to access a service a firewall might be blocking.
As an example, I'm going to take the one from a campus blocking access to
IRC servers usually running on port 6667, but letting the SSH port 22
unblocked.
The idea here is: because we can connect to a remote host on port 22, why
not telling this machine to forward all the incoming traffic to the remote
host we want to connect to in the first place.
So here is the configuration. We are using a computer in a campus which
blocks external access to port 6667, but leaves port 22 opened.
We have a known host (let'say your home computer) with ssh port 22 opened.
Here is a graph representing the configuration:
As you can see, we are going to use a longer path to connect to the IRC
server by connecting to our home computer. Doing a Port Forwarding, we
will create a tunnel between our local machine on port 1234 and the IRC
server on port 6667. This way, we will be able to connect to the IRC
network by simply connected on our local machine on port 1234.
Let's get into the command line now. Firstly, we need to create the
tunnel. To do so, connect to your home computer by SSH and forward your
port 1234 on localhost to the IRC server (here irc.freenode.net) on port
6667.
tester@laptop:~$ssh myhomeuser@myhomenetwork.net -L
1234:irc.freenode.net:6667
Now, our tunnel is created (the purple connection on the graph) and port
1234 is open on localhost. The only thing left, is to connect to IRC using
your favorite IRC client and provide it with the server located at
localhost:1234.
In this example I'm going to connect to it using irssi, a text mode client
for IRC network.
tester@laptop:~$ irssi -c localhost -p 1234
and here is what we get...
hey, hey, we are connected to freenode.net ;).
Basically, you could use this trick to access any type of service. The
only thing it require is to be able to connect to a remote machine outside
of the firewalled network.
http://www.debuntu.org/2006/04/08/22-ssh-and-port-forwarding-or-how-to-get-through-a-firewall
Posts
