Is there such thing like a port forwarding service out in the internet?

3

1

I'm looking for a service on the internet allowing me to redirect TCP connections.

My company's firewall is very strict and allows only HTTP (through a transparent proxy) or SSL on only port 443. I managed to successfully build a tunnel by running stunnel on port 443 at home. The problem is: only one service can run on a port at a time! For example I can't run ownCloud and stunnel at the same time. I know I could tunnel SSH in stunnel and tunnel everything through SSH, but it's getting a pain (and multiple tunnels into each other).

If I would run several hosts on the internet (and not my 1 home IP address) I would simply configure IPTABLES to forward the SSL connection to my home IP/any port, and returning packets the other way around. This way I am end-to-end encrypted and simply multiplex services by IP numbers instead of port numbers.

I therefore have two questions:

  • Is this possible
  • Does it exist

Borph

Posted 2013-11-04T22:20:38.720

Reputation: 31

1

Did you consider running a SOCKS proxy at home and some kind of redirector at work like redsocks?

– pabouk – 2013-11-04T22:39:58.120

Definitely look into SOCKS proxies. – Timtech – 2013-11-04T22:57:47.427

3What is your company's policy on bypassing the firewall? – BillThor – 2013-11-05T00:51:08.257

1Thanks, SOCKS looks indeed promising. What I also saw was OpenVPN, which should use SSL, too. But I didn't get it working, strange, is the protocol any different from e.g. stunnel? – Borph – 2013-11-05T15:01:45.613

the firewall is at place for a very good reason. if you value your job do not attempt to bypass it since it most probably violates your company policies and your contract. – Lorenzo Von Matterhorn – 2013-11-29T00:28:42.607

Answers

0

You can use SOCKS proxy via ssh - simply run sshd on a port you can access (say 443) and then ssh -D 1080 .... Firefox can use SOCKS proxy native-ly (configuration) to access the internet (except for DNS, but you most likely have that). Other apps can use something like dante to socksify them and so on...

Other option is openvpn, squid... the new ssh versions can actually create openvpn-like tunnel (-w).

NB: You should first consult your system administrator. While you can bypass the firewall this way, it is not very nice, to say the least ;)

Doncho Gunchev

Posted 2013-11-04T22:20:38.720

Reputation: 111

As mentioned, SSL on port 443 is the only thing. SSH != SSL, so forbidden from the firewall regardless the port. The problem: only stunnel OR https possible, not both. – Borph – 2013-11-29T08:47:32.473

That implies level 7 firewall, nice! Buy a beer to your sysadmin for me. It was not very clear... Have you tried OpenVPN? It's SSL. – Doncho Gunchev – 2013-11-29T23:55:13.667

Asked: 2013-11-04T22:20:38.720

Viewed: 688 times

Active: 2013-11-29T00:19:21.033