SSH Tunneling

Details

If the customer doesn’t has a static public IP address with the possibility to configure the border router/firewall with port forward or DNAT/SNAT, we could set-up a temporary configuration by using any common Internet connection.

Requirements/Conditions/Restraints

• A free Anonymizer/VPS.

• Possibility of using an SSH Client (for Windows) like Putty on the Collector.

Instructions

A) Configure the server

Usually the sshd on CentOS is configured to allow the bridge only on local IP addresses so we need to check the sshd (server) configuration on the Anonymizer/VPS:

1. access the Anonymizer/VPS by using an SSH Client;

2. open with an editor the sshd config file (/etc/ssh/sshd_config), look for the GatewayPorts parameter and check if it’s properly configured to YES without the hash key;

• GatewayPorts yes

3. save the config file and restart the ssh server.

B) Setup SSH Client Configuration

Set-Up the ssh tunnel through the SSH Client Configuration:

1. open an SSH Client on the Collector System. This example uses Putty;
2. in the Session config page:

• fill-in the IP address of the Anonymizer/VPS;

• fill-in a name to save the session and save it.

3. explode the SSH config page and move to Tunnels config section;

• fill-in the Source port that you want to be forwarded (RCS default setting is 80);
• fill-in the destination IP/hostname (localhost or 127.0.0.1) of the forward and the port (RCD default setting is 80);
• check the flag on Remote;

• load this configuration by clicking on Add;

• check if the forwarded port is prolerly remote R80;
• start the session by clicking on Open.

4. the tunnel will not be ready until you log-in to the Anonymizer/VPS by using a valid pair of credendials;

5. after logging in, check if the sshd daemon is properly listening on the public interface (on forwarded port);

6. check if the tunnel is up by trying to connect to port 80 of the Anonymizer/VPS (you could use telnet, nmap or a browser that allows you to see the Collector error message).