SSH and everyday tunneling

Posted on December 4, 2012 by Mirek

If you ever used SSH then you must heard about tunneling feature.

“By using tunneling one can (for example) carry a payload over an incompatible delivery-network, or provide a secure path through an untrusted network.” – wikipedia.org

I’m going to look at some examples of usage rather than at definition and specification.

So let assume that we have two computers with openssh-server installed on them :

LOCAL – a computer connected to network with partially restricted access to internet on which we’ll created a tunnel.
REMOTE – a computer connected to internel without restrictions and visible to internet (i.e home computer with public IP)

Example 1:

So lets say now that your administrator of your network limited mail to business only and you would like to check your own too. To achieve this run:

ssh user@REMOTE-IP -L 10025:POP_EXTERNAL_MAIL:25 -L 10110:SMTP_EXTERNAL_MAIL:110

Where POP_EXTERNAL_MAIL and SMTP_EXTERNAL_MAIL insert you mail server addresses respectively for POP and SMTP. REMOTE-IP is of course IP on REMOTE machine. Now in your local mail client configure new account using “localhost” as server and ports 10025 for POP and 10110 for SMTP

Example 2:

Administrator became more restrictive and now decided to limit the access to some services without realizing how vital they are for you. For example to access facebook.com (that is blocked), run:

ssh user@REMOTE-IP -L 10080:www.facebook.com:80

and now go to you browser and in proxy configuration enter localhost as server and port 10080, Next enter in address bar facebook.com and ready!

However your joy will vaporizer quickly when you try to go to – again you’ll see and what ever else you try there will facebook only – this is just because port 10080 is statically redirected to facebook only. But don’t worry – there is fix for this too.

EXAMPLE 3:

Run this command now

ssh user@REMOTE-IP -D 10080

and then go back to proxy setting in your browser and remove them. Now find line that says something like “SOCKS Host” and enter there localhost as server, 10080 as port and set protocol to 5. Now you can enjoy freedom of internet again.
For details about -D option please check man pages.

Users of opera may be disappointed at this point as this browser doesn’t allow SOCKS server configuration but for those there is solution too.
To go around Opera and SOCKS issue you may want to do some reading on tsocks package. This clever program will allow you to run opera and catch all it’s requests and pass on to ssh!

If you have proxy server on your way to internet the this could be jumped over too – in this case you’d like to do some reading on corkscrew package.

Of course all the rest of option that you would use with ssh applies, you could configure you REMOTE ssh server to listen on port 443 and then run ssh on your LOCAL machine with -p443 – this could be helpful if other ports are locked down.

Post to Digg Digg This Post Post to Reddit Post to Reddit Post to StumbleUpon Stumble This Post Post to Technorati Post to Technorati

This entry was posted in Managed Hosting. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>