########### SSH Port Forwarding #################
Facilitates Local & Remote Port forwarding
1. Local - means to forward a port on the local system to a remote system
2. Remote - means to forward a remote port to our local host
Local Port : -L next to localport, and Remote IP
e.g. ssh -L 9000:10.10.20.290:5900 root@IP
Remote Port: -R next to RemotePort, and Localhost
e.g. ssh -R 4444:localhost:22 root@ip
Reverse SSH Tunnel
A reverse tunnel is just like the tunnel we set up with -L, except it allows the destination machine to connect to the client machine.
In the example from this article, you can create a reverse tunnel from Server to Netbook allowing Netbook to reconnect to Server. The following command, when run from Server, connects to Netbook and creates a tunnel from port 4444 on Netbook to the SSH dæmon on Server. Any shell on Netbook then can connect to Server via port 4444:
Private Server No ssh is allowed Directly
ssh -R 4444:localhost:22 load_runner
Note: -R next to port is the Remote Port (load_runner), Make sure 4444 port is not being used on load_runner.
The following command, when run from load_runner host machine, would connect to Server via the reverse tunnel:
ssh -p 4444 localhost (load_runner)
Note: You will jump into the Private Server from where the port it mapped
Forward SSH Tunnel
Many applications use protocols where passwords and data are sent as clear text. These protocols include POP3, IMAP, SMTP and NNTP. SSH can encrypt these connections transparently. Say your e-mail program normally connects to the POP3 port (110) on mail.example.net. Also, say you can't SSH directly to mail.example.net, but you have a shell login at shell.example.net. You can instruct SSH to encrypt traffic from port 9110 (chosen arbitrarily) on your local computer and send it to port 110 on mail.example.net, using the SSH server at shell.example.net:
ssh -L 9110:mail.example.net:110 shell.example.net
Note: -L next to port is the localhost port
That is, send local port 9110 to mail.example.net port 110, over an SSH connection to shell.example.net.
Then, simply tell your e-mail program to connect to port 9110 on localhost. From there, data is encrypted, transmitted to shell.example.net over the SSH port, then decrypted and passed to mail.example.net over port 110. As a neat side effect, as far as the POP3 dæmon on mail.example.net knows, it is accepting traffic from shell.example.net.
Tunneled Connections
SSH can act as a bridge through a firewall whether the firewall is protecting your computer, a remote server or both. All you need is an SSH server exposed to the other side of the firewall. For example, many DSL and cable-modem companies forbid sending e-mail from your own machine over port 25 (SMTP).
Our next example is sending mail to your company's SMTP server through your cable-modem connection. In this example, we use a shell account on the SMTP server, which is named mail.example.net. The SSH command is:
ssh -L 9025:mail.example.net:25 mail.example.net
Note: -L next to is the localhost port, make sure the port it open
Then, tell your mail transport agent to connect to port 9025 on localhost to send mail. This exercise should look quite similar to the last example; we are tunneling from local port 9025 to mail.example.net port 25 over mail.example.net. As far as the firewall sees, it is passing normal SSH data on the normal SSH port, 22, between you and mail.example.net.
LOCAL:
Flow: Client -> Port(2323) -> SSH- Tunnel Remote Host (2323)
Syntax:
ssh -L 2323:DestinationHost:2323 SSHD_Router_Server
Note: Port Forwarding in Solaris 10 supports ONLY TCP traffic
Note: -L next to is the localhost port
ssh -L 2323:linuxcbtmedial:80
Note: -L next to is the localhost port, which is being mapped to port 80
Note: Ensure that local port is free, and destination port is listening
Note: Default port forwarding provides connectivity ONLY to localhost
Cross-Check : telnet localhost 2323 Use ^] to print the web-page
netstat -anP tcp | grep 2323
rcapache2 start
rcsshd restart
svcs -l apache2 (services list) - maintenace mode
svcadm clear apache2 (service adm)
svcs -l apache2 - online
#### Remote-Desktop
rdesktop -f -a 16 ip
###### Remote Port Forwarding ###########
Note: Remote port forwarding instructs remote server's SSHD to bind to a port that becomes available to the remote system's users
ssh -R 2424:LocalHost:80 linuxcbtmedia1
ssh -R 2424:localhost:80 linuxcbtmedia1
Note: -R next to is the Remote port of the machine
### Share locally and remotely forwarded ports ###
ssh -g -L 2323:linuxgoogle:80 linuxgooglel (Makes available in the entire subnet)
ssh -g -R 2424:localhost:80 linuxgoogle
##Remote forwarded port #### Reverse Tunnel
ssh -R2245:127.0.0.1:22 load_runner
## Jump into Real Machine
ssh load_runner@127.0.0.1 -p 2245
#################
/bin/ps -ef | grep dhclient | sed -n '1p' | awk {'print $2'} | xargs kill -9
#Exec
The exec() family of functions will initiate a program from within a program. They are also various front-end functions to execve().
