tunneling interview questions
Top tunneling frequently asked interview questions
Is it possible to set up an SSH tunnel with dynamic port forwarding like this:
ssh -D username@server.com
but do it the other way around? That's to say I want to initiate the connection on my local machine and have the dynamic port forwarding happen there, and have my friend connect his browser to the other end of the tunnel.
The above works perfectly if my friend types the above but I don't want to give him ssh access to my machine, just let him proxy his browser though it.
Source: (StackOverflow)
I am currently trying to work out how to SSH to servers behind firewalls that deny all incoming connections. The servers can SSH out, so I am wondering if there is a way to get the server behind the firewall to create an SSH tunnel to my workstation, then allow my workstation to send commands back to the server through it?
I have looked into tunneling / reverse tunneling, but these appear to be port forwarding solutions, which will not work as the firewall denies all connections on all ports.
Ideally, I would like to do this in Ruby (using the Net::SSH gem), such that instead of opening a new connection like:
Net::SSH.start('host', 'user', :password => "password")
I could somehow bind to an existing tunnel.
Thanks!
Source: (StackOverflow)
I have written a small bash script which needs an ssh tunnel to draw data from a remote server, so it prompts the user:
echo "Please open an ssh tunnel using 'ssh -L 6000:localhost:5432 example.com'"
I would like to check whether the user had opened this tunnel, and exit with an error message if no tunnel exist. Is there any way to query the ssh tunnel, i.e. check if the local port 6000 is really tunneled to that server?
Thanks,
Adam
Source: (StackOverflow)
Hi i am getting weird effect in my SpriteKit
game.
I have wall around screen,
which i had created staticbody
by using bodyWithEdgeLoopFromRect
.
By doing skView.showsPhysics = YES;
all bodies are also shown in screen.
I have ball in screen. Which having dynamic body
.
sometime when i do provide Force
to ball it pass throgh that static wall!!!
How it can be possible??
Though i can see both bodies in screen , dynamic ball sometime pass through static wall.
I also given usesPreciseCollisionDetection = YES;
property to both physics bodies
.
But it doesn't prevent this issue.
How can i prevent this issue?
Source: (StackOverflow)
First time in Stackoverflow and I'm hoping someone can help me.
I'm looking at a proof of concept to pass RDP traffic through a TCP Proxy/tunnel which will pass through firewalls using HTTPS.
The problem has to do with deploying images to machines and so it can't be assumed that the .NET framework will be present, so C++ is being used at the deployment end of a connection.
The basic system I have at present is a program which listens for client connections on a port then passes any data to a WCF service which stores it as a byte array. A deployment machine (using GSoap and C++) polls the WCF service for messages and if it finds them then passes the data onto the target server process via sockets. I know this sounds horrible, but it works for simple test clients and server passing data to and from simple test client and server programs via this WCF/C++/C# proxy layer.
But I have to support traffic from RDP, VNC and possibly others, so I need a transparent proxy to do this and am wondering whether the above approach is worth pursuing. I've read up on SSH tunneling and that seems a possibility. My basic question is is it possible to tunnel RDP traffic over HTTPS using custom code.
Thanks John
Source: (StackOverflow)
I am trying to develop a socks tunneling application in c# that is able to open a website by using add and modified header requests (something similar to Modify Header Firefox Addon) and tunnel the data through a proxy (socks preferable). Please can anyone specify any resources I might need for this? Or any alternative that can perform the same function, open source that I can build on maybe, etc. Thanks!
ps: the applications should also be able to open https and other common network protocols
Source: (StackOverflow)
I'm trying to interconnect two socket clients connected to a single remote server.
The case is:
- Client_1] connect to the server
- Client_2] connect to the server
- Server] create a tunnel between Client_1 and Client_2
- Client_1] write "something"
- Client_2] (that is waiting for some messages) receive "something" by Client_1
and viceversa.
That's my code:
package jtestsock;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
import java.net.ServerSocket;
import java.net.Socket;
import java.util.List;
/**
*
* @author massimodeluisa
*/
public class Server extends Thread{
private List<Socket> clients;
private ServerSocket server;
private int port = 5001;
private BufferedReader input;
private PrintWriter output;
public Server() {
try {
server = new ServerSocket(port);
} catch (IOException e) {
System.out.println("Impossibile istanziare il server: "+e.getMessage());
}
}
@Override
public void run() {
System.out.println("Waiting for client message...");
//
// The server do a loop here to accept all connection initiated by the
// client application.
//
while (true) {
try {
Socket socket = server.accept();
System.out.println("Connection Received!");
clients.add(socket);
/* read response */
input = new BufferedReader(
new InputStreamReader(
socket.getInputStream()));
output = new PrintWriter(
new BufferedWriter(
new OutputStreamWriter(
socket.getOutputStream())));
if(clients.size()>0){
Socket first = new Socket();
Socket second = new Socket();
first = clients.get(1);
second= clients.get(2); // || second = socket;
// ??? Tunneling input and output between two clients
}
} catch (IOException e) {
System.out.println("Client connection error: "+e.getMessage());
}
}
}
}
Can anyone help me please?
