Difference between revisions of "How-To:Port Forwarding"

From Redbrick Wiki
Jump to navigation Jump to search
(Port forwarding through RB, linux guide)
 
Line 24: Line 24:
  
 
If you read the neworder guide above you should have a good idea of how to build the SSH command for the forwarding, like so:
 
If you read the neworder guide above you should have a good idea of how to build the SSH command for the forwarding, like so:
  ssh -L 1337:proxy.dcu.ie:8080 login.redbrick.dcu.ie
+
  ssh -L 1337:proxy.dcu.ie:3128 login.redbrick.dcu.ie
  
 
Where :
 
Where :
Line 30: Line 30:
 
* 1337 is the local port (on your machine) you want to communicate on.
 
* 1337 is the local port (on your machine) you want to communicate on.
 
* proxy.dcu.ie is the server you want to send your tunnelled traffic to.
 
* proxy.dcu.ie is the server you want to send your tunnelled traffic to.
* 8080 is the port on that server you want to send your tunnelled traffic to.
+
* 3128 is the port on that server you want to send your tunnelled traffic to.
 
* login.redbrick.dcu.ie is the server you want to open the SSH connection to
 
* login.redbrick.dcu.ie is the server you want to open the SSH connection to
 +
 +
 +
[[Image:Tunnelling-network-diagram.png]]
  
 
For example, to tunnel local port 1337 to the SOCKS proxy on proxy3.dcu.ie through deathray:
 
For example, to tunnel local port 1337 to the SOCKS proxy on proxy3.dcu.ie through deathray:

Revision as of 00:54, 25 May 2006

(Submitted by nit, pasted & edited by igy)

Why?

One example of why port forwarding is great is security. Downloading email and browsing the Internet in such a way that the immediate (local) network does not know what you are doing. All it sees is encrypted SSH traffic, like that used when you type on [RedBrick] normally.

Thus you can (a little more) securely access your stuff stuff from wireless hotspots or from other insecure or filtered networks.

The example being given is to use your redbrick account to port forward data to the dcu proxy. You can then configure local applications to use the tunnel rather than the usual route.

Theory

One good online guide is: http://neworder.box.sk/newsread.php?newsid=12498 and if you read this you should be able to deduce the basics of how SSH works with port forwarding.

How To do it

Windows

TODO: write this -igy

Linux

If you read the neworder guide above you should have a good idea of how to build the SSH command for the forwarding, like so:

ssh -L 1337:proxy.dcu.ie:3128 login.redbrick.dcu.ie

Where :

  • -L specifies you want to link a local port
  • 1337 is the local port (on your machine) you want to communicate on.
  • proxy.dcu.ie is the server you want to send your tunnelled traffic to.
  • 3128 is the port on that server you want to send your tunnelled traffic to.
  • login.redbrick.dcu.ie is the server you want to open the SSH connection to


Tunnelling-network-diagram.png

For example, to tunnel local port 1337 to the SOCKS proxy on proxy3.dcu.ie through deathray:

ssh -L 1337:proxy3.dcu.ie:1080 deathray.redbrick.dcu.ie

Here we see that we specify the proxy definitively, and use the port that we would evetually negotiate (for those of you is res try running Ethereal, you will see what I mean). We also use a specific redbrick server, DeathRay for our port forwarding (I’m not privy to RB network setup, it just works). You can also add the -v option to specify 'verbose' mode and see the port being opened and closed for your tunnelled traffic.

Try running netstat locally and and you should see 1337 sitting there happily. So now you have it all set up, congratulations! Now, how do you use it? Easy! Open up your browser and change the proxy settings to localhost:1337, you will then be using the local port to forward traffic to the DCU proxy, the same applies to your mail program.

Note this only encrypts your traffic to and from Redbrick, so anyone listening on the wifi hotspot you are using will just see garbage going to DCU (figures), anyone listening to DCU traffic from the proxy can still see you stuff, the moral being ”don’t go downloading donkey porn” DCU will still be out to get you, etc. So, thats it, enjoy you new found 1337ness.

niT.