Tunneling and Port Forwarding¶
Tunnelling (Host to Container)¶
Useful when you want to forward requests to a certain port to a process running inside an LXC container.
For example - if you have a web server running in an LXC container that is listening on port 8080 and you want to access this by using your localhost (or 127.0.0.1) address you will need to forward the requests to the port via SSH.
# ssh -nNT -L <host port>:localhost:<container port> <sshuser>@<container_ip> -p <container_ssh_port - optional> ssh -nNT -L 8080:localhost:8080 email@example.com -p 2020
Reverse Tunnel (Container to Host)¶
Very similar to tunneling - a reverse tunnel does the inverse and makes processes outside the container (on the host) accessible to processes inside the container.
# ssh -nNT -R <host port>:localhost:<container port> <sshuser>@<container_ip> -p <container_ssh_port - optional> ssh -nNT -R 8080:localhost:8080 firstname.lastname@example.org -p 2020
The key difference between forward and reverse tunneling is the
-R (reverse) and
-L (forward) flags.
Swapping these will reverse the direction of the tunnel.
The ports do not need to match, you can use any port on the forwarding side.
For example - you can forward requests from 8000 to 8080 as opposed to 8080 to 8080.
A SOCKS proxy allows us to easily route our internet traffic through a remote server.
This can be really useful where you want to do things like test firewall configurations, geolocation detection and anything else that requires you to be able to make requests from a different IP to the normal office one.
Setting up a SOCKS proxy is very simple, as we can do it with SSH which is already installed.
Here are some basic scripts
Simple enough, starts the SSH daemon in the background, connecting to localhost over port
2020 listening for proxy connections on port
1 2 3 4
#!/bin/bash echo "starting socks proxy daemon" ssh -f -N -D 0.0.0.0:1080 localhost -p2020
This is a simplistic approach to finding and killing the running daemon created above
1 2 3 4
#!/bin/bash echo "stopping" kill $(ps waux | grep "ssh -f -N -D \.0\.0\.0" | cut -d ' ' -f 6) echo "stopped"
And here is a simple Systemd unit you can use to have the proxy running all the time
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
[Unit] Description=Simple Proxy After=network.target After=systemd-user-sessions.service After=network-online.target [Service] ExecStart=/path/to/proxy/start.bash ExecStop=/path/to/proxy/stop.bash TimeoutSec=30 Restart=on-failure RestartSec=30 StartLimitInterval=350 StartLimitBurst=10 [Install] WantedBy=multi-user.target
You must ensure that the port the proxy is listening on is properly firewalled and restricted so that only we can access it.
Using with Chrome¶
To use the configured proxy with Chrome, I'd suggest installing Proxy Helper
I would strongly suggest you make a whole separate Chrome user called "Proxy Test" so that you don't inadvertently route all your traffic through the configured proxy.
In Proxy helper, you need to go to the options and enter the IP address for the server running the proxy and the port number you set the proxy listening on, and then in another tab you need to press the blue icon and select SOCKS to enable the configured SOCKS proxy.
If it spins for ages and eventually fails, you have not configured the firewall correctly.