Using an extranet host to penetrate a local network firewall

This article mainly records a way to penetrate the local firewall, that is, the reverse connection. The author will study the practice, while writing this article, the process may not be the most concise, only for their own and posterity to leave a reference.

I need to achieve the purpose:

I use host A, in LAN A, the author does not have the administrative rights of LAN A, and LAN A has a firewall, blocked the mail.163.com website; through the author's own home in a host (recorded as Host B), to achieve host A through the LAN a firewall through Host B access to the Mail.163.com website.

However, Host B does not yet exist, so this article will cover the process of using the most common resources to build Host B and the entire forwarding system in a certain amount of space.

1. Set up the external network host

Environment: Beijing ADSL Network, Unicom fiber access, a modem, one end of the optical fiber, the other end connected RJ45 network cable, dial-up Internet. RJ45 Network cable access router (Polar Route 2 generation) WAN port, LAN port connected with a network cable to a switch, switch network cable connected to the host. Mainframe is a minicomputer, very power-saving, running Win7 system, usually as a download machine.

Because of the strong Linux, so it is intended to install a Linux server, considering the current load machine, so can not abandon the win system, naturally think of using virtual machine technology to solve.

Virtual machines are virtualbox,linux CentOS, all open source software. Installing the virtual machine requires using Yum to install SSH, which installs all openssh related components.

Start the sshd service, stop the Iptables service, or allow the remote host to connect to Port 22.

2. Setting up the Host network

The VirtualBox virtual Machine network card is set to "bridge", so that the router "DHCP" to a fixed LAN IP, to facilitate future port forwarding.

Enter the router management interface, where you configure the DHCP service, and bind the virtual machine Nic MAC address to the IP address that you want to assign it to.

To the virtual machine ("Linux host" or "Host B"), use the command # ifup eth0 to activate the corresponding network card, using # Ifconfig to confirm the assigned IP address.

Figure 1 DHCP configuration on the router

Figure 2 using Ifconfig to check IP for results

3. Configure LAN Port forwarding

Log in to the router background and set the appropriate port forwarding. Forward 4222-port TCP and UDP packets to the Linux host.

Try to access this host as a public network, forward the default SSH port number, and verify the router forwarding settings with an SSH connection.

Figure 3 Router port forwarding settings

Figure 4 Verifying router forwarding settings with a public IP address

4. Set DDNS

Since dial-up Internet is used, the IP address will change once the disconnection is dialed, so if we use the public IP to find the Linux host, the robustness of this mechanism will be poor.

We need a dynamic domain name to improve the problem. Available DDNS service provider has "peanut shell" and so on, the author has been using his home service, free and good usability.

However, because of the DDNS functionality of the polar routing, the DDNS service is extremely routed in this case.

Figure 5 Accessing a Linux host using DDNS

At this point, Host B is basically set up to complete. Tomorrow start writing the configuration process for host A, as well as debugging methods, you may also need to do some setup in Host B.

Copyright NOTICE: This article for Bo Master original article, without Bo Master permission not reproduced.

Using an extranet host to penetrate a local network firewall