SSH Tunneling or SSH Port forwarding

One of the tricky topic is SSH port forwarding. There are many tutorials about this but they are quite complicated for students or junior level engineers to understand. Here I will try to explain those concepts using scenario so that it can be easily grasped. 



Scenario:

  • Your office firewall blocks access to facebook.com URL.
  • Your laptop at home can access facebook.com easily.
  • Your office environment/firewall allows SSH connection to your home laptop.

Goal:
Make office PC access facebook.com without performing any changes to office firewall.

Description: In order to achieve this your home laptop needs to run SSH server. What we need to do in this case is to create a SSH tunnel from Office PC to Home Laptop and do some port forwarding. 



In above figure you can see that if we can create tunnel between office and home machines. Just a SSH tunnel won’t allow us to access facebook.com from office PC. We need port forwarding here. In order to achieve our goal we can run following command.
Syntax:
SSH -L <local-port-to-listen>:<remote-host>:<remote-port> remote_SSH_Server

Command: (Works on most Linux flavors)
SSH -L 443:www.facebook.com:443 home_laptop_IP

Above command tells our Office PC that listen to port 443 whenever there is request to port 443 send it over the SSH tunnel to home laptop. Above command also creates rules in home laptop that whenever there is traffic coming from tunnel and destined to port 443 , you create a new connection to facebook.com over port 443. Usually we tend to use different port on local port Office PC which is not well known port E.g 9000 to avoid any issues with services running locally in case they happen to use the same port you choose for forwarding. Above example can be written as
SSH -L 9000:www.facebook.com:443 home_laptop_IP

How to access facebook.com then?
Open your browser on office PC. Write 127.0.0.1:9000 and boom it will open facebook.com for you. You can also use localhost instead of IP address like this localhost:9000





You can achieve same using putty client as shown in following figure.




Above example shows how local port forwarding is done using SSH. I will add more examples of Remote port forwarding and different scenario where port forwarding can be very handy. Coming Soon.

Comments

Post a Comment

Popular posts from this blog

Cut through vs Store and forward switching

Image
Switching infrastructure has evolved since 4 decades from hub, bridges ASIC based switches, FPGAs based switches etc. Switches operate at layer 2 (Data link Layer) and their purpose is to receive a frame on one port (Ingress port) and forward it to another (Egress port). This decision is based on Destination MAC (DMAC) address. Here we will describe how store and forward switching works and how cut-through switching works. Store and forward switching Following figure shows Layer 2 frame. Bytes are received from left to right. Our main focus would be on Frame header and Checksum field. Checksum field in Layer 2 frame is used to check integrity of the frame (Error control). Integrity means performing some checks to find out whether frame was tempered/corrupted in between or not. Checksum is certain type of hash calculation over whole frame data. This means we need to have all the bytes of frame before checking for integrity.  As soon as we have whole frame and checksum c
Read more

Home Automation with Openhab

I have recently started a new project in the area of Home Automation. My goal is to use as much opensource as possible and ofcourse do not pay more for brand names (like Philips) when it comes to buying smart products. My setup:  - Hardware: Raspberry Pi 3 (You can choose Pi 4)  - OS: Raspbian (Raspberry pi OS Lite version). Download here  - Automation Tool: Openhab  - Motion and Light Sensors: Motion and Light sensor.   - Smart Lights: IKEA  - Wireless protocol: Zigbee  - Zigbee Broker: CC2531  - MQTT Broker: Mosquitto   Why I chose what?  - Raspberry  Pi3: Because it was the only low powered computer available at my home which I can run 24/7. If you are buying new one, go for Pi4. If you already have a PC/Laptop at home which runs 24/7 then you should use that one.  - OS: The reason I am using Raspbian is that I want to run other applications on Raspberry along with openhab so I didn't want to use Openhabian. If your Pi will be used only for openhab then go with Openhabian.
Read more