SSH Tunneling

Contents 1 Connecting to a Machine Behind a Router 2 Tunnels for Standard Software 2.1 WinSCP 2.2 Jabber Clients 2.3 Thunderbird Configuration 2.4 Remote Desktop Connection 3 Tunneling Everything with FreeCap 4 Old Stuff 4.1 BAT-file for Tunneling Bassdrive 4.2 Using Forwarded Port in Browser 4.3 Comments 5 References

Connecting to a Machine Behind a Router

We have this scenario:

 internet ---------- public.machine
   |                 (well-known IP)
 router
   |
hidden.machine

hidden.machine can connect to public.machine, but not the other way, because hidden.machine's IP is unknown and port 22 of the router is not forwarded to it.

We'll use a remote tunnel for this. First, we make a ssh connection from hidden.machine that opens a remote tunnel from some port on public.machine back to hidden.machine:

ssh -R 2345:localhost:22 publicmachineuser@public.machine

Now, all data sent to port 2345 on public.machine is tunnelled to hidden.machine port 22. So, on public.machine we can do this:

ssh -p 2345 hiddenmachineuser@localhost

And voila, we have a connection.

Tunnels for Standard Software

I often use restricted networks, such as the AAU network, and need to tunnel ports to use certain applications. Listed below are a few standard setups for doing this. I use Putty for creating the tunnels, but any SSH implementation should do.

A normal tunnel from host1 port 11111 to host2 port 22222 is done by running Putty at host1:

putty -L 11111:localhost:22222 host2

A general SOCKS v5 proxy is created in Putty with:

Dynamic port forward - port 9999
(putty -D 9999 user@host.dk)

WinSCP

Set the host name and port as normal, and:

Connection:
  Proxy:
    Proxy:           SOCKS5
    Proxy host name: localhost
    Port number:     9999

Jabber Clients

SSH:

Local port forward from port 9952 to jabber.dk:5523
(putty -L 9952:jabber.dk:5523 user@host.dk)

Client:

Server: localhost
Port:   9952
(x) Require SSL encryption

Thunderbird Configuration

Set up usage of proxy server:

Tools -> Options -> General -> Connection Settings
Select 'Manual proxy configuration'
SOCKS Host: localhost
Port:       9999
SOCKS v5

Leave the rest of the fields blank

The task of receiving mail from a SSH-unreachable host is described in SSH Proxies.

Remote Desktop Connection

SSH:

Local port forward from port 9989 to 10.1.1.x:3389
(putty -L 9989:10.1.1.x:3389 user@host.dk)

Client:

mstsc /v:localhost:9989

Tunneling Everything with FreeCap

Any application can be tunnelled with FreeCap, regardless of SOCKS support. More about this later...

:: LOCALHOST:9998 -> SCHMID.DK:22 =============================================
echo Creating SSH tunnel from localhost:9998 to schmid.dk:22 via luke.cs.aau.dk...
:: ssh to luke and forward localhost:9998 to schmid.dk:22
start /b plink -N -batch -L 9998:schmid.dk:22 schmid@luke.cs.aau.dk
:: wait 5 seconds
ping 127.0.0.1 -n 5 -w 1000 > nul

:: LOCALHOST:9999 -> SCHMID.DK SOCKS PROXY ====================================
echo Creating SOCKS proxy to schmid.dk at localhost:9999...
:: ssh to localhost:9998 -> schmid.dk:22
start /b plink -N -batch -D 9999 -P 9998 schmid@localhost
:: wait 5 seconds
ping 127.0.0.1 -n 5 -w 1000 > nul

:: START FREECAP ==============================================================
echo Starting freecap...
c:\pf\freecap\freecap

:: A BIT MORE STUPID: =========================================================
:: start /b plink -N -batch -D 9998 schmid@luke.cs.aau.dk
:: start /b plink -N -batch -D 9999 -load servitorthroughluke

Old Stuff

The following is from the old page. It should be cleaned up.

BAT-file for Tunneling Bassdrive

This BAT-file tunnels and plays the Bassdrive internet radio from a remote server. we create the local port 1234 (random number)

start putty.exe -L 1234:us2004-08-09c1.streams.bassdrive.com:8024 user@server.dk
sleep 4
start winamp.exe http://localhost:1234

Using Forwarded Port in Browser

Start Putty with this configuration:

session/[host name]: some.server.dk
session/[protocol] : ssh
connection/ssh/tunnels/[source port]: 8080
                       [destination]: www.that.servers.web.address.dk:80
                       [local]
                       add

In your browser, you could change this address:

http://www.that.servers.web.address.dk/some/page.html

to:

http://localhost:8080/some/page.html

Comments

Subject: Doku respons
From:    thomas.l..kjeldsen
To:      Jakob Schmid

Yo,
lige en kommentar til
http://www.but.auc.dk/~???/tunneling-via-putty.txt

- hvis man sætter source port til 80 kan man nøjes med at bruge
  htp://localhost/sfsd altsp uden angivelse af portnummer, idet
  browsere defaulter til port 80.

- hvis man vil være rigtig fræk kan man rette hosts-filen på sit
  system så man bilder det ind at fx www.but.auc.dk resolver til
  127.0.0.1 (localhost). I diverse unix'er hedder filen /etc/hosts
  og i WinXP C:\WINDOWS\system32\drivers\etc\hosts. Tilføj blot
  nedenstående (tab mellem ip og navn):
    127.0.0.1   www.but.auc.dk

  Det betyder at ssh-tunnelen skal eksistere for at siden kan
  tilgås, men man kan fx bruge but.auc.dk istedet for
  www.but.auc.dk når ssh-tunnelen ikke er tilgængelig.

vh Thomas :)

References

• http://www.cs.aau.dk/~tlk/guide/
• http://www.cs.aau.dk/~ltm/