Tunnels, Redirecting and Encapsulation

From SecurityForest


A post I made a while ago to a forum... Loni

Yes - This was really one of those Oh My's...

As always, background story:
At home I have a ADSL modem configured as a NAT rounter. I wanted to allow someone to access a website I had built on my Virtual Machine - Sounds simple? Well it should be. I thought all I had to do is create a PAT setting on the router and redirect traffic to my VM on Port X. BUT - after gooogling as i was getting error messages, I found out that my firmware version doesn't support it - and I have to upgrade. Upgrade my firmware - no thankyou!

Thinking of different solutions I came up with an "Oh My", and this is how it goes:

I connected out to a box of mine running windows2000 with Cygwin, and started the ssh daemon

CYGWIN Shell

$ net start sshd
The CYGWIN sshd service is starting.
The CYGWIN sshd service was started successfully.

Now from my laptop, I connected out to my ssh box using the reverse tunnel option (oh, i was running in windows so I used plink - a great ssh client utility)

My Machine

d:\data\tools>plink.exe -v -ssh <SSHBOX_IP> -l <username> -pw <password> -R 81:<VMBOX_IP>:81

What this has done is opened a tunnel from my machine, to my sshbox over ssh, and is now listening on the internal interface on port 81 for connections. All connections made to localport 81 will be redirected and encapsulated into the tunnel back to my machine where it will be redirected to the VMBOX on port 81.

But I was not out of the woods yet. The SSHBox was listening on port 81, but only on the internal interface (ie. 127.0.0.1)

SSHBox - netstat -AN snipit

TCP    127.0.0.1:81           0.0.0.0:0              LISTENING

It is not possible to connect directly to a local port (81) from the internet. The key word is directly, so lets connect indirectly...
To do this I had to create a listening socket on the external interface which would redirect the traffic to the localport (81).

Fpipe is just the tool for that seeing as the SSHBox is a windows box. (ie. if it was a linux box (which i wish it was, i could have used rinetd)) 

SSHBox

c:\>fpipe  -l 2222 -r 81 127.0.0.1 -v

I then told the guy who wanted to access my site the address of http://SSHBox:2222.
He connected and was presented with the site from my VM.

All of the tunnels, redirection and encapsulation were totally transparent and he was non-the-wiser...

Retrieved from "http://www.securityforest.com/wiki/index.php/Tunnels%2C_Redirecting_and_Encapsulation"
Advertisement