My Networking Survival Kit
2020-03-15
In this small tutorial I’ll speak about tunneling, ssh port forwarding, socks, pac files, Sshuttle
I’ve been using Linux since 1995 but I have never been interested a lot in networking. In these many days of smart working (due to Covid-19) I have found some useful tricks to connect to remote systems that are not directly reachable from my lan/vpn
Case 1 (port forwarding): I wanted to connect to targethost.redaelli.org at tcp port 10000 but I was not able to reach it directly but only through an other host (tunnelhost.redaelli.org). With the following command I was able to reach the target host connecting to localhost:10000
ssh -NL 10000:targethost.redaelli.org:10000 r@tunnelhost.redaelli.org
Case 2 (many port forwarding): I added in the file $HOME/.ssh/config
Host tunnelhost
User matteo
Hostname tunnelhost.redaelli.org
LocalForward 10000 192.168.20.152:10000
LocalForward 10001 192.168.40.123:10000
LocalForward 10002 192.168.60.112:10000
And after running “ssh -N tunnelhost” I was able to reach the target systems through localhost:10000, localhost:10001 and localhost:10002
Case 3 (socks5): connecting to many remote hosts using their hostnames (and not localhost). I started a socks server with
ssh -D 9999 -q -C -N matteo@tunnelhost.redaelli.org
An then I configured it in network settings in Firefox.
A further improvement was to create a “pac” file and set it in the network settings in Firefox. My pac file was
function FindProxyForURL(url, host) {
var useSocks = ["remotehost.redaelli.org",
"remotehost2.redaelli.org"];
for (var i= 0; i < useSocks.length; i++) {
if (shExpMatch(host, useSocks[i])) {
return "SOCKS localhost:9999 ; DIRECT";
}
}
if (isInNet(dnsResolve(host), "192.168.20.0", "255.255.255.0") ||
isInNet(dnsResolve(host), "192.168.40.0", "255.255.255.0") ||
isInNet(dnsResolve(host), "192.168.60.0", "255.255.255.0")
) {
return "SOCKS localhost:9999 ; DIRECT";
}
return "DIRECT";
}
Case 4 (sshuttle): connecting to many remote hosts like native connections (without socks and pac files).
“Sshuttle is not exactly a VPN, and not exactly port forwarding. It’s kind of both, and kind of neither.”
“Sshuttle assembles the TCP stream locally, multiplexes it statefully over an ssh session, and disassembles it back into packets at the other end. So it never ends up doing TCP-over-TCP. It’s just data-over-TCP, which is safe.”
I installed sshuttle with “apt-get install sshuttle” on my debian laptop and then I ran
sshuttle -r matteo@tunnelhost.redaelli.org 192.168.20.0/24 192.168.40.0/24 192.168.60.0/24
For sure there are many other more powerful and better solutions. But for the moment these are the one I have used.