Port Tunneling HOWTO

As almost everyone knows by now, the internet is not anonymous at all. There are numerous ways for someone, whether it be your Internet Service Provider, some curious onlooker, or a potential vandal, to see what you what articles and information you process when you are online. Whether that is right or not I don’t really care about, but what is annoying is someone restricting access to what you can use. Fortunately, there is OpenSSH, a free telnet-like service, which lets you remotely control a machine, but also encrypts everything on the way. The cool thing about it, though, is that we can use it as a secure channel to remotely send information, which no one in the middle can understand, since it is encrypted. Basically, what happens is that the client encrypts the information that it is about to send, and when the server receives the information, it decrypts it back into a normal packet and sends it to its appropriate destination. The opposite thing happens when the server sends information to a client. Therefore, it is possible to connect to a port which is restricted on the network you are on, as well as send and receive totally secure information between yourself and the ssh server. In order for this to work, you will need to have access to some remote ssh server that is outside of the network you feel uncomfortable with. A nice solution is to set up a ssh server at home, and then connect to it from work or school, where you are on the restricted network. If you’re using a Unix-like OS, just follow your distribution’s guides. If you’re using Windows, you can install cygwin or alternative try to get sshwindows working. Once you have it setup and running (you actually verified this), you should be able to connect to your server from the unsecure network. Although it is possible to use port tunneling for any port whatsoever, I will focus on port 80, known as http, which is restricted most of the time. If there is no ssh client on your client, and you are on Windows, you can always use plink, an ssh replacement, and replace all commands that start with “ssh” to start with “plink”. The syntax is such:

# ssh -l userName -v -L sourcePort:externalServer:DestPort sshServer

For instance, we will make a tunnel to ecks.homeunix.net (this site is always blocked). For the sourcePort, we will use 9999, although you can use any non-active port you choose.Thus, the command becomes such:

# ssh -l userName -v -L  9999:ecks.homeunix.net:80 mysshserver

After you login with your password, it should give you some diagnostic output as to what is going on. Next fire up your favorite web browser and type into the url field “”. If everything is done right, this site should be staring you in the face. You can now browse through it securely, without worrying about someone knowing what you are looking at. I hope you enjoyed this informative article. In the meantime, here is an article that explains tunneling in more detail:

securityfocus link


One Response to “Port Tunneling HOWTO”

  1. mr.Open Says:


    I guess it’s ok

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: