Open main menu

CDOT Wiki β

Changes

OPS235 Lab 7 - CentOS6

102 bytes removed, 20:01, 12 January 2014
Investigation 6: How do you use ssh to tunnel other traffic.
=== Investigation 6: How do you use ssh to tunnel other traffic. ===
{{Admon/note | Use your fedora2 centos2 and fedora1 VMs | Complete this investigation on your fedora2 centos2 and fedora1 VM'scentos1 VMs.}}
{{Admon/note | | You can also use an ssh connection to tunnel other types of traffic. There could be different reasons for doing this. For example tunneling traffic for an unencrypted application/protocol through ssh can increase the security of that application. Alternatively you could use it to circumvent a firewall that is blocking traffic you wish to use but allows ssh traffic to pass through.}}
# You will be working with the 2nd scenario of bypassing a firewall that blocks http traffic.
# In this investigation fedora1 centos1 will be your http server and fedora2 centos2 will be your client.# On the HTTP server (fedora1), make sure the Apache web server is installed by typing the command:<br /><code>rpm -q httpd</code># If it is installed check the configuration of the service to see if it is automatically started at any runlevels by issuing using the command:<br /><code>systemctl status httpd.servicechkconfig h</code>command.# If it has not been started automatically start the service using the service command:<br /><code>systemctl start httpd.service</code># Confirm that httpd is listening to TCP/80 using the netstat command:<br /><code>netstat -atnp</code>.
# Create a small html document called <code>/var/www/html/index.html</code> that displays a short message.*
# On the fedora1 centos1 (the http server) confirm everything is working locally by using a browser to connect to http://localhost# The Set the default firewall configuration on fedora1 is centos1 to REJECT incoming requests to http (TCP/80)# Confirm that you can't connect by using firefox on fedora2 centos to connect to fedora1 centos1 http://fedora1centos1/# On fedora2 centos2 confirm that the httpd service is stopped so it cannot interfere with your observations.
# The next step is to establish a tunnel. When you establish a tunnel you make an ssh connection to a remote host and open a new port on the local host. That local host port is then connected to a port on the remote host through the established tunnel. When you send requests to the local port it is forwarded through the tunnel to the remote port.
:::: [[Image:Tunnel.png]]
<ol><li value="13">Establish a tunnel using a local port on fedora2 centos2 of 20808, that connects to the remote port on fedora1 centos1 of 80, using the following command on fedora2centos2:<br /><code>ssh -L 20808:fedora1centos1:80 user@fedora1centos1</code></li></ol>{{Admon/note | Note! | The -L (which means Local port) takes one argument of <pre><local-port>:<connect-to-host>:<connect-to-port></pre> The command basically connects your local port of 20808 to the remote port of 80 on fedora1. This means all requests to 20808 on the localhost (fedora2centos2) are actually tunnelled through your ssh connection to port 22 on fedora1 and then delivered to port 80 on fedora1centos1, bypassing the firewall. }}
<ol><li value="14">Once the tunnel is established use netstat to verify the port 20808 is listening on fedora2</li>
<li>Now using the browser on fedora2 centos2 connect to http://localhost:20808</li><li>You should see the index.html page on fedora1centos1.</li>
<li>Close the ssh connection and verify that the port 20808 is no longer listening.</li>
</ol>