Thanks :)
Update:
clients.size()>0 should be >=2 as you would want to have atleast two sockets not just one – boxed__l 6
Sorry, you're right...thanks!
Update:
Do you plan on only having 2 clients? Because one thing you can do is when one client sends information to the server you could relay that information to the other client. If you plan on having multiple clients though, I would suggest assigning each client a UID. – Josh M 10 mins ago
Yes, i would like to make a Point to Point connection between two client, passing to my server, like a proxy server...
The server must accept more than two connection, and making two thread on server for writing and reading that redirect messages from one client two the other, the CPU will be saturated.
(Ps. sorry for my English XD)
Source: (StackOverflow)
I set up facebooker to tunnel my Ruby on Rails application.
The issue is that I would like to test locally. That is, I don't want to have to start a tunnel every time I want to see my changes.
Right now, when I start the application using ruby script/server
(not calling rake facebooker:tunnel:background_start
beforehand), links created by helpers (e.g., stylesheet_link_tag, javascript_include_tag, image_tag) are prepended with my tunnlr address: http://web1.tunnlr.com:myPort/. (For example, a CSS link looks like this in the page source: http://web1.tunnlr.com:myPort//stylesheets/appName.css?1234567890.)
I don't want that functionality; I can't see my CSS or JavaScript changes without having to start the tunnel first. I want the links to be relative, not absolute. So, stylesheet_link_tag
should produce /stylesheets/appName.css?1234567890
.
Does anyone know why it's doing that in the first place and how to fix it?
Thanks in advance.
Source: (StackOverflow)
The majority of sim accounts are public dynamic. Most if not all cellular providers do not allow incoming connections to public dynamic ip addresses. (3g anyway, maybe not 4g/LTE)
The issue of connecting is not one of dynamic ips, but rather blocked incoming ports.
So, if I wanted to stream video from an android phone on demand (based on information gleaned from this conversation (Streaming video from Android camera to server)), what would be the chain of events to properly intitiate a connection.
My idea of this (roughly):
- app on android phone initiates and keeps open some sort of connection to media server (wowza or something).
- At some point when server wants video from phone, it uses the open connection to request a video stream.
- Android phone pushes rtsp stream to server.
Is this correct, and if so, what type of connection should i use as the permanent control connection. Also, is it possible to push rtsp or would i have to do something else?
Thanks!
Source: (StackOverflow)
I am trying to ssh from Computer-A to Computer-C by tunnelling through Computer-B with the key on Computer-B. I have already shared keys from Computer-A to Computer-B and from Computer-B to Computer-C
This works on computerA to connect to computerC without a password or intervention:
ssh -t computerB ssh computerC
If I put this same command in my ssh_config on computerA it just hangs
Host = computerC
ProxyCommand = ssh -t computerB ssh computerC
i get the following error:
Pseudo-terminal will not be allocated because stdin is not a terminal.
Source: (StackOverflow)
ssh -D 9191 ronald@ssh.somehost.com will create a socks proxy locally that will tunnel all traffic through the remote host. Is it possible to build this in to an application C++ or C and make it possible for this application direct all its traffic through the tunnel?
Short question:
Are there any embeddable socks proxy servers that tunnels traffic through a remote host via ssh? just like ssh -D xxxx ...
Source: (StackOverflow)
I'm currently working on an application and I would like to know if http tunneling can be used to bypass a router port-forward or uPnP? If so how can it be done and do I need an external server to pass the info to it?
I'm coding in C++ so I would appreciate if the answers refer to this operating language. If not, it's OK because I can redo the code in C++, if possible.
Thanks.
Source: (StackOverflow)
I am trying to use a python script to get an SQL dump from a remote host, with an intermediate host as proxy, like so:
local machine -> proxy -> remote
The proxy needs to be there because the remote host only allows connections through that proxy.
Note: I am aware of a similar question at How to connect to a database through a Paramiko Tunnel (or similar package) but the solution seems to be specific to PostgreSQL.
I am making the connection using SSH via paramiko. I am aware that forward.py is the paramiko example for port forwarding, but I am not sure if I am using it correctly. This is what I did (PX=proxy, RMT=remote):
forward.py --password --host=PX --port=PXport --user=PXusr RMT:RMTport
And I get this result:
*** Unable to open host keys file
*** Warning: no host key for PX
Connecting to ssh host PX:PXport ...
Now forwarding port 4000 to RMT:RMTport ...
The script then gets stuck at the last line.
Q1: Does anyone have an example of how to use paramiko's forward.py to connect to remote host via proxy?
Q2: After connection is established, is it possible to programatically execute shell commands on the remote host?
