1. Briefly describe the characteristics of this tunnel:
ssh supports two-way communication tunnel
Forward the communication of other TCP ports via SSH link
Can break through the firewall, used to over the wall
2. ssh local port forwarding:
Make the effect similar to rinetd
Tunnel a local port to a remote server
The ssh tunnel will encrypt the transmitted traffic
3. Features:
Local listening port, access forwarded to the specified port of the remote host
4. Experimental environment 1 (Intranet host is Linux):
The firewall is still restricted, only allowing traffic through port 53
I now use bodhi_linux as the client, kali as the server, and win_service2003 as the external server (I modified the first page of this host, and added an IP on the original basis)
Now use the SSH local port to forward traffic, so that the internal network environment of the machine through a strictly restricted firewall to establish a tunnel, access to the external network win_service2003, through this tunnel can pass shell, remote desktop and other traffic.
First set the ssh configuration file of kali to allow remote connection
Need to modify the following settings
changed to:
The listening port is set to 53, allowing root to log in remotely, password authentication is enabled
Then start the service
You can see that the service has started
Location bodhi_linux:
Configure a static IP so that its traffic passes through the firewall
emm, when I changed the static IP, I had a little problem, that is, after setting the static IP, I pinged the firewall gateway, and I do n’t know if the reader would encounter it. My solution is to down the network card and set it again. Static IP is ok
win_service2003 configuration:
emm, no configuration, just the above environment
During the experiment, I encountered some problems. By the way, when connecting to kali with ssh, I found the following:
Later I remembered that I did not set up a gateway (Khan):
Set the gateway to 1.1.1.1
Explain that the flow is clear
Then, start the experiment:
I will not explain this command in detail here, I am afraid that it will be too long
See the following figure, indicating that the channel has been successfully established and obtained a shell
Then, the traffic to the local 7001 port will pass through the firewall through the ssh tunnel, access to kali, and access to the win_service2003 server through kali
If there is a service on Kali machine, you can try to access the service on Kali
Start the kali apache service first
The kali local service page has been successfully started. Here are two ways to write the connection command:
Through this command, you can connect to the kali service, visit the apache home page, the command has begun to listen, and at the same time put the task in the background
Visit the page to verify the availability of the tunnel
This tunnel was successfully established
Through this tunnel, you can access the remote desktop and remotely obtain a shell through a restricted network environment. As mentioned in the previous article, I will not repeat it here, but there is also a gateway function worth mentioning.
Now, I add another XP host on the intranet to let XP access the apache pages of win_service2003 and kali through the SSH tunnel established by bodhi_linux
Both hosts are on the intranet:
Now the re-established tunnel has been established
The -g parameter is to use the local tunnel as a gateway, and hosts on the same network segment can access hosts on the external network through it
Now use another host on the intranet to access its port 7001, which should directly access port 80 of win_service2003
Successful visit