How to SSH tunneling
SSH Tunneling
- What is tunneling?
A technology that enables private network (single machines or entire internetworks) to send its data or allow to use its resources via another network’s connections.Tunneling works by encapsulating a network protocol within packets carried by the second network.
- Example:
PPTP (Point-to-Point Tunneling Protocol) technology enables organizations to use the Internet to transmit data across a VPN. It does this by embedding its own network protocol within the TCP/IP packets carried by the Internet.
Various Tunneling protocols include:
Datagram-based:
- IPsec (Internet Protocol Security)
- GRE (Generic Routing Encapsulation) supports multiple protocols and multiplexing
- IP in IP Tunneling: Lower overhead than GRE and used when only 1 IP stream is to be tunneled
- L2TP (Layer 2 Tunneling Protocol)
- MPLS (Multi-Protocol Label Switching)
- GTP (GPRS Tunneling Protocol)
- PPTP (Point-to-Point Tunneling Protocol)
- PPPoE (point-to-point protocol over Ethernet)
- PPPoA (point-to-point protocol over ATM)
- IEEE 802.1Q (Ethernet VLANs)
- DLSw (SNA over IP)
- XOT (X.25 datagrams over TCP)
- IPv6 tunneling: 6to4; 6in4; Teredo
- Anything In Anything (AYIYA; e.g. IPv6 over UDP over IPv4, IPv4 over IPv6, IPv6 over TCP IPv4, etc.)
Stream-based:
- TLS (Transport Layer Security)
- SSH (Secure Shell)
- SOCKS (sockets)
- HTTP CONNECT command
- Various circuit-level proxy protocols, such as Microsoft Proxy Server’s Winsock RedirectionProtocol, or WinGate Winsock Redirection Service.
Out of above available Tunneling protocol we will describe SSH based Tunneling.
SSH Tunneling:
- SSH tunnel is an encrypted tunnel created through a SSH protocol connection.
- It takes place by using mechanism of port forwarding over a secure tunnel.
- SSH tunnels provide a means to bypass firewalls that prohibit certain Internet services provided that outgoing connections are allowed.
To understand SSH tunneling we will take a following example.
In the following network diagram, my requirement is to access System B’s private network resources on system A. here system D’s application myWebApp on System A.
Here system A and system B are connected via Internet. So we can create a tunnel between system A and system D via system B and forward a 8080 port of system D to local port of system A.
Below are steps to create a tunnel using SSH client (Putty).
- Start the SSH client (Putty) at system A.
Step 4:
This step is to verify Tunnel we created by above 1-3 steps:
- Right click on the caption bar of the shell window and then click on option ‘Change Settings…’, it will open a ‘Putty Reconfiguration’ window.
- On Putty Reconfiguration window, click on connection->SSH->Tunnels and right hand side you will see the mapping we did.
- Click on Apply
- Then open a web browser on your local system and type: http://localhost:1001/myWebApp
Press Enter and you will see magic. You won’t believe yourself that you can access the application running on system D which in the private network of B.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Thanks a lot for the detailed explanation. I have a similar tunneling scenario to access a SVN repository.
[Eclipse IDE on Local Desktop] —> [GW server]—>[SVN server]
How can access the SVN repository on SVN server from my Eclipse IDE on Local Desktop using tunneling.
Thanks in advance
NA