How-To:Port Forwarding: Difference between revisions

From Redbrick Wiki
Jump to navigation Jump to search
(added port forwarding for irc)
No edit summary
 
(6 intermediate revisions by 3 users not shown)
Line 1: Line 1:
(Submitted by [[User:nit|nit]], pasted & edited by [[User:Igy|igy]])
==Why?==
==Why?==
One example of why port forwarding is great is security.
One example of why port forwarding is great is security. Downloading email and browsing the Internet in such a way that the immediate (local) network does not know what you are doing. All it sees is encrypted SSH traffic, like that used when you type on RedBrick normally.
Downloading email and browsing the Internet in such a way that the immediate (local) network does not know what you are doing. All it sees is encrypted SSH traffic, like that used when you type on [RedBrick] normally.


Thus you can (a little more) securely access your stuff from wireless hotspots
The example being given is to use your Redbrick account to port forward data via Redbrick. You can then configure local applications to use the tunnel rather than the usual route over say insecure wireless or hotel wifi thereby hopefully securing your data in transit.
or from other insecure or filtered networks.
 
The example being given is to use your redbrick account to port forward data to the
dcu proxy. You can then configure local applications to use the tunnel
rather than the usual route.


==Theory==
==Theory==
One good online guide is: http://neworder.box.sk/newsread.php?newsid=12498
There are some [https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding good online guides] and if you read this you should be able to deduce the basics of how SSH works with port forwarding.
and if you read this you should be able to deduce the basics of how SSH works with port forwarding.


==How To do it==  
==How To do it==  
Line 24: Line 15:


[[PuTTY]] has built-in support for port forwarding.
[[PuTTY]] has built-in support for port forwarding.
* When you're connecting, after you've filled in the host name box (login.redbrick.dcu.ie or deathray.redbrick.dcu.ie or something '''NOTE:''' If you wish to forward traffic through the DCU proxy the host name '''must''' be deathray.redbrick.dcu.ie), click on Tunnels in the left-hand bar (second last item from the bottom).
* When you're connecting, after you've filled in the host name box ('''NOTE:''' If you wish to forward traffic through the RedBrick the host name '''must''' be login.redbrick.dcu.ie), click on Tunnels in the left-hand bar (second last item from the bottom).
* In the Port forwarding box, fill in the following values:
* In the Port forwarding box, fill in the following values:
** Source port: (the port you want forwarded to the proxy - eg 1337)
** Source port: (the port you want forwarded to the proxy - eg 1337)
** Destination: proxy.dcu.ie:3128
** Destination: <blank>
* Ensure Local is selected as the type and then click Add
* Ensure Dynamic is selected as the type and '''then click Add'''


[[Image:puttyconf.png]]
[[Image:Proxy_putty.png|center|frame|How to configure PuTTY to be a SOCKS proxy]]


* Click the Open button to connect, and enter your username/password.
* Click the Open button to connect, and enter your username/password.
* Tell Firefox (or anything else) to use localhost:1337 as its HTTP proxy. You should now be browsing via DCU's proxy server!
* Tell Firefox (or anything else) to use localhost 1337 as its HTTP proxy. You should now be browsing via RedBrick!
 
[[Image:Http_proxy.png|center|frame|How to configure Firefox to use PuTTYs proxy]]


'''OpenSSH for Windows'''
'''OpenSSH for Windows'''
Line 42: Line 35:


If you read the neworder guide above you should have a good idea of how to build the SSH command for the forwarding, like so:
If you read the neworder guide above you should have a good idea of how to build the SSH command for the forwarding, like so:
  ssh -L 1337:proxy.dcu.ie:3128 deathray.redbrick.dcu.ie
  ssh -D 1337 username@login.redbrick.dcu.ie


