XMODEM-1K, YMODEM, ZMODEM, Kermit, or Punter. The gateway supports the full Forsberg ZMODEM spec including batch sends/receives + ZSKIP, a spec-complete Kermit implementation with both client and server modes, and single-file Punter C1 (“New Punter”) for Commodore 64/128 terminals like CCGMS, Novaterm, and StrikeTerm.

Press C to change directories. Subdirectories within the configured transfer directory are listed. Enter .. to go up one level. All paths are canonicalized to prevent symlink escapes.

Telnet NVT (RFC 854) reserves byte 0xFF as the IAC command marker and requires bare CR (0x0D) to be sent as CR-NUL. Strict clients (PuTTY / ExtraPuTTY, Tera Term, C-Kermit) follow these rules; many retro clients (IMP8, CCGMS, StrikeTerm, AltairDuino firmware) just blast raw bytes. We can't tell for sure which one you're running, so the default is set from the detected terminal type — ASCII and PETSCII get escaping off, ANSI gets it on. That's right for the overwhelming majority of real-world combinations, but if a transfer fails repeatedly with bad-block / CRC errors, press I in the File Transfer menu to flip it the other way and retry.

Connect to remote SSH servers through Ethernet Gateway. Press S from the main menu.

Per-IP lockout is shared with the telnet server: after 3 failed authentication attempts in 5 minutes, the source IP is blocked for 5 minutes across both protocols.

ANSI escape sequences from the remote server are automatically stripped when connected from a PETSCII or ASCII terminal, ensuring readable output on vintage hardware. The PTY is sized 40×25 for PETSCII and 80×24 for ANSI/ASCII.

Connect to remote telnet servers through Ethernet Gateway. Press T from the main menu.

Conversational AI powered by Groq's llama-3.3-70b-versatile model.

Text-mode web browser supporting HTTP, HTTPS, and Gopher.

Current conditions and 3-day forecast for any US zip code.

Press W from the main menu. Weather data is provided by the Open-Meteo API (free, no API key required). Your last-used zip code is saved for convenience.

Press C from the main menu. Changes are saved to egateway.conf immediately.

Authentication is disabled by default. When disabled, only private/loopback IPs are allowed, and gateway addresses (*.*.*.1) are rejected.

In the telnet menu, Configuration › F File Transfer opens a submenu with the shared transfer directory plus per-protocol pages for X XMODEM, Y YMODEM, Z ZMODEM, K Kermit (plus Kermit server toggles), and P Punter. In the GUI, the same fields live under the File Transfer frame's More... popup. The full Kermit-tuning surface (long packets, sliding windows, streaming, attribute packets, block-check type, resume, locking shifts, 8th-bit quoting, and the standalone-listener toggles) is covered on the Kermit Reference page.

These three protocols share the same xmodem_* config keys because they use the same send/receive code path. The XMODEM and YMODEM settings pages edit the same values; the page calls out the shared-family behavior so operators aren't surprised when editing either page changes the other.

Independent tunables. These values used to be hardcoded constants in the ZMODEM implementation; they now live in egateway.conf so operators can tune them per environment.

The defaults below cover the everyday tunables on the Configuration menu and the GUI's File Transfer popup. The full kermit_* family — long packets, sliding windows, streaming, attribute packets, block-check type, RESEND, locking shifts, 8th-bit quoting, and the standalone-listener / ATDT-KERMIT toggles — is documented on the Kermit Reference page.

Single-file Punter C1 (“New Punter”) — the protocol CCGMS, Novaterm, and StrikeTerm speak natively on Commodore 64/128 BBSes. It uses a two-phase handshake (a file-type block, then the data blocks) with two per-block checksums (a 16-bit additive checksum and a 16-bit cyclic checksum) and 3-byte ASCII handshake codes (GOO / BAD / ACK / S/B / SYN). Blocks carry a 248-byte payload plus a 7-byte header; lower the block size toward ~40 on noisy lines.

The gateway exposes two physically independent serial ports: Port A and Port B. Each setting below has a per-port copy keyed under serial_a_* or serial_b_* in egateway.conf. The two ports run in separate threads, persist AT&W state separately, and host independent console bridges, so you can mix-and-match modes (e.g. modem on Port A, telnet-serial on Port B). Legacy single-port configs auto-migrate into Port A on first read.

The file egateway.conf uses a simple key = value format. Lines beginning with # are comments. The file is auto-created if missing and rewritten to ensure all keys are present.

# Ethernet Gateway Configuration
telnet_enabled = true
telnet_port = 2323
security_enabled = false
username = admin
password = changeme
transfer_dir = transfer
max_sessions = 50
idle_timeout_secs = 900
ssh_enabled = false
ssh_port = 2222
web_enabled = false
web_port = 8080
groq_api_key =
browser_homepage = http://telnetbible.com
weather_zip =
verbose = false
enable_console = true

# Serial Port A
serial_a_enabled = false
serial_a_mode = modem
serial_a_port =
serial_a_baud = 9600
serial_a_databits = 8
serial_a_parity = none
serial_a_stopbits = 1
serial_a_flowcontrol = none
# (plus serial_a_echo, serial_a_verbose, serial_a_quiet, serial_a_s_regs,
#  serial_a_x_code, serial_a_dtr_mode, serial_a_flow_mode, serial_a_dcd_mode,
#  serial_a_stored_0..3 — all written by AT&W, restored by ATZ)

