One example of why port forwarding is great is security. Downloading email and browsing the Internet in such a way that the immediate (local) network does not know what you are doing. All it sees is encrypted SSH traffic, like that used when you type on RedBrick normally.
The example being given is to use your Redbrick account to port forward data via Redbrick. You can then configure local applications to use the tunnel rather than the usual route over say insecure wireless or hotel wifi thereby hopefully securing your data in transit.
There are some good online guides and if you read this you should be able to deduce the basics of how SSH works with port forwarding.
How To do it
There are two ways of getting SSH to work on Windows.
PuTTY has built-in support for port forwarding.
- When you're connecting, after you've filled in the host name box (NOTE: If you wish to forward traffic through the RedBrick the host name must be login.redbrick.dcu.ie), click on Tunnels in the left-hand bar (second last item from the bottom).
- In the Port forwarding box, fill in the following values:
- Source port: (the port you want forwarded to the proxy - eg 1337)
- Destination: <blank>
- Ensure Dynamic is selected as the type and then click Add
- Click the Open button to connect, and enter your username/password.
- Tell Firefox (or anything else) to use localhost 1337 as its HTTP proxy. You should now be browsing via RedBrick!
OpenSSH for Windows
You can download and install OpenSSH for Windows and then use the same command as you would for unix, if you don't want to use PuTTY.
If you read the neworder guide above you should have a good idea of how to build the SSH command for the forwarding, like so:
ssh -D 1337 email@example.com
- -L specifies you want to link a local port
- 1337 is the local port (on your machine) you want to communicate on.
- proxy.dcu.ie is the server you want to send your tunnelled traffic to.
- 3128 is the port on that server you want to send your tunnelled traffic to.
- login.redbrick.dcu.ie is the server you want to open the SSH connection to
For example, to tunnel local port 1337 to the SOCKS proxy on proxy3.dcu.ie through deathray:
ssh -L 1337:proxy3.dcu.ie:1080 login.redbrick.dcu.ie
Here we see that we specify the proxy definitively, and use the port that we would eventually negotiate (for those of you is res try running Wireshark, you will see what I mean). We also use a specific Redbrick server, Login (minerva) for our port forwarding (there are restrictions on tunnelling through our other machines). You can also add the -v option to specify 'verbose' mode and see the port being opened and closed for your tunnelled traffic.
Try running netstat locally and and you should see 1337 sitting there happily. So now you have it all set up, congratulations! Now, how do you use it? Easy! Open up your browser and change the proxy settings to localhost:1337, you will then be using the local port to forward traffic to the DCU proxy, the same applies to your mail program.
Note this only encrypts your traffic to and from Redbrick, so anyone listening on the wifi hotspot you are using will just see garbage going to DCU (figures), anyone listening to DCU traffic from the proxy can still see you stuff, the moral being ”don’t go downloading donkey porn” DCU will still be out to get you, etc. So, thats it, enjoy you new found 1337ness.
Port forwarding for IRC
Since ircproxy is offline, and will probably remain so (it was fairly shite anyway), if you want to connect to RedBrick IRC with your own client you will need to use port forwarding to do this.
The process is the same as the above, just using different addresses and port configurations.
localport: 6667 remote address: irc.redbrick.dcu.ie remote port: 6667
So, you're basically substituting 1337 and 3128 for 6667, and proxy3.dcu.ie for irc.redbrick.dcu.ie.
Now, just tell your irc client that your irc server is localhost :)