SSH

Tunneling and Port Forwarding

Tunnelling (Host to Container)

Useful when you want to forward requests to a certain port to a process running inside an LXC container.

For example - if you have a web server running in an LXC container that is listening on port 8080 and you want to access this by using your localhost (or 127.0.0.1) address you will need to forward the requests to the port via SSH.

1
2
# ssh -nNT -L <host port>:localhost:<container port> <sshuser>@<container_ip> -p <container_ssh_port - optional>
ssh -nNT -L 8080:localhost:8080 username@10.10.100.1 -p 2020

Reverse Tunnel (Container to Host)

Very similar to tunneling - a reverse tunnel does the inverse and makes processes outside the container (on the host) accessible to processes inside the container.

1
2
# ssh -nNT -R <host port>:localhost:<container port> <sshuser>@<container_ip> -p <container_ssh_port - optional>
ssh -nNT -R 8080:localhost:8080 username@10.10.100.1 -p 2020

The key difference between forward and reverse tunneling is the -R (reverse) and -L (forward) flags. Swapping these will reverse the direction of the tunnel.

Note

The ports do not need to match, you can use any port on the forwarding side.

For example - you can forward requests from 8000 to 8080 as opposed to 8080 to 8080.

SOCKS Proxy

A SOCKS proxy allows us to easily route our internet traffic through a remote server.

This can be really useful where you want to do things like test firewall configurations, geolocation detection and anything else that requires you to be able to make requests from a different IP to the normal office one.

Setting up a SOCKS proxy is very simple, as we can do it with SSH which is already installed.

Scripts

Here are some basic scripts

Start

Simple enough, starts the SSH daemon in the background, connecting to localhost over port 2020 listening for proxy connections on port 1080

1
2
3
4
#!/bin/bash
echo "starting socks proxy daemon"

ssh -f -N -D 0.0.0.0:1080 localhost -p2020

Stop

This is a simplistic approach to finding and killing the running daemon created above

1
2
3
4
#!/bin/bash
echo "stopping"
kill $(ps waux | grep "ssh -f -N -D [0]\.0\.0\.0" | cut -d ' ' -f 6)
echo "stopped"

Systemd Unit

And here is a simple Systemd unit you can use to have the proxy running all the time

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
[Unit]
Description=Simple Proxy
After=network.target
After=systemd-user-sessions.service
After=network-online.target

[Service]
ExecStart=/path/to/proxy/start.bash
ExecStop=/path/to/proxy/stop.bash
TimeoutSec=30
Restart=on-failure
RestartSec=30
StartLimitInterval=350
StartLimitBurst=10

[Install]
WantedBy=multi-user.target

Firewall

Warning

You must ensure that the port the proxy is listening on is properly firewalled and restricted so that only we can access it.

Using with Chrome

To use the configured proxy with Chrome, I'd suggest installing Proxy Helper

Warning

I would strongly suggest you make a whole separate Chrome user called "Proxy Test" so that you don't inadvertently route all your traffic through the configured proxy.

In Proxy helper, you need to go to the options and enter the IP address for the server running the proxy and the port number you set the proxy listening on, and then in another tab you need to press the blue icon and select SOCKS to enable the configured SOCKS proxy.

If it spins for ages and eventually fails, you have not configured the firewall correctly.