Tunnelling UDP Traffic Through An SSH Connection: Difference between revisions

From MediaWiki
Jump to navigationJump to search
Line 50: Line 50:
== Use: "'''nc'''" To Translate UDP To TCP On The Local Side ==
== Use: "'''nc'''" To Translate UDP To TCP On The Local Side ==


 
Once again we will need to create a "'''[http://en.wikipedia.org/wiki/FIFO fifo]'''" and use "'''[http://en.wikipedia.org/wiki/Netcat nc]'''" for network protocol translation.


<div class="screen">
<div class="screen">
   <div class="screenTitle">FIFO Creation</div>
   <div class="screenTitle">FIFO Creation - Local</div>
   <div class="userInput"><span class="prompt">[root@probe-biostar ~]# </span>/usr/bin/mkfifo "/tmp/fifo";</div>
   <div class="userInput"><span class="prompt">[root@probe ~]# </span>/usr/bin/mkfifo "/tmp/fifo";</div>
   <div class="userInput"><span class="prompt">[root@probe-biostar ~]# </span>/bin/ls -al "/tmp/fifo";</div>
   <div class="userInput"><span class="prompt">[root@probe ~]# </span>/bin/ls -al "/tmp/fifo";</div>
     <pre class="computerOutput">
     <pre class="computerOutput">
prw-r--r-- 1 root root 0 Mar 22 19:37 /tmp/fifo
prw-r--r-- 1 root root 0 Mar 22 19:37 /tmp/fifo
</pre><div class="userInput"><span class="prompt">[root@probe-biostar ~]# </span></div>
</pre><div class="userInput"><span class="prompt">[root@probe ~]# </span></div>
</div>
</div>




Next we will use "'''[http://en.wikipedia.org/wiki/Netcat nc]'''" ('''[http://en.wikipedia.org/wiki/Netcat netcat]''') the "'''TCP/IP Swiss Army Knife'''" to perform the '''TCP/IP''' to '''UDP''' translation.
Now perform the '''UDP''' to '''TCP/IP''' translation.


<div class="screen">
<div class="screen">
   <div class="screenTitle">TCP To UDP Network Traffic Translation Using: "nc"</div>
   <div class="screenTitle">TCP To UDP Network Traffic Translation Using: "nc"</div>
   <div class="userInput"><span class="prompt">[root@probe-biostar ~]# </span>/usr/bin/nc -l 9999 <nowiki><</nowiki> "/tmp/fifo" | /usr/bin/nc -u 172.19.1.28 623 <nowiki>></nowiki> "/tmp/fifo";</div>
   <div class="userInput"><span class="prompt">[root@probe ~]# </span>/usr/bin/nc -l 9999 <nowiki><</nowiki> "/tmp/fifo" | /usr/bin/nc -u 172.19.1.28 623 <nowiki>></nowiki> "/tmp/fifo";</div>
</div>
</div>

Revision as of 19:57, 22 March 2007

Overview

This section describes how to use NST to tunnel a UDP traffic conversation through a SSH connection. For our example we will tunnel IPMItool traffic (UDP Port: "623") through an SSH connection to a Sun Fire X4200 server's Integrated Lights Out Manager (ILOM) service processor network interface. Three systems are involved, 2 NST probes and the X4200 server. Reference information was taken from: "Performing UDP tunneling through an SSH connection".

Step By Step Instructions:

Tunnel A TCP Forward Port Through SSH

First we need to establish the tunnel for a "non-used" TCP port from the local NST probe to the remote NST probe SSH server which shares the same LAN as the destination X4200 server.

Establish An SSH Connection With TCP Port Forwarding
[root@probe tmp]# /usr/bin/ssh -p 31222 -L 9999:localhost:9999 root@55.44.22.178;
root@55.44.22.178's password:
Last login: Thu Mar 22 11:18:59 2007 from cpe-72-222-76-188.nycaper.res.rdr.com

===============================================
= Linux Network Security Toolkit (NST v1.5.0) =
===============================================

[root@probe-biostar ~]#

In this example SSH traffic is being NATed through a firewall. The SSH filtered port at the dirty side of the firewall is: "31222". We have chosen to use TCP port forwarding for the "non-used" TCP port: "9999". The remote NST probe's IP Address is: "55.44.22.178". On the local NST probe, TCP port: "9999" is bound to the localhost IP Address: "127.0.0.1".

Use: "nc" To Translate TCP To UDP On The SSH Server Side

On the remote NST probe (SSH server side), we need to open a port listener for TCP port: "9999" and translate all network traffic to UDP port: "623" for the IP Address assigned to the X4200 server's ILOM network interface.

We will first need to create a "fifo". The "fifo" will be necessary to maintain a two-way communication channel between the TCP port listener and the ILOM UDP port. A simple shell pipe would NOT work. It would only communicate left process' standard output to right process' standard input. We will use the Linux command: "mkfifo" to establish the "fifo".

FIFO Creation - Remote
[root@probe-biostar ~]# /usr/bin/mkfifo "/tmp/fifo";
[root@probe-biostar ~]# /bin/ls -al "/tmp/fifo";
prw-r--r-- 1 root root 0 Mar 22 19:37 /tmp/fifo
[root@probe-biostar ~]#


Next we will use "nc" (netcat) the "TCP/IP Swiss Army Knife" to perform the TCP/IP to UDP translation.

TCP To UDP Network Traffic Translation Using: "nc"
[root@probe-biostar ~]# /usr/bin/nc -l 9999 < "/tmp/fifo" | /usr/bin/nc -u 172.19.1.28 623 > "/tmp/fifo";

This command sequence will allow all TCP traffic on the remote NST probe for port: "9999" to be forwarded using the UDP network protocol to the X4200 server's ILOM network interface: 172.19.1.28, UDP port: "623" and receive network traffic responses back.

Use: "nc" To Translate UDP To TCP On The Local Side

Once again we will need to create a "fifo" and use "nc" for network protocol translation.

FIFO Creation - Local
[root@probe ~]# /usr/bin/mkfifo "/tmp/fifo";
[root@probe ~]# /bin/ls -al "/tmp/fifo";
prw-r--r-- 1 root root 0 Mar 22 19:37 /tmp/fifo
[root@probe ~]#


Now perform the UDP to TCP/IP translation.

TCP To UDP Network Traffic Translation Using: "nc"
[root@probe ~]# /usr/bin/nc -l 9999 < "/tmp/fifo" | /usr/bin/nc -u 172.19.1.28 623 > "/tmp/fifo";