Reverse SSH Tunnel possible? - WeOnlyDo Discussion board

Reverse SSH Tunnel possible? (wodSSHTunnel)

by rina, Sunday, March 23, 2014, 20:40 (3659 days ago)

Hello, we are looking for a software that can create a SSH tunnel between a local PC located inside a firewalled private network where all ports are closed except 22, and we need a tunnel between that PC and a public server running Centos 6.5, once that tunnel is created we need to be able to access that private network from the server.

For example, PC creates the ssh tunnel to the server, server access port 80 on that PC and based on the data received it have to access another PC or resource located in that PC's private network. The PC can even run a local proxy so that all the requests made by the server to be forwarded inside that private network. We will be running a NS on the PC initiating the SSH tunnel so the internal network will be mapped.

Thanks

Reverse SSH Tunnel possible?

by wodSupport, Sunday, March 23, 2014, 22:25 (3659 days ago) @ rina

Rina,

hi. You should try to achieve this with our product wodSSHTunnel

http://www.weonlydo.com/SSHTunnel/ssh-tunnel-component.asp

it supports remote port forwarding. Make sure you select 'RemoteForward' channel type when creating the channel, and first specify LocalIP/Port when creating the channel, then remote (on the server).

You will get 1:1 forwarding, so you should install some (socks?) proxy on local side to awaits connections and route them to appropriate destination on your local network.

You can see remote port forwarding sample here:

http://www.weonlydo.com/code.asp?did=Remote-port-forwarding

Hope this helps!
Kreso

Reverse SSH Tunnel possible?

by rina, Monday, March 24, 2014, 00:28 (3659 days ago) @ wodSupport

Kreso,

Thank you for your info, we will try this method.

Is tour software able to perform socks proxy on the client too? or only on the server side?
If not, can you point us to a good socks proxy, maybe a free source code that we can compile on the client?
We need to set some static routes that we can hardcode in the proxy and some dynamic ones too.

Thank you

Reverse SSH Tunnel possible?

by wodSupport, Monday, March 24, 2014, 00:45 (3659 days ago) @ rina

Rina,

we perform socks only on local side, and only when local port forwarding is used - so I guess this doesn't apply to you.

I don't have any recommendations for the proxy software, but if you google for 'free proxy download' I'm sure you will be able to get something functional, at least to perform tests.

Hope this helps!
Kreso

Reverse SSH Tunnel possible?

by Traveller, Tuesday, March 25, 2014, 16:20 (3657 days ago) @ wodSupport

Hi, It pleases me to point You to the following URLs for PROXY with Source Code
One in Vb6 Language , and another in C++ Language:

CinaProxy Server in vb6 for win32 (Source Code)

http://sourceforge.net/projects/cinaproxy/?source=pdlp
' ------------------------------------------------------
A Simple Http Proxy Server C++

http://www.codeguru.com/cpp/i-n/internet/http/article.php/c3383/A-Simple-Http-Proxy- Server.htm

Reverse SSH Tunnel possible?

by Henry Gronson, Tuesday, April 01, 2014, 02:09 (3650 days ago) @ Traveller

Hello, we are also interested in this behavior, but we are unable to duplicate it, we tried to add those 3 lines in wodSSHTunnel1_Connected(), but no luck.

wodSSHTunnel1.Channels.Add(wodSSHTunnelCOMLib.ForwardTypesEnum.LocalListen, "127.0.0.1",80);
wodSSHTunnel1.Channels.Add(wodSSHTunnelCOMLib.ForwardTypesEnum.RemoteListen, "127.0.0.1", 80, "44.127.14.48", 80);

wodSSHTunnel1.Channels.StartAll();


Our private server is behind a router and can access 44.127.14.48, wodSSHTunnel1.Connect(); is working, and we get
User from 127.0.0.1 left
User from 127.0.0.1 left
Any help will be appreciated.

