Tunneling traffic through a network is a powerful technique that allows the secure transmission of data between two systems. This technique can be used to bypass intermediate networks or firewalls and provide a secure means of transmitting data. Three such techniques that can be employed to tunnel traffic through a network are iptables port bends, SSH tunnels, and netsh port proxies. In this article, we will discuss these techniques in detail and how they can be combined to create a robust solution for transmitting data over unsecured networks.

Iptables Port Bends

Iptables is a popular Linux firewall tool that can filter incoming and outgoing network traffic based on specific rules. The nat table of iptables can be used to forward network traffic from one port to another. This technique is known as iptables port bending.

Iptables port bending is a useful technique for forwarding traffic from one host to another. It is also useful for bypassing firewalls or network restrictions. To perform iptables port bending, you need to use the “nat” table of iptables. The nat table is responsible for network address translation (NAT) and is used to redirect incoming traffic from one port to another.

The following command can be used to forward incoming traffic from port 8080 on System A to port 80 on System B using iptables:

iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination System_B_IP:80

In the above example, “System_B_IP” specifies the IP address of System B.

Diagram

SSDDPooeeruussorrtttcciioPR--SSSDDPeenncRup-j-yooeerOaaoEldtsuussorIPttlRetpDotrrtttiPoii:iO:coN-ecciiog:roopUprAdmeenncitnnTtTtTe_aaon1:CaIsBIPttla0IPPbN8t_Poii:l.APolG0iI:roo0n:re8nPtnnTP.ytsC0a:1:Ca01:ht80IPPc.0ai0.APok2.8io0n:re00nn.ytt.80S:00.y.2s81t0em_BSSDDPooeeruussoPR--SrrtttOup-j-yTcciioSldtsreenncTetpSotaaaoiR:coN-enIPttlpOprAsmsPoii:tUtTo_l:rooaTuAatnnTbI8r_t1:ClN0cIe0IPPeGePd.APos0n:rCP.ytha0S:ac.yik2s8net0tem_B

When a packet arrives at the system with the original IP address 10.0.0.1 and port 8080, it matches the rule added by the given iptables command. The DNAT action is performed, which changes the destination IP address and port of the packet to System_B_IP:80.

The packet is then routed towards System_B instead of 10.0.0.1. When the packet reaches System_B, it appears to have been sent to it directly, and System_B sends its response directly back to the original sender 10.0.0.2.

On the way back, the packet matches the POSTROUTING chain rule, which performs the SNAT action, changing the source IP address of the packet to System_A_IP. This is done so that when the response packet reaches the original sender 10.0.0.2, it appears to have come from the system that executed the iptables command, rather than from System_B.

The result is that the original sender 10.0.0.2 is able to communicate with System_B on port 80, even though the original packet was sent to 10.0.0.1 on port 8080.

SSH Tunnels

SSH tunnels are a secure way of transmitting data over an unsecured network. An SSH tunnel creates an encrypted connection between two systems, providing a secure means of transmitting data. SSH tunnels are a popular technique for bypassing firewalls and other network restrictions.

SSH tunnels can be used to forward network traffic from one port on the local system to another port on a remote system. This means that any traffic sent to the local port will be forwarded to the remote system’s port.

The following command can be used to forward traffic from port 8080 on System A to port 80 on System B using an SSH tunnel:

ssh -L 8080:System_B_IP:80 user@System_B_IP

In the above example, “System_B_IP” specifies the IP address of System B.

Diagram

SdSoyaSnseHtmpeolomnirE_stnA(tc'TTe8asCCn0pPPi8sSn0uS28glH20a)8t0ed(StSrHa)fficverTCPSdRlp2yaeio2semsrtmott(eoteSmnen8S_i0HB(pn)'TrgsCToPCcoSPenS2sH28s)0

This diagram shows the flow of traffic between a local Firefox process and a remote web server over an SSH connection established between the local SSH daemon and the remote SSH daemon. The traffic from the local Firefox process is encapsulated in the SSH tunnel, which provides encryption and security for the data being transmitted. The encapsulated data is sent over the internet using TCP port 22 from the local system to the remote system, where it is received by the remote SSH daemon and forwarded to the web server listening on TCP port 80. The boxes in the diagram represent the different components involved in the communication, and the labels show the TCP ports used for the connections between those components.

Netsh Port Proxies

Netsh is a Windows tool that can be used to redirect network traffic from one address and port to another address and port. Netsh port proxies allow administrators to configure port forwarding, which is useful for bypassing firewalls or other network restrictions.

Netsh port proxies can also be used to create a secure connection between two systems by encrypting the traffic between them. The following command can be used to forward incoming traffic from port 8080 on System A to port 80 on System B using netsh:

netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=80 connectaddress=System_B_IP

In the above example, “System_B_IP” specifies the IP address of System B.

Combining Techniques

Each of these techniques can be used independently to tunnel traffic through a network. However, when used in combination, they can provide a robust solution for transmitting data over unsecured networks.

For example, let’s say that System A needs to access a database server on System C, but there is a firewall blocking the connection. One solution would be to use SSH tunnels to create an encrypted connection between System A and System B, and then use iptables port bends or netsh port proxies to forward the traffic to System C.

Here’s how it can be done:

Set up an SSH tunnel from System A to System B, forwarding port 8080 on System A to port 8080 on System B:

ssh -L 8080:localhost:8080 user@System_B_IP

On System B, use iptables or netsh to forward traffic from port 8080 to port 80 on System C: Using iptables:

iptables -t nat -A PREROUTING -p tcp --dport 8080 -j DNAT --to-destination System_C_IP:80

Using netsh:

netsh interface portproxy add v4tov4 listenport=8080 listenaddress=0.0.0.0 connectport=80 connectaddress=System_C_IP

In both cases, “System_C_IP” specifies the IP address of System C.

With this setup, any traffic sent to port 8080 on System A will be forwarded to port 80 on System C, bypassing the firewall that is blocking the connection. The traffic is encrypted during transmission, providing a secure means of transmitting data over an unsecured network.

Diagram

SystemEHn(TAc8TSr0PSy8Hp0t)(e2d2)TSCyPstemFBo(r8w0a)rdedSTyCsPtemC

The sequence begins with System A establishing an SSH tunnel with System B over TCP port 22. System A then sends an encrypted TCP packet to System B on port 8080 through the SSH tunnel. System B forwards the traffic from port 8080 to port 80 on System C using iptables port bending. The database server on System C receives the traffic and responds by sending an HTTP response back to System A through the same forwarded TCP connection on port 80.

Conclusion

Tunneling traffic through a network is an important technique for transmitting data securely over unsecured networks. The techniques of iptables port bends, SSH tunnels, and netsh port proxies can be used to tunnel traffic through a network. Each technique can be used independently, but when used in combination, they provide a robust solution for transmitting data over unsecured networks. When it comes to securing the transmission of data, administrators have several tools at their disposal, and a combination of these techniques can be a valuable addition to any security arsenal.