Difference between revisions of "How-To:Port Forwarding"

From Redbrick Wiki
Jump to navigation Jump to search
(update images to align and be less crappy looking)
Line 38: Line 38:
  
 
Where :
 
Where :
* -L specifies you want to link a local port
+
* -D specifies you want to link a dynamic port
 
* 1337 is the local port (on your machine) you want to communicate on.
 
* 1337 is the local port (on your machine) you want to communicate on.
* proxy.dcu.ie is the server you want to send your tunnelled traffic to.
 
* 3128 is the port on that server you want to send your tunnelled traffic to.
 
 
* login.redbrick.dcu.ie is the server you want to open the SSH connection to
 
* login.redbrick.dcu.ie is the server you want to open the SSH connection to
 
 
[[Image:Tunnelling-network-diagram.png]]
 
 
For example, to tunnel local port 1337 to the SOCKS proxy on proxy3.dcu.ie through deathray:
 
ssh -L 1337:proxy3.dcu.ie:1080 login.redbrick.dcu.ie
 
 
Here we see that we specify the proxy definitively, and use the port that we
 
would eventually negotiate (for those of you is res try running Wireshark, you will
 
see what I mean). We also use a specific Redbrick server, Login (minerva) for our port
 
forwarding (there are restrictions on tunnelling through our other machines). You can also add the ''-v'' option to specify 'verbose' mode and see the port being opened and closed for your tunnelled traffic.
 
 
Try running netstat locally and and you should see 1337 sitting there happily.
 
So now you have it all set up, congratulations! Now, how do you use it? Easy!
 
Open up your browser and change the proxy settings to localhost:1337, you
 
will then be using the local port to forward traffic to the DCU proxy, the same
 
applies to your mail program.
 
 
Note this only encrypts your traffic to and from Redbrick, so anyone listening
 
on the wifi hotspot you are using will just see garbage going to DCU (figures),
 
anyone listening to DCU traffic from the proxy can still see you stuff, the moral
 
being ”don’t go downloading donkey porn” DCU will still be out to get you, etc.
 
So, thats it, enjoy you new found 1337ness.
 
 
niT.
 
  
 
==Port forwarding for IRC==
 
==Port forwarding for IRC==
  
Since ircproxy is offline, and will probably remain so (it was fairly shite anyway), if you want to connect to RedBrick IRC with your own client you will need to use port forwarding to do this.
+
If you want to connect to RedBrick IRC with your own client you will need to use port forwarding to do this.
  
 
The process is the same as the above, just using different addresses and port configurations.
 
The process is the same as the above, just using different addresses and port configurations.
Line 79: Line 52:
 
  remote port: 6667
 
  remote port: 6667
  
So, you're basically substituting 1337 and 3128 for 6667, and proxy3.dcu.ie for irc.redbrick.dcu.ie.
+
So for this it is instead using a local forward. So unlike the dynamic forward, instead set the option to be local, and add the remote address as being irc.redbrick.dcu.ie:6667
 +
 
 +
On CLI this is:
 +
 
 +
ssh -L 6667:irc.redbrick.dcu.ie:6667 username@login.redbrick.dcu.ie
  
Now, just tell your irc client that your irc server is localhost :)
+
Now, just tell your IRC client that your IRC server is localhost :)
  
 
[[Category:HowTo]]
 
[[Category:HowTo]]

Revision as of 16:08, 30 September 2016

Why?

One example of why port forwarding is great is security. Downloading email and browsing the Internet in such a way that the immediate (local) network does not know what you are doing. All it sees is encrypted SSH traffic, like that used when you type on RedBrick normally.

The example being given is to use your Redbrick account to port forward data via Redbrick. You can then configure local applications to use the tunnel rather than the usual route over say insecure wireless or hotel wifi thereby hopefully securing your data in transit.

Theory

There are some good online guides and if you read this you should be able to deduce the basics of how SSH works with port forwarding.

How To do it

Windows

There are two ways of getting SSH to work on Windows.

PuTTY

PuTTY has built-in support for port forwarding.

  • When you're connecting, after you've filled in the host name box (NOTE: If you wish to forward traffic through the RedBrick the host name must be login.redbrick.dcu.ie), click on Tunnels in the left-hand bar (second last item from the bottom).
  • In the Port forwarding box, fill in the following values:
    • Source port: (the port you want forwarded to the proxy - eg 1337)
    • Destination: <blank>
  • Ensure Dynamic is selected as the type and then click Add
How to configure PuTTY to be a SOCKS proxy
  • Click the Open button to connect, and enter your username/password.
  • Tell Firefox (or anything else) to use localhost 1337 as its HTTP proxy. You should now be browsing via RedBrick!
How to configure Firefox to use PuTTYs proxy

OpenSSH for Windows

You can download and install OpenSSH for Windows and then use the same command as you would for unix, if you don't want to use PuTTY.

Linux

If you read the neworder guide above you should have a good idea of how to build the SSH command for the forwarding, like so:

ssh -D 1337 username@login.redbrick.dcu.ie

Where :

  • -D specifies you want to link a dynamic port
  • 1337 is the local port (on your machine) you want to communicate on.
  • login.redbrick.dcu.ie is the server you want to open the SSH connection to

Port forwarding for IRC

If you want to connect to RedBrick IRC with your own client you will need to use port forwarding to do this.

The process is the same as the above, just using different addresses and port configurations.

localport: 6667
remote address: irc.redbrick.dcu.ie
remote port: 6667

So for this it is instead using a local forward. So unlike the dynamic forward, instead set the option to be local, and add the remote address as being irc.redbrick.dcu.ie:6667

On CLI this is:

ssh -L 6667:irc.redbrick.dcu.ie:6667 username@login.redbrick.dcu.ie

Now, just tell your IRC client that your IRC server is localhost :)