Where :
Where :
* -L specifies you want to link a local port
* -D specifies you want to link a dynamic port
* 1337 is the local port (on your machine) you want to communicate on.
* 1337 is the local port (on your machine) you want to communicate on.
* proxy.dcu.ie is the server you want to send your tunnelled traffic to.
* 3128 is the port on that server you want to send your tunnelled traffic to.
* login.redbrick.dcu.ie is the server you want to open the SSH connection to
* login.redbrick.dcu.ie is the server you want to open the SSH connection to
[[Image:Tunnelling-network-diagram.png]]
For example, to tunnel local port 1337 to the SOCKS proxy on proxy3.dcu.ie through deathray:
ssh -L 1337:proxy3.dcu.ie:1080 deathray.redbrick.dcu.ie
Here we see that we specify the proxy definitively, and use the port that we
would eventually negotiate (for those of you is res try running Ethereal, you will
see what I mean). We also use a specific Redbrick server, Deathray for our port
forwarding (there are restrictions on tunnelling through our other machines). You can also add the ''-v'' option to specify 'verbose' mode and see the port being opened and closed for your tunnelled traffic.
Try running netstat locally and and you should see 1337 sitting there happily.
So now you have it all set up, congratulations! Now, how do you use it? Easy!
Open up your browser and change the proxy settings to localhost:1337, you
will then be using the local port to forward traffic to the DCU proxy, the same
applies to your mail program.
Note this only encrypts your traffic to and from Redbrick, so anyone listening
on the wifi hotspot you are using will just see garbage going to DCU (figures),
anyone listening to DCU traffic from the proxy can still see you stuff, the moral
being ”don’t go downloading donkey porn” DCU will still be out to get you, etc.
So, thats it, enjoy you new found 1337ness.
niT.


==Port forwarding for IRC==
==Port forwarding for IRC==


Since ircproxy is offline, and will probably remain so (it was fairly shite anyway), if you want to connect to RedBrick IRC with your own client you will need to use port forwarding to do this.
If you want to connect to RedBrick IRC with your own client you will need to use port forwarding to do this.


The process is the same as the above, just using different addresses and port configurations.
The process is the same as the above, just using different addresses and port configurations.
Line 86: Line 52:
  remote port: 6667
  remote port: 6667


So, you're basically substituting 1337 and 3128 for 6667, and proxy3.dcu.ie for irc.redbrick.dcu.ie.
So for this it is instead using a local forward. So unlike the dynamic forward, instead set the option to be local, and add the destination as being irc.redbrick.dcu.ie:6667
 
On CLI this is:
 
ssh -L 6667:irc.redbrick.dcu.ie:6667 username@login.redbrick.dcu.ie


Now, just tell your irc client that your irc server is localhost :)
Now, just tell your IRC client that your IRC server is localhost :)


[[Category:HowTo]]
[[Category:HowTo]]

Latest revision as of 16:12, 30 September 2016

Why?

One example of why port forwarding is great is security. Downloading email and browsing the Internet in such a way that the immediate (local) network does not know what you are doing. All it sees is encrypted SSH traffic, like that used when you type on RedBrick normally.

The example being given is to use your Redbrick account to port forward data via Redbrick. You can then configure local applications to use the tunnel rather than the usual route over say insecure wireless or hotel wifi thereby hopefully securing your data in transit.

Theory

There are some good online guides and if you read this you should be able to deduce the basics of how SSH works with port forwarding.

How To do it

Windows

There are two ways of getting SSH to work on Windows.

PuTTY

PuTTY has built-in support for port forwarding.

  • When you're connecting, after you've filled in the host name box (NOTE: If you wish to forward traffic through the RedBrick the host name must be login.redbrick.dcu.ie), click on Tunnels in the left-hand bar (second last item from the bottom).
  • In the Port forwarding box, fill in the following values:
    • Source port: (the port you want forwarded to the proxy - eg 1337)
    • Destination: <blank>
  • Ensure Dynamic is selected as the type and then click Add
How to configure PuTTY to be a SOCKS proxy
  • Click the Open button to connect, and enter your username/password.
  • Tell Firefox (or anything else) to use localhost 1337 as its HTTP proxy. You should now be browsing via RedBrick!
How to configure Firefox to use PuTTYs proxy

OpenSSH for Windows

You can download and install OpenSSH for Windows and then use the same command as you would for unix, if you don't want to use PuTTY.

Linux

If you read the neworder guide above you should have a good idea of how to build the SSH command for the forwarding, like so: 

ssh -D 1337 username@login.redbrick.dcu.ie

Where :

  • -D specifies you want to link a dynamic port
  • 1337 is the local port (on your machine) you want to communicate on.
  • login.redbrick.dcu.ie is the server you want to open the SSH connection to

Port forwarding for IRC

If you want to connect to RedBrick IRC with your own client you will need to use port forwarding to do this.

The process is the same as the above, just using different addresses and port configurations. 

localport: 6667
remote address: irc.redbrick.dcu.ie
remote port: 6667

So for this it is instead using a local forward. So unlike the dynamic forward, instead set the option to be local, and add the destination as being irc.redbrick.dcu.ie:6667

On CLI this is: 

ssh -L 6667:irc.redbrick.dcu.ie:6667 username@login.redbrick.dcu.ie

Now, just tell your IRC client that your IRC server is localhost :)

Retrieved from "https://wiki.redbrick.dcu.ie/index.php?title=How-To:Port_Forwarding&oldid=10820"