Bypassing Firewalls Using SSH Tunneling :
Most networks are monitored and protected by firewalls. These devices are the first line of defense for most networks and are used to “plug” security holes that could adversly affect the network and its users. In many cases they also prevent its users from participating in actions that are not part of the network’s Acceptable Usage Policy. However, network administrators may come to find that some of their users are able to bypass these restrictions. This Tutorial shows how easy it can be for users to bypass these restrictions using SSH tunnels (Shunnels), and the importance of limiting the use of SSH on networks to users who must absolutely have it.
*NOTE: This demonstration uses IRC, Internet Explorer and Firefox as examples. IRC traffic is often blocked to eliminate the threat of IRC zombies. Internet Explorer and other browsers are proxied by a firewall to prevent users from viewing unwanted websites. Below is a step by step tutorial on how network users can use Shunnels to bypass firewall proxy restrictions.
Programs needed to run this demonstration:
- SSH Service to computer outside the firewalled network: Linux OpenSSH, Windows OpenSSH
- Putty (SSH client): download here
- One .BAT File (we will create this later)
Step 1: Acquire an SSH service outside of the firewalled network. You can use the SSH service provided by your web hosting service (for those of you with your own website) or you can install SSH on a home computer using OpenSSH. If you are going to setup the service at home we recommend using OpenSSH for Windows due to its simplicity and ease of use (those of you that have Linux boxes feel free to use OpenSSH for Linux). Below are instructions for installing OpenSSH on a Windows Box.
Installing OpenSSH on Windows:
- Download the .zip file linked above and unzip it
- Run setupssh.exe
- Choose to install the client and the server
- Now open a command prompt and navigate to C:Program FilesOpenSSHbin
- Once you are in that directory type the following two commands separately: “mkgroup -l > ..etcgroup” then “mkpasswd -l > ..etcpasswd”
- Now that you have finished the installation you must start your server. Open the command prompt and type “net start opensshd”. To stop the server type “net stop opensshd”. You can also create a .bat file with the start command and link it to the Windows Startup Folder if you would like for your server to start automatically when windows boots.
At this point you should have an SSH connection outside of the firewalled network. This could be an SSH server set up at home or any other SSH service that is available to you. Be sure that you can connect via SSH to this server from the firewalled location. Once you have established that this connection is working you are ready for the Step Two. If you are having a problem with Step One please refer to the suggestions offered at the end of this tutorial.
Step 2: Download Putty to a Directory on your computer.
Step 3: Open Notepad and type the following line:
Putty -D 1080 -P 22 -ssh your.domain.com
“your.domain.com” is the domain name of the computer outside the firewalled network that your SSH service is hosted on. It can also be the machine’s IP address.
Save this file as “shunnel.bat” in the same directory as Putty.
Step 4 (Configuring mIRC, IE and Firefox)): Now you must configure your IRC client. We will be using mIRC for our IRC client. Click the option button or navigate through the menu using View-Options. Under “Connect” on the left sidebar click on “Firewall” and configure as follows:
Also, make sure that you fill in your information under “Connect”. Example as follows:
You have now completed the IRC configuration.
Initiate the session as follows:
- Click the IRCshunnel.bat
- It will open Putty and prompt you for a username and pass for the SSH connection. Enter your username name and password.
- At this point Putty will have opened a command line prompt on the machine hosting the SSH service outside the firewalled network. Feel free to close the batch file, however in order to shunnel traffic you must leave your SSH client open.
- Lastly, Open mIRC and connect to your favorite server.
Internet Explorer Click on Tools and scroll down to “Internet Options.” Select the LAN Settings tab and another window will open. Check the last option which says, “Use a proxy server…”
Select the “Advanced” tab and a new window will appear. For the purposes of the shunnel we will be entering our information in the SOCKS item menu. For “Proxy Address to Use” you will enter in the loopback address of 127.0.0.1. Your port number will vary based on the port that you set in your batch file. For this example we use port 1080.
Select OK until you are back at Internet Explorer and enjoy unrestricted browsing.
FirefoxConfiguring Firefox to use the shunnel is very similar to Internet Explorer. From Firefox, click “Tools” and then “Options.” A new window will appear. Click on the “Connection Settings” button on the lower right hand corner of the window.
Select “Manual Proxy Configuration” and you will be prompted to enter in your proxy information. Again, what we’re concerned with is the “SOCKS Host” inputbox. Input your loopback address of 127.0.0.1 and change the port number to the one you selected for your batch file. In this example we use port 1080.
All that remains is to accept the settings and enjoy unrestricted browsing.
Parting Words Preferably the SSH server that you use will be administered by yourself or someone very close to you that you trust. Remember, when your information goes across the shunnel anyone who has access to the SSH server will be able to view all of the connections that pass through it.
*NOTE: It is possible to overload the shunnel with several different connections. If that occurs, create a new batch file and change the port from 1080 to 1081 or any other port that you have configured to forward on your firewall.
Other Suggestions:If your firewall does not allow outgoing SSH, open the config file for your SSH server (assuming you have the ability to do this) and edit it to listen on port 443 instead of 22. Then edit your batch file to the following:
Putty -D 1080 -P 443 -ssh your.domain.com
This will make your Shunnel appear as if it is an HTTPS connection on port 443, which is allowed to pass on most all firewalls.
This Shunneling technique is not limited to IRC. It works with anything that allows a Socks4 or Socks5 configuration. Simply, configure the SOCKS settings to point to the IP address 127.0.0.1 and whatever port you have specified in your .bat file. Happy Browsing