Uses external hosts to penetrate the local network firewall, and hosts to penetrate the Network Firewall

Uses external hosts to penetrate the local network firewall, and hosts to penetrate the Network Firewall

This article mainly records a method to penetrate the local firewall, that is, reverse connection. I will write this article while studying and practicing it. The process may not be the most concise, but it only serves as a reference for myself and future generations.

What I need to achieve:

Host A used by the author. In Lan A, the author does not have the management permission of lan a, and lan a has A firewall, blocking the mail.163.com website; through A host in my own house (recorded as host B), host A can penetrate the firewall of lan a and access mail.163.com through host B.

However, host B does not exist, so this article will cover the process of using the most common resources to build host B and the entire forwarding system.

1. Create an Internet host

Environment: Beijing ADSL Network, China Unicom optical fiber access, one modem, one end connected to the optical fiber, the other end connected to the RJ45 network cable, dial-up Internet access. RJ45 network cable access router (pole routing generation 2) WAN port, LAN port connected to a network cable to a switch, switch network cable connected to the host. The host is a minicomputer, which saves power and runs the Win7 system. It is usually used as a down-plane.

Because Linux is powerful in this aspect, we plan to install a Linux server. Considering that the server is properly used, we cannot give up the Win system. We naturally want to use virtual machine technology to solve this problem.

Virtual machines are VirtualBox, Linux is CentOS, and all are open source software. Install ssh with yum to install all components related to openssh.

Start the sshd service, stop the iptables service, or allow remote hosts to connect to port 22.

2. Set the host network

Set the network card of the VirtualBox virtual machine as a "bridge", so that you can use the "DHCP" router to go to a fixed lan ip address to facilitate port forwarding in the future.

Go to the vro Management page, go to the DHCP service configuration area, and bind the MAC address of the Virtual Machine Nic to the IP address to be allocated to it.

Go to the VM ("Linux host" or "host B"), run the command # ifup eth0 to activate the corresponding Nic, and use # ifconfig to confirm the allocated IP address.

Figure 1 DHCP configuration on the vro

Figure 2 Use ifconfig to check IP address acquisition results

3. Configure LAN port forwarding

Log on to the vro background and set port forwarding. Forward TCP and UDP packets from Port 4222 to the Linux host.

Try to access this host through the public network. The default ssh port number is forwarded and the router forwarding settings are verified through ssh connection.

Figure 3 router port forwarding settings

Figure 4 verify vro forwarding settings with a public IP Address

4. Set DDNS

Because dial-up Internet access is used, the IP address will change once a disconnection occurs, so if we use a public IP address to find a Linux host, the robustness of this mechanism will be poor.

We need a dynamic domain name to solve this problem. The available DDNS service providers include "peanut shells". I have been using his home services for free and have good availability.

However, because polar routing comes with the DDNS function, this example uses the polar routing DDNS service.

Figure 5 access a Linux host using DDNS

So far, host B is basically established. The configuration process and debugging method of host A will be written tomorrow. Some settings may need to be made on host B.

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.