Bypassing Firewalls Using SSH Tunneling
Connect to MySQL via SSH
Can I secure browse the internet by establish an SSH tunnel with my home computer? This is just to satisfy my curiosity. The tunnel needs to somehow capture all outgoing HTTP(S) traffic, direct it to my home computer, which somehow make the request to the original server. Perhaps I can configure my work computer to use a proxy or a SOCKS firewall. Perhaps I can install a SOCKS firewall on my home computer, configure it to allow all traffic through, and configure my work computer to use that SOCKS firewall through the tunnel.
On your local machine (your laptop), execute:
ssh -L 8080:intranet_webserver:80 -L 110:mailhost:110 username@ssh_server
This opens a ssh connection to the ssh_server, and set up port 8080 on your local machine to be forwarded to port 80 on your intranet web server. To access your intranet web server, point your browser to http://localhost:8080
The -L options can be specified multiple times to establish multiple tunnels.
If you are using PuTTY, its UI is a bit confusing, so just play with it so that entries in the list of forwarded ports have L in front of local port.
To access the Windows PC at work with remote desktop:
1. disable remote desktop on home laptop 2. establish a tunnel using IP from step 6 (7777:x.x.x.x:3389) 3. on home laptop, go to Start Menu -> All Programs -> Accessories -> Communication -> Remote Desktop 4. put in localhost:7777
Note that you will have to be root on your laptop for this example, since you'll be binding to a privileged port (110, the POP port). You should also disable any locally running POP daemon (look in /etc/inetd.conf) or it will get in the way.
Assuming you have your RSA or DSA keys setup, you can even run this in the background (tack on a &). This sets up the tunnel, and starts forwarding your local ports to the remote end through it. The -N switch tells SSH to not bother running an actual command on the remote end, and just do the forwarding.
Another useful feature of port forwarding is for getting around pesky firewall restrictions. For example, I was recently behind a firewall that did not allow outbound Jabber protocol traffic to talk.google.com. With this command:
ssh -f -L 3000:talk.google.com:5222 home -N
I was able to send my Google Talk traffic encrypted through the firewall back to my server at home and then out to Google. All I had to do was reconfigure my Jabber client to use localhost:3000 as the server.
The trick: instead of directly connect to the remote machine, you connect to the local machine (localhost)
Using SSH Tunnels for testing:
L443 -> 172.16.236.166:7002
L80 -> 172.16.236.166:7001
where 172.16.236.166 is the IP address of my development (Windows) box, and the IP address of my development (Linux) box is 172.16.203.54. In this scenario, the traffic hit my Windows box, forwarded to my Linux box, and then back to my Windows box, which is a bit different from other forwarding scenarios.
After making change to C:\WINDOWS\system32\drivers\etc\hosts, we need to run "ipconfig /flushdns", clear browser cache and restart the browser before testing.