Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Clarification:
* 2110 is the virtual port that will be set up on the local client.
* mail.example.com is the server my remote SSH server (ssh-server.example.com) will be talking to on the other end.
* 110 is the port of mail.example.com that the remote SSH server will connect to.
* I will connect to localhost:2110, which will then be routed to my remote ssh server securely, and the remote ssh server will then traffic packets to and from mail.example.com.
Is this correct?
All this will allow you to do is connect to a pop server using `telnet localhost 2110`. Why not just connect using `telnet remoteserver 110` instead. Why the need for this?
Clarification:
* 2110 is the virtual port that will be set up on the local client.
* mail.example.com is the server my remote SSH server (ssh-server.example.com) will be talking to on the other end.
* 110 is the port of mail.example.com that the remote SSH server will connect to.
* I will connect to localhost:2110, which will then be routed to my remote ssh server securely, and the remote ssh server will then traffic packets to and from mail.example.com.
Is this correct?
Looks right to me.
Your outgoing packets sent to port 2110 on your local machine will be forwarded over a secure tunnel from your machine to ssh-server.example.com, and then forwarded on an unencrypted network connection to mail.example.com on port 110.
Incoming packets will be sent unencrypted from mail.example.com to ssh-server.example.com, and then over a secure link to your local client.
rjlee, Thank you for your response. That was what I was thinking. I just wanted to make sure.
Quote:
Originally Posted by ramram29
All this will allow you to do is connect to a pop server using `telnet localhost 2110`. Why not just connect using `telnet remoteserver 110` instead. Why the need for this?
The example I gave was just an example. However, the purpose is to establish an encrypted connection with a server through an untrusted network, such as a public WIFI. If I go to BlahBlah's cafe and connect to their WIFI, I don't want them to know what I'm browsing, or what my emails are.
What's really fun if both sides are linux (might work in other OSes too) is to use the tap/tun stuff in ssh. The -w option. It lets you have a quick and easy vpn and you can route whatever you'd like through it. You do need privileges on the tun device (typically /dev/net/tun) to do this. And the remote sshd needs to have PermitTunnel yes (or ethernet). I wouldn't recommend having this option on all the time.
ssh -o Tunnel=ethernet -w any root@remote_host
This will give you two tap devices (do an ifconfig -a to see them) that are virtual ethernet connections and are connected (one on each machine) to each other. You can then give them ip addresses, do routing over them, even bridge them with another ethernet interface.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.