Henry

Reverse SSH Tunnel possible?

by Henry Gronson, Tuesday, April 01, 2014, 02:56 (3650 days ago) @ Henry Gronson

Well, i managed to solve it, here is what i did

private void wodSSHTunnel1_Connected() {
wodSSHTunnel1.Channels.Add(wodSSHTunnelCOMLib.ForwardTypesEnum.LocalListen, "127.0.0.1",81,"127.0.0.1",80);
wodSSHTunnel1.Channels.Add(wodSSHTunnelCOMLib.ForwardTypesEnum.RemoteListen, "127.0.0.1", 80, "0.0.0.0",81);
wodSSHTunnel1.Channels.StartAll();
}

i can wget 127.0.0.1:81 on the public server and i get the index page on my private server, but now i want others to access that page too, but it seems that port is open only on the loopback interface. Here is netstat -anp | grep 81 output:

tcp 0 0 127.0.0.1:81 0.0.0.0:* LISTEN 2222/sshd
tcp 0 0 ::1:81 :::* LISTEN 2222/sshd

Can o open port 81 on all interfaces from SSHTunnel? or do i need to forward another port let's say 82(on all interfaces) to port 81 on my public server so that it is available to all.

Thanks

Reverse SSH Tunnel possible?

by wodSupport, Tuesday, April 01, 2014, 07:34 (3650 days ago) @ Henry Gronson

Henry,

yes, you can bind to all interfaces, just use 0.0.0.0 as bind address.

Regards,
Kreso

Reverse SSH Tunnel possible?

by Henry Gronson, Tuesday, April 01, 2014, 20:16 (3650 days ago) @ wodSupport

Hello, thank you for your answer, i have tried

wodSSHTunnel1.Channels.Add(wodSSHTunnelCOMLib.ForwardTypesEnum.RemoteListen, "127.0.0.1", 80, "0.0.0.0",81);

but i am not able to access the remote from outside, only 127.0.0.1 is able to use that port.

[root@localhost ~]# telnet 192.168.1.180 81
Trying 192.168.1.180...
telnet: connect to address 192.168.1.180: Connection refused
[root@localhost ~]# telnet 127.0.0.1 81
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.

i have turned off the firewall and iptables, no change. I even tested with

private void wodSSHTunnel1_Connected()
{
wodSSHTunnel1.Channels.Add(wodSSHTunnelCOMLib.ForwardTypesEnum.LocalListen, "0.0.0.0", 0);
wodSSHTunnel1.Channels.Add(wodSSHTunnelCOMLib.ForwardTypesEnum.RemoteListen, "0.0.0.0", 80, "0.0.0.0",81);
wodSSHTunnel1.Channels.StartAll();
}

same result.

Can you help me?

Henry

Reverse SSH Tunnel possible?

by wodSupport, Tuesday, April 01, 2014, 20:18 (3650 days ago) @ Henry Gronson

Henry,

what kind of SSH server are you connecting to? If it's OpenSSH you have to allow it in server configuration.

I think GatewayPorts is the keyword in sshd_config file. I have this for our tests:

GatewayPorts clientspecified

Kreso

Reverse SSH Tunnel possible?

by Henry Gronson, Tuesday, April 01, 2014, 22:05 (3650 days ago) @ wodSupport

Hello,

Thank you for your suggestion, but now after setting the GatewayPorts to clientspecified and even to yes, we still have a problem, on 127.0.0.1:81 we get our page

[root@localhost ~]# wget 127.0.0.1:81
--2014-03-31 15:48:13-- http://127.0.0.1:81/
Connecting to 127.0.0.1:81... connected.
HTTP request sent, awaiting response... 302 Found
Location: login.html [following]
--2014-03-31 15:48:13-- http://127.0.0.1:81/login.html
Reusing existing connection to 127.0.0.1:81.
HTTP request sent, awaiting response... 200 OK
Length: 2691 (2.6K) [text/html]
Saving to: “index.html.23”

100%[=============================================================>] 2,691 --.-K/s in 0s

2014-03-31 15:48:13 (443 MB/s) - “index.html.23” saved [2691/2691]


but when we try with the public ip we get

[root@localhost ~]# wget 192.168.1.101:81
--2014-03-31 15:48:16-- http://192.168.1.101:81/
Connecting to 192.168.1.101:81... connected.
HTTP request sent, awaiting response... ^C

And it just stay there.. I setup a Virtual Machine on my PC for the tests, i have Centos 6.5, no extra services are running, just basic install.

When i try to access 192.168.1.101:81 from my browser it wait for the page to load until i close the SSHtunnel.

netstat -anp | grep 81 output now:
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 1718/sshd

Thanks

Henry

Reverse SSH Tunnel possible?

by wodSupport, Wednesday, April 02, 2014, 00:11 (3650 days ago) @ Henry Gronson

Talia,

honestly I have no idea what could be causing this. I just tested and this works ok in our tests.

I would need some special debugging to determine what is causing this, since we cannot duplicate this.

Kreso