Tunneling traffic through a network is a powerful technique that allows the secure transmission of data between two systems. This technique can bypass intermediate networks or firewalls and provide a safe means of transmitting data. Three such techniques are iptables port bends, SSH tunnels, and netsh port proxies. This article will discuss these techniques in detail and how they can be combined to create a robust solution for transmitting data over unsecured networks.

Iptables Port Bends

Iptables is a popular Linux firewall tool that can filter incoming and outgoing network traffic based on specific rules. The nat table of iptables can forward network traffic from one port to another. This technique is known as iptables port bending.

Iptables port bending is a valuable technique for forwarding traffic from one host to another. It is also helpful for bypassing firewalls or network restrictions. To perform iptables port bending, you need to use the “nat” table of iptables. The nat table is responsible for network address translation (NAT) and redirects incoming traffic from one port to another.

The following command can be used to forward incoming traffic from port 8080 on System A to port 80 on System B using iptables:

iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination System_B_IP:80

In the above example, “System_B_IP” specifies the IP address of System B.

Diagram

SSDDPooeeruussorrtttcciioPR--SSSDDPeenncRup-j-yooeerOaaoEldtsuussorIPttlRetpDotrrtttiPoii:iO:coN-ecciiog:roopUprAdmeenncitnnTtTtTe_aaon1:CaIsBIPttla0IPPbN8t_Poii:l.APolG0iI:roo0n:re8nPtnnTP.ytsC0a:1:Ca01:ht80IPPc.0ai0.APok2.8io0n:re00nn.ytt.80S:00.y.2s81t0em_BSSDDPooeeruussoPR--SrrtttOup-j-yTcciioSldtsreenncTetpSotaaaoiR:coN-enIPttlpOprAsmsPoii:tUtTo_l:rooaTuAatnnTbI8r_t1:ClN0cIe0IPPeGePd.APos0n:rCP.ytha0S:ac.yik2s8net0tem_B

When a packet arrives at the system with the original IP address 10.0.0.1 and port 8080, it matches the rule the given iptables command added. The DNAT action is performed, which changes the destination IP address and port of the packet to System_B_IP:80.

The packet is then routed towards System_B instead of 10.0.0.1. When it reaches System_B, it appears to have been sent to it directly, and System_B sends its response back to the original sender, 10.0.0.2.

On the way back, the packet matches the POSTROUTING chain rule, which performs the SNAT action, changing the source IP address of the packet to System_A_IP. This is done so that when the response packet reaches the original sender 10.0.0.2, it appears to have come from the system that executed the iptables command rather than from System_B.

The original sender, 10.0.0.2, can communicate with System_B on port 80, even though the original packet was sent to 10.0.0.1 on port 8080.

SSH Tunnels

SSH tunnels are a secure way of transmitting data over an unsecured network. They create an encrypted connection between two systems, providing a safe means of transferring data. SSH tunnels are a popular technique for bypassing firewalls and other network restrictions.

SSH tunnels can be used to forward network traffic from one port on the local system to another port on a remote system. Any traffic sent to the local port will be forwarded to the remote system’s port.

The following command can be used to forward traffic from port 8080 on System A to port 80 on System B using an SSH tunnel:

ssh -L 8080:System_B_IP:80 user@System_B_IP

In the above example, “System_B_IP” specifies the IP address of System B.

Diagram

SdSoyaSnseHtmpeolomnirE_stnA(tc'TTe8asCCn0pPPi8sSn0uS28glH20a)8t0ed(StSrHa)fficverTCPSdRlp2yaeio2semsrtmott(eoteSmnen8S_i0HB(pn)'TrgsCToPCcoSPenS2sH28s)0

This diagram shows the traffic flow between a local Firefox process and a remote web server over an SSH connection established between the local SSH daemon and the remote SSH daemon. The traffic from the local Firefox process is encapsulated in the SSH tunnel, which provides encryption and security for the data being transmitted. The encapsulated data is sent over the internet using TCP port 22 from the local system to the remote system, where it is received by the remote SSH daemon and forwarded to the web server listening on TCP port 80. The boxes in the diagram represent the different components involved in the communication, and the labels show the TCP ports used for the connections between those components.

Netsh Port Proxies

Netsh is a Windows tool for redirecting network traffic from one address and port to another address and port. Netsh port proxies allow administrators to configure port forwarding, which is helpful for bypassing firewalls or other network restrictions.

Netsh port proxies can also create a secure connection between two systems by encrypting the traffic between them. The following command can be used to forward incoming traffic from port 8080 on System A to port 80 on System B using netsh:

netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=80 connectaddress=System_B_IP

In the above example, “System_B_IP” specifies the IP address of System B.

Combining Techniques

These techniques can be used independently to tunnel traffic through a network. However, combined, they can provide a robust solution for transmitting data over unsecured networks.

For example, let’s say that System A needs to access a database server on System C, but a firewall is blocking the connection. One solution would be to use SSH tunnels to create an encrypted connection between System A and System B and then use iptables port bends or netsh port proxies to forward the traffic to System C.

Here’s how it can be done:

Set up an SSH tunnel from System A to System B, forwarding port 8080 on System A to port 8080 on System B:

ssh -L 8080:localhost:8080 user@System_B_IP

On System B, use iptables or netsh to forward traffic from port 8080 to port 80 on System C: Using iptables:

iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination System_C_IP:80

Using netsh:

netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=80 connectaddress=System_C_IP

In both cases, “System_C_IP” specifies the IP address of System C.

With this setup, any traffic sent to port 8080 on System A will be forwarded to port 80 on System C, bypassing the firewall blocking the connection. The traffic is encrypted during transmission, providing a secure means of transmitting data over an unsecured network.

Diagram

SystemEHn(TAc8TSr0PSy8Hp0t)(e2d2)TSCyPstemFBo(r8w0a)rdedSTyCsPtemC

The sequence begins with System A establishing an SSH tunnel with System B over TCP port 22. System A sends an encrypted TCP packet to System B on port 8080 through the SSH tunnel. System B forwards the traffic from port 8080 to port 80 on System C using iptables port bending. The database server on System C receives the traffic and sends an HTTP response back to System A through the same forwarded TCP connection on port 80.

Conclusion

Tunneling traffic through a network is essential for transmitting data securely over unsecured networks. The methods of iptables port bends, SSH tunnels, and netsh port proxies can tunnel traffic through a network. Each technique can be used independently, but when combined, it provides a robust solution for transmitting data over unsecured networks. Administrators have several tools at their disposal when it comes to securing the transmission of data, and a combination of these techniques can be a valuable addition to any security arsenal.