On Mon, 29 Jun 2020 10:14:09 +0200, "R.Wieser"
 wrote:

> Not quite.   My basic idea was/is to have the Pi to respond to a connect
> request on a single port only, and than, when both sides have connected
> (their actions, not the Pi's), transfer datapackets from one interface
> (socket) to the other.

That sounds like a message queue, have a look at mosquitto /
mqtt. It supports all kinds of restrictions (e.g. users can only
access certain topics, client certificates).
An MQTT broker can have multiple listeners on multi-homed
systems like you envision B to be.

A publishes a datagram to the broker running at B, C subscribes
to A's topic and receives it when there is one.
And the other way around.
It is store-and-forward by nature, A and C can be online at the
same time, but they don't have to be.

Use iptables to only allow mqtt ports, and/or to restrict the
source and destination networks.
--
Kees Nuyt

--- SoupGate-Win32 v1.05