The functions return an integer error code. (0=Ok/-1=Fail).
An exec command redirects stdin to a file
#fd
File descriptors 0, 1 and 2 are reserved for stdin, stdout and stderr respectively. However, bash shell allows you to assign a file descriptor to an input file or output file. This is done to improve file reading and writing performance. This is known as user defined file descriptors.
exec fd> output.txt
* where, fd >= 3
Eg:
exec 3> /tmp/output.txt
echo "This is a test" >&3
date >&3
exec 3<&-
############# Iptables #################
route add -net 10.10.20.0/24 gw 192.168.155.138 ( Making gateway as the vx64 box )
ping 10.10.20.81 ( pinging the compute node ) (If not pinging add iptables rules to vx64 box)
iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
cat /proc/sys/net/ipv4/ip_forward
echo "1"> /proc/sys/net/ipv4/ip_forward
## Parameters Passing in Bash Shell scripts ##
This is a simple alternative to using getopts to parse parameters in a BASH shell script which makes use of the powerful parameter substitution functions in BASH. It should be sufficient for most scripts:
Facilitates Local & Remote Port forwarding
1. Local - means to forward a port on the local system to a remote system
2. Remote - means to forward a remote port to our local host
Local Port : -L next to localport, and Remote IP
e.g. ssh -L 9000:10.10.20.290:5900 root@IP
Remote Port: -R next to RemotePort, and Localhost
e.g. ssh -R 4444:localhost:22 root@ip
Reverse SSH Tunnel
A reverse tunnel is just like the tunnel we set up with -L, except it allows the destination machine to connect to the client machine.
In the example from this article, you can create a reverse tunnel from Server to Netbook allowing Netbook to reconnect to Server. The following command, when run from Server, connects to Netbook and creates a tunnel from port 4444 on Netbook to the SSH dæmon on Server. Any shell on Netbook then can connect to Server via port 4444:
Private Server No ssh is allowed Directly
ssh -R 4444:localhost:22 load_runner
Note: -R next to port is the Remote Port (load_runner), Make sure 4444 port is not being used on load_runner.
The following command, when run from load_runner host machine, would connect to Server via the reverse tunnel:
ssh -p 4444 localhost (load_runner)
Note: You will jump into the Private Server from where the port it mapped
Forward SSH Tunnel
Many applications use protocols where passwords and data are sent as clear text. These protocols include POP3, IMAP, SMTP and NNTP. SSH can encrypt these connections transparently. Say your e-mail program normally connects to the POP3 port (110) on mail.example.net. Also, say you can't SSH directly to mail.example.net, but you have a shell login at shell.example.net. You can instruct SSH to encrypt traffic from port 9110 (chosen arbitrarily) on your local computer and send it to port 110 on mail.example.net, using the SSH server at shell.example.net:
ssh -L 9110:mail.example.net:110 shell.example.net
Note: -L next to port is the localhost port
That is, send local port 9110 to mail.example.net port 110, over an SSH connection to shell.example.net.
Then, simply tell your e-mail program to connect to port 9110 on localhost. From there, data is encrypted, transmitted to shell.example.net over the SSH port, then decrypted and passed to mail.example.net over port 110. As a neat side effect, as far as the POP3 dæmon on mail.example.net knows, it is accepting traffic from shell.example.net.
Tunneled Connections
SSH can act as a bridge through a firewall whether the firewall is protecting your computer, a remote server or both. All you need is an SSH server exposed to the other side of the firewall. For example, many DSL and cable-modem companies forbid sending e-mail from your own machine over port 25 (SMTP).
Our next example is sending mail to your company's SMTP server through your cable-modem connection. In this example, we use a shell account on the SMTP server, which is named mail.example.net. The SSH command is:
ssh -L 9025:mail.example.net:25 mail.example.net
Note: -L next to is the localhost port, make sure the port it open
Then, tell your mail transport agent to connect to port 9025 on localhost to send mail. This exercise should look quite similar to the last example; we are tunneling from local port 9025 to mail.example.net port 25 over mail.example.net. As far as the firewall sees, it is passing normal SSH data on the normal SSH port, 22, between you and mail.example.net.
