bsdzone BSDZone - FreeBSD help, how-to guides, and articles.

  [ Home ]   [ Current News ]   [ Howto Archive ]   [ Books ]   [ Search ]   [ Links ]   [ Contact ]  [ About ]  


Port Forwarding
Security Tips - 24 Jan 05

Port forwarding for people stuck behind a firewall.

This article will discuss the use of ssh to forward tcp ports on a machine inside a firewall to a machine outside of that firewall.

Example 1:
Use Squid and SSH to tunnel your web traffic from behind the firewall to a machine outside the firewall.
| Work Computer | ———-> | Firewall | ———-> | SSH Server |

First install Squid.
$ su -
# cd /usr/ports/net/squid
# make install clean

For testing I lock down the firewall to only allow machines that need access to have access, and open squid for everything.
Some people don’t like this idea, so I will leave the squid configuration up to you.
It is a good idea after testing to read the squid manual and fine tune your configuration either way.

Edit the squid configuration file.
# vi /usr/local/etc/squid.conf

Comment out
http_access deny all
and uncomment
http_access allow all

Then add
squid_enable=”YES” to
/etc/rc.conf

Now reboot…
Goto the machine inside the firewall and,
$ ssh -Nf -L 8888:remote.computer.com:3128 username@remote.computer.com

The -Nf tells the ssh client to start the connection but to not leave you with a terminal on the remote machine.
8888 is the local port on the machine inside the firewall.
The remote.computer.com:3128 is the hostname and port of the machine you will be forwarding to.
The username@remote.computer.com is the username and host to where you will be tunneling to.

Now configure your web browser to use localhost port 8888 as it’s proxy server.
Make a connection to a site that can tell you your remote IP address such as toad-one.org, from the machine inside the firewall.
You should see the IP address of the machine outside the firewall.

Provided everything worked you should have an encrypted tunnel to you home machine, which then retrieves the web content for you and kicks it back to you over the tunnel.

Windows works pretty much the same way.
In this example I use Putty, which is free.

First I set up which host I want to tunnel to.
Forward 1

I then set the ports to forward.
Forward 2

Don’t forget to add this by clicking add.
Forward 3

Then click open and log in.
Configure your web browser the same way as earlier, and you should be good to go.

!!! Note some people using NAT on the remote machine may need to have 8888:private.ip.com:3128 as their ssh redirect !!!
example: ssh -Nf -L 8888:192.168.1.2:3128 username@home.computer.com

This is because ssh will try to forward your port to your outside ip, which will then most likely be firewalled.

2 Responses to “Port Forwarding”

  1. Alex Says:
    February 16th, 2007 at 11:16 am

    Where do I get that program Squid that ur talking about

  2. Shawn Says:
    February 16th, 2007 at 1:02 pm

    If you have installed your ports tree then this:

    $ su -
    # cd /usr/ports/net/squid
    # make install clean

    Should get squid and install it for you.

Leave a Reply