# Serial Port B (mirrors Port A's keys with serial_b_ prefix)
serial_b_enabled = false
serial_b_mode = modem
serial_b_port =
serial_b_baud = 9600
xmodem_negotiation_timeout = 45
xmodem_block_timeout = 20
xmodem_max_retries = 10
xmodem_negotiation_retry_interval = 7
zmodem_negotiation_timeout = 45
zmodem_frame_timeout = 30
zmodem_max_retries = 10
zmodem_negotiation_retry_interval = 5
kermit_negotiation_timeout = 300
kermit_packet_timeout = 10
kermit_idle_timeout = 300
kermit_max_retries = 5
kermit_max_packet_length = 4096
kermit_window_size = 4
kermit_server_enabled = false
kermit_server_port = 2424
allow_atdt_kermit = false
punter_block_size = 255
punter_negotiation_timeout = 45
punter_block_timeout = 20
punter_max_retries = 10
punter_max_bad_rounds = 30
punter_negotiation_retry_interval = 5
punter_hangup_on_failure = false
disable_ip_safety = false
ssh_gateway_auth = password

The egateway.conf auto-creation also writes the full kermit_* family (long packets, sliding windows, streaming, attribute packets, block-check type, 8th-bit quoting, resume, locking shifts) at their defaults — see the Kermit Reference for what each one does and when to change it.

Optional encrypted access providing the same features as the telnet interface.

The Ed25519 host key is automatically generated on first use. The SSH server authenticates against the unified username / password pair in egateway.conf — the same credentials used for telnet and the configuration web UI. There is no separate SSH credential pair anymore.

Web Configuration Interface

Optional browser-based settings page that mirrors the desktop GUI.

Enable it in the GUI's Server frame (Web Server checkbox) or via the telnet menu's Configuration > Server Configuration > W (Toggle Web). After enabling and restarting, browse to http://<server-ip>:8080/. The page mirrors every GUI frame and uses per-frame Save buttons that match the GUI's behaviors:

• Server frame: Save and Restart — persists config and triggers a full server restart so port/listener changes take effect.
• Serial Ports frame: Save — persists and reloads the serial port managers only (telnet/SSH sessions are untouched).
• Security / File Transfer / AI/Browser / General: Save — persists only; the changes are read live by the relevant code paths without a restart.

The web page includes a live Console Output tail that polls every 2 seconds, a serial-port dropdown with a refresh button that re-scans the host's serial devices on click, and inline confirmation dialogs that warn before disabling the web server or changing its port (either action will break the operator's current browser session).

Hayes AT-compatible modem emulation, or a direct telnet-serial console bridge, on each of two physically independent serial ports.

Connect vintage computers with serial interfaces to Ethernet Gateway. The gateway exposes Port A and Port B, each fully independent — its own enabled flag, mode, device, baud, AT/S-register state, and stored phone-number slots. Each port runs in one of two modes:

• Modem (AT Command) Mode — the default. Accepts standard AT commands and "dials" TCP connections to remote hosts. See the AT command reference below.
• Telnet-Serial Mode — the Hayes emulator is disabled on this port; the port is exposed via the G  Serial Gateway A/B picker on the main menu so a telnet/SSH user can talk directly to whatever's connected to that wire (microcontroller console, RS-232 device, etc.). See Console Mode below.

The two ports mix and match freely: run a Hayes modem on Port A and a console bridge on Port B, two modems, two bridges, or any combination. Switch a port's mode from the Configuration → M (Serial Configuration) → A or B → T menu, from the GUI's Serial Port frame (open that port's More… popup and use the Mode dropdown), or by setting serial_a_mode / serial_b_mode to modem or console in egateway.conf. All three paths hot-switch the affected port's manager thread within one poll interval — no restart required, and the other port keeps running. The per-port T menu entry is hidden from sessions connected over a modem itself, since switching that port to console mode would tear down the caller's own connection before they could acknowledge.

The serial modem emulator speaks the full Hayes AT command set. Every command, the S-registers, the +++ escape sequence, result codes and ATX levels, dialing and dial-string modifiers, the AT+PETSCII Commodore extension, command chaining, and worked examples are documented on a dedicated reference page:

When a port is set to Telnet-Serial Mode, that port's Hayes emulator is disabled and it becomes selectable in the G  Serial Gateway A/B picker. Each port toggles independently, so Port A can run the Hayes modem while Port B serves as a console bridge (or vice versa, or both as bridges). This is useful when a serial port is connected to a microcontroller, embedded console, or other RS-232 device that you want to drive directly from a remote shell.

Graphical configuration and monitoring window built with egui.

When enable_console = true, the GUI window opens automatically on startup. It provides a retro amber-on-dark theme with real-time server management.

When security is disabled (the default), Ethernet Gateway restricts access to private and loopback IP ranges only:

All file operations are restricted to the configured transfer directory. Filenames are validated to prevent path traversal. Directory changes are canonicalized to prevent symlink escapes.

On Unix, the following files are written with mode 0o600 (owner read/write only) so other local users can't read them:

On Windows, NTFS ACLs are inherited from the parent directory. For multi-user Windows boxes, place the binary in a per-user folder (e.g. under %USERPROFILE%) so the ACL inherits owner-only access.

Subnegotiation (IAC SB … IAC SE) bodies from remote servers are capped at 8 KiB to prevent a malicious peer from exhausting memory by sending a huge SB without a terminating IAC SE. The state machine still resyncs on the eventual terminator so the session isn't corrupted.

If your terminal is detected as the wrong type, the troubleshooting feature (press R from the main menu) diagnoses input issues by showing exactly what bytes your terminal sends.

Enable verbose mode in Configuration > Other Settings to see detailed XMODEM protocol diagnostics. Useful for debugging file transfer issues.

Companion documents that go deeper than this manual.

The Ethernet Gateway GUI console in action.