LOCAL:
Flow: Client -> Port(2323) -> SSH- Tunnel Remote Host (2323)
Syntax:
ssh -L 2323:DestinationHost:2323 SSHD_Router_Server
Note: Port Forwarding in Solaris 10 supports ONLY TCP traffic
Note: -L next to is the localhost port
ssh -L 2323:linuxcbtmedial:80
Note: -L next to is the localhost port, which is being mapped to port 80
Note: Ensure that local port is free, and destination port is listening
Note: Default port forwarding provides connectivity ONLY to localhost
Cross-Check : telnet localhost 2323 Use ^] to print the web-page
netstat -anP tcp | grep 2323
rcapache2 start
rcsshd restart
svcs -l apache2 (services list) - maintenace mode
svcadm clear apache2 (service adm)
svcs -l apache2 - online
#### Remote-Desktop
rdesktop -f -a 16 ip
###### Remote Port Forwarding ###########
Note: Remote port forwarding instructs remote server's SSHD to bind to a port that becomes available to the remote system's users
ssh -R 2424:LocalHost:80 linuxcbtmedia1
ssh -R 2424:localhost:80 linuxcbtmedia1
Note: -R next to is the Remote port of the machine
### Share locally and remotely forwarded ports ###
ssh -g -L 2323:linuxgoogle:80 linuxgooglel (Makes available in the entire subnet)
ssh -g -R 2424:localhost:80 linuxgoogle
##Remote forwarded port #### Reverse Tunnel
ssh -R2245:127.0.0.1:22 load_runner
## Jump into Real Machine
ssh load_runner@127.0.0.1 -p 2245
#################
/bin/ps -ef | grep dhclient | sed -n '1p' | awk {'print $2'} | xargs kill -9
#Exec
The exec() family of functions will initiate a program from within a program. They are also various front-end functions to execve().
The functions return an integer error code. (0=Ok/-1=Fail).
An exec command redirects stdin to a file
#fd
File descriptors 0, 1 and 2 are reserved for stdin, stdout and stderr respectively. However, bash shell allows you to assign a file descriptor to an input file or output file. This is done to improve file reading and writing performance. This is known as user defined file descriptors.
exec fd> output.txt
* where, fd >= 3
Eg:
exec 3> /tmp/output.txt
echo "This is a test" >&3
date >&3
exec 3<&-
############# Iptables #################
route add -net 10.10.20.0/24 gw 192.168.155.138 ( Making gateway as the vx64 box )
ping 10.10.20.81 ( pinging the compute node ) (If not pinging add iptables rules to vx64 box)
iptables -t nat -A POSTROUTING -o eth+ -j MASQUERADE
cat /proc/sys/net/ipv4/ip_forward
echo "1"> /proc/sys/net/ipv4/ip_forward
## Parameters Passing in Bash Shell scripts ##
This is a simple alternative to using getopts to parse parameters in a BASH shell script which makes use of the powerful parameter substitution functions in BASH. It should be sufficient for most scripts:
until [[ ! "$*" ]]; do
if [[ ${1:0:2} = '--' ]]; then
PAIR=${1:2}
PARAMETER=`echo ${PAIR%=*} | tr [:lower:] [:upper:]`
eval P_$PARAMETER=${PAIR##*=}
fi
shift
done
--name=value or --flagExample output./test.sh --number=123 --show
+ [[ ! -n --number=123 --show ]]
+ [[ -- = \-\- ]]
+ PAIR=number=123
+ echo number=123
number=123
++ echo number
++ tr '[:lower:]' '[:upper:]'
+ PARAMETER=NUMBER
+ echo NUMBER
NUMBER
+ eval P_NUMBER=123
++ P_NUMBER=123
+ shift
+ [[ ! -n --show ]]
+ [[ -- = \-\- ]]
+ PAIR=show
+ echo show
show
++ echo show
++ tr '[:lower:]' '[:upper:]'
+ PARAMETER=SHOW
+ echo SHOW
SHOW
+ eval P_SHOW=show
++ P_SHOW=show
+ shift
+ [[ ! -n '' ]]
+ set +x
No comments:
Post a Comment