Connecting to any server behind a firewall through putty and 3proxy

There are two ways to create an SSH tunnel, local and remote port forwarding. In this post I will discuss remote port forwarding.

Say that you’re developing a distributed system monitoring application on your local machine, and you’d like to show it to a volunteer tester (IP: 12.34.56.78). Unfortunately your ISP didn’t provide you with a public IP address, so it’s not possible to connect to your machine directly via the internet.

Sometimes this can be solved by configuring NAT (Network Address Translation) on your router, but this doesn’t always work, and it requires you to change the configuration on your router, which isn’t always desirable. This solution also doesn’t work when you don’t have admin access on your network.

To fix this problem you need to have another computer, which is publicly accessible and have SSH access to it. It can be any server on the internet, as long as you can connect to it. We’ll tell SSH to make a tunnel that opens up a new port on the server, and connects it to a local port on your machine.

Many tutorials show you connect to a Linux server from local Linux server, and create SSH tunnel by this means. The command looks like:

$ ssh -R 9000:localhost:3000 user@example.com

In this post I will use putty on Windows.

Step by Step Guide

Note: First you should please download putty and 3proxy. They are both free software.

1.      Connect to 85.125.100.20 from local computer 192.168.1.99.

2.       Click SSH -> Tunnels, and fill in information like this.

3.       Click Add button. Dialog looks like:

4.       Click Open, fill in user name and password, and connect to 85.125.100.20.

Now the tunnel is established. If you access 85.125.100.20:1080, the request will be forwarded to 192.168.1.99:1080.

To access all computers in LAN 192.168.1.0/24, we need to start a sock5 proxy on 192.168.1.99.

Download the 3proxy from http://3proxy.ru/

Please unzip the 3proxy installation package, and create a file named my.cfg by notepad. The content of my.cfg is listed below:

timeouts 1 5 30 60 180 1800 15 60
log "c:\temp\3proxy.log\3proxy.log" D
logformat "- +_L%t.%. %N.%p %E %U %C:%c %R:%r %O %I %h %T"
internal 127.0.0.1
auth none
allow *
nserver 192.168.1.1
nscache 65536
socks

And then start the proxy server in dos prompt.

Now the 12.34.56.78 is able to access all servers behind the NAT. For example you want to access SSH server 192.168.1.100:22. The proxy setting similar to:

About the Author

Williams Voon, experienced java programmer. Chief system analyst of the 3 software: Rep2excel, EasyHA System Monitoring Tool. GTD Excel Report Server.

Facebook: http://tinyurl.com/mqbhpct