Proxy hacks – II. “Listen” inside a LAN. Setup servers inside LAN, behind proxy. Using remote tunnels.

As promised, the post is here. Today we talk about how to simulate open ports inside a private network for outside world.

Requirements : A PC with a public IP with OpenSSH server running on port 443.

Please refer to previous post on how to setup this arrangement.

This post starts from where we left in the previous post.

Objective : Host a file server inside LAN (lets say on port 8080) .Only access to outside world is through an HTTP proxy.

- if we can do so, opening up port 3389 similarly, will enable us to remote desktop into LAN from internet.

We assume, openssh server is up, your machine is pinging from internet on port 443. We’ll use same putty session which we created in the last post. Now we are going to just create more tunnels.

At Office

Use this tool, to host a HTTP server on your machine on port 8080. This is my favourite file server tool and I normally prefer it to FTP.

SideTalk: FTP , Please note that setting up a FTP server is not as simple as opening up port 21. In situations where client uses PASV (Passive) mode to connect (Clients behind firewalls), we also need to run FTP server on Passive mode, which requires a range of ports to be opened on Router. [More on it, if people demand]

OK, Add a new tunnel to existing session (created in last post) as follows :

Source Port = 8081

Destination = localhost:8080

Check “remote” in next line. This means this is a reverse tunnel. We have just forwarded local port 8080 to remote port 8081

All done here.

At HOME

Open up another putty session, create a new connection to localhost on port 443,

Add a tunnel as:

Source port 8080

Destination : localhost:8081

Check the checkbox that says “Local port accept connections from other hosts”.

We have just created a normal tunnel forwarding connections from port 8080 to 8081. {which has already been reverse tunneled to 8080 port at Office.}

That’s it!! We are almost done! Open up port 8080 (just as we opened up port 443 in the previous post) from your router config page .

DONE!

Go to a machine on internet(cyber cafe?). Open up your machine address , http://abcdef.dyndns.org:8080 and VOILA you would be seeing file server page running in your office.

Similarly if you forward port 3389, you can remote desktop from anywhere in world to your office PC without any VPN .

Brief Summary

I don’t have a mouse right now, or I would have drawn a nice diagram.

What we have done is created two tunnels in conjunction. One reverse Tunnel and One normal tunnel, so that request from Internet to your machine are forwarded to machine at your Office.

Sthing like this:
[ OFFICE ] 8080 <—- 8081 [HOME] 8081 —-> 8080 [ HOME ] < —- [INTERNET]

Fire up a browser on your office PC, Hit http://abcde.dyndns.org:8080 realize what a big cycle you have just created. Give that grim smile and have fun. And ofcourse everything from office to home is encrypted.

Please read disclaimer in previous post before you go on to try anything. I am pretty sure this is pretty much illegal at a lot of places.

Next : Download torrents in a LAN behind proxy.