Server access How to configure firewall for port forwarding

When you use a laptop on a public wireless access point, the only way to fix the security problem is when you access resources through their network, you pay attention to what you choose and how you access those resources. To a large extent, this means you should avoid logging into your bank's web site and so on, not shopping online, or sending sensitive data through this network. Even if the suspected Web site uses the encryption of the login session, it does not mean that you are not being attacked by some sort of middleman, or that you are being attacked by some other deception that you cannot control.

However, there are ways to protect you so you can access the resources that require you to send sensitive data over the network multiple times. One way is to use a secure, transparent proxy service. Any kind of Web Proxy service is difficult for general users to install and configure, but if you only need an encrypted connection to a transparent proxy without additional action, and you use the right tools, the Web Proxy service is relatively simple to implement. Fortunately, this "right tool" is easy to get.

In the following example, we assume that you are using a Linux, BSD UNIX, or commercial Unix-like system in your home as a proxy server. We also assume that you have a continuous Internet connection at home, such as an Internet connection that is implemented through a typical DSL connection.

Server access

The first step in setting up access to your transparent proxy is to configure the home network's firewall so that it can move an SSH port to the computer you want to use as a transparent proxy. You have a firewall on your home computer to provide secure access, right? If you have not, then I suggest you do not read the article, first to correct the problem. Connecting directly to the Internet without a firewall is definitely a bad unsafe practice.

The process of configuring a firewall to implement port forwarding can be said to be very diverse. Most consumer-level router/firewall devices you can buy provide port forwarding capabilities that users can easily handle. If you run your own Linux or BSD-based firewall on some kind of old hardware, you may need to know how to complete the setup.

We assume that you have configured an Internet-facing firewall to receive SSH connections on port 2200 and to transfer these connections to port 22nd on a UNIX-like system on your internal network. You'd better not use a firewall as a proxy server, although this is possible, and even easy to implement. You have to be sure that you have secured SSH security on the proxy server and can safely handle common brute force password attacks.

You must also ensure that your server accesses the Internet via the firewall in HTTP mode.

Finally, in order to connect to your home network from an external network, you must know which IP address you can use. This may need to be treated with caution. For service providers who assign a relatively stable IP address, you must find out what this IP address is and make sure that you do not lose it. You can save it to a text file in your laptop.

If your ISP frequently changes your IP address, you may need to take more stringent measures. There are now many services that can resolve DNS domain names to dynamic IP addresses, for example, you can point to a domain name on a Web server in a home, even if your IP address changes frequently. This is a possible solution to this problem, and it may be the simplest solution. When the IP address changes, a client of these services needs to be installed on a computer in the home to notify the service's DNS server.

Encrypted proxy connections

Using one of the remaining steps to get to the home Web Proxy to encrypt the connection process is done on the client computer, possibly on your laptop, and installing a generic UNIX-like operating system (such as Debian Gnu/linux or FreeBSD) on such a machine is not difficult. We will assume that you are currently using one of these operating systems.

If you are using a dynamic DNS resolution service, you may need to replace the IP address in the example below with the domain name that you are using. In this case, for the sake of convenience, we assume that you are using a static IP address of 25.10.101.250. Creating your encrypted proxy connection requires entering a command similar to the following:

$ ssh-d 8080-p 2200 2881064151 [email protected]

The "username" section should be replaced with a normal user account name on the proxy server. This command creates a local transparent proxy on port 8080 that forwards all incoming traffic to the 25.10.101.250 2200 port.

The last thing you need to do to make everything work is to tell your Web browser application to use port 8080 on the local system for all connections. For example, in Firefox, you can open the Options dialog box, click the Advanced tab, click the Network tab under it, and click the Settings button to the right of the Connection tab box.

Server access How to configure firewall for port forwarding