Source: (StackOverflow)
I am trying to write a tunneling program in C that will take UDP packets from a TUNTAP interface and send them to a serial interface.
What I do is allocate the interface from the clone device /dev/net/tun, turn it on and give it an ip address :
int tun_setup(char *dev, int flags) {
struct sockaddr_in my_addr;
struct ifreq ifr;
int fd, err;
string clonedev = "/dev/net/tun";
// Open clone device file descriptor
if( (fd = open(clonedev.c_str() , O_RDWR)) < 0 ) {
perror("Opening /dev/net/tun");
return fd;
}
// Initialise interface parameters structure
memset(&ifr, 0, sizeof(ifr));
// Set up flags
ifr.ifr_flags = flags;
// Set up interface name
if (*dev) {
strncpy(ifr.ifr_name, dev, IFNAMSIZ);
}
// Put interface in TUN mode
if( (err = ioctl(fd, TUNSETIFF, (void *)&ifr)) < 0 ) {
perror("ioctl(TUNSETIFF)");
close(fd);
return err;
}
strcpy(dev, ifr.ifr_name);
// Create a socket
if ( (s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
perror("socket");
exit(1);
}
// Get interface flags
if (ioctl(s, SIOCGIFFLAGS, &ifr) < 0) {
perror("cannot get interface flags");
exit(1);
}
// Turn on interface
ifr.ifr_flags |= IFF_UP;
if (ioctl(s, SIOCSIFFLAGS, &ifr) < 0) {
fprintf(stderr, "ifup: failed ");
perror(ifr.ifr_name);
exit(1);
}
// Set interface address
bzero((char *) &my_addr, sizeof(my_addr));
my_addr.sin_family = AF_INET;
my_addr.sin_addr.s_addr = htonl(inet_network("192.168.2.1"));
memcpy(&ifr.ifr_addr, &my_addr, sizeof(struct sockaddr));
if (ioctl(s, SIOCSIFADDR, &ifr) < 0) {
fprintf(stderr, "Cannot set IP address. ");
perror(ifr.ifr_name);
exit(1);
}
// Return interface file descriptor
return fd;
}
Then I create a thread that will poll() on the file descriptor of the created interface and do read() + some other stuff when an event occurs.
void* tun_readThreadProc (void* param) {
struct pollfd fds[1];
int nread;
unsigned char buffer[BUFFERSIZE];
fds[0].fd = tun_fd;
fds[0].events = POLLIN;
printf("%s : Entered. tun_fd = %d \n",__FUNCTION__,tun_fd);
for(;;)
{
printf("%s : Entered loop\n",__FUNCTION__);
if((poll(fds, 1, -1)) == -1)
{
perror("poll");
exit(1);
}
printf("%s : Poll sensed something\n",__FUNCTION__);
if((nread = read(tun_fd, buffer, BUFFERSIZE)) < 0)
{
perror("read");
close(tun_fd);
exit(1);
}
printf("%s : Read something : %d bytes\n",__FUNCTION__,nread);
}
return 0;
}
On an other part of the program, I bind a UDP socket to the IP address of this TUNTAP interface.
void socketInit( void )
{
int on = 1;
struct sockaddr_in my_addr;
unsigned short DefaultPort = 47808;
// Create a socket
if ( (s1 = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
perror("socket");
exit(1);
}
// Bind to it
bzero((char *) &my_addr, sizeof(my_addr));
my_addr.sin_family = AF_INET;
my_addr.sin_addr.s_addr = htonl(inet_network("192.168.2.1"));
my_addr.sin_port = htons(DefaultPort);
if ( (bind(s, (struct sockaddr *) &my_addr, sizeof(my_addr)) < 0) ) {
perror("bind");
}
// Allow it to broadcast
if (setsockopt(s, SOL_SOCKET, SO_BROADCAST, (char *)&on, sizeof(on)) < 0) {
perror("setsockopt");
}
}
In another function, I use sendto() to send packets with this socket. I am supposed to capture those packets with the poll() + read() thread and then send them on a serial port but poll() never captures events on the TUNTAP interface.
I can ping through this interface by using ping -I tun0 [some destination] (tun0 = name of the TUNTAP interface)
But if I use ping -I 192.168.2.1 [some destination] (192.168.2.1 = TUNTAP interface address) it goes through the default interface (eth0, the physical NIC).
I was able to verify that with Wireshark.
This is most probably an ip route configuration problem...
I would be really glad if anybody can help me.
Source: (StackOverflow)
I have a machine running an ftp server and I'd like to access it from a machine located on another network behind a router only authorizing port 80.
I was thinking of a ssh tunnel like:
ssh -L local_port:${ftphost}:20 user@{sshhost}
Where ${sshhost} is another machine that have access to the ftp server ${ftphost}.
${sshhost} is reachable from my host while ${ftphost} is only reachable from ${sshhost} not mine.
Would that be the best solution ?
Source: (StackOverflow)