Bore a Hole! Three Methods for Tunneling your Connections

Date December 16, 2007

Sometimes, you just need to break through a troublesome gateway. Or perhaps you need to test a connection from a remote location. If you’re like most geeks, though, there’s already ample reason to do any of this — because you can.

Method 1: ptunnel

Esoteric, novel, and perhaps even useful: ptunnel allows you to tunnel TCP connections over ICMP packets — pings! Set ptunnel up on a server of your own, and connect from a client anywhere that allows ICMP traffic through. Sometimes a wireless access point will block TCP and UDP, but allow pings through to the outside. ptunnel is your ticket to freedom in this circumstance. It even allows for multiple connections and authentication.

Method 2: IP over DNS

The NSTX project (Name Server Transfer protocol) allows you to tunnel IP traffic wherever DNS is allowed to the outside world. Similar to ptunnel above, you need to set up a listening server on a machine under your own control first — then, the wifi-world is your oyster. Or at least, your access point. Here is an excellent NSTX howto.

Method 3: SSH SOCKS proxy or tunnel

OpenSSH is the Swiss Army knife of the *nix world. I couldn’t give an overview of tunneling without mentioning my favorite method. Simplest of all methods, as most of us geeks have an SSH server of our own available, this is the quickest way to browsing freedom. From the ssh manpage:

-D port
Specifies a local ``dynamic'' application-level port forwarding.
This works by allocating a socket to listen to port on the local
side, and whenever a connection is made to this port, the connec-
tion is forwarded over the secure channel, and the application
protocol is then used to determine where to connect to from the
remote machine. Currently the SOCKS4 protocol is supported, and
ssh will act as a SOCKS4 server. Only root can forward privi-
leged ports. Dynamic port forwardings can also be specified in
the configuration file.

To create a local SOCKS proxy, it’s as simple as this:

$ ssh -D 8080 myhost.example.com

Now, you would simply point your browser (for example) to 127.0.0.1:8080 as a SOCKS proxy, and you are in business. Of course, OpenSSH can be used to proxy and tunnel more than just web traffic. Anything from MySQL to Samba can be tunneled in this manner. See this Google search, and the -R and -L options to the ssh client.

Category Posted in blog entries

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>