
====== Tunneling for security ======

For a comprehensive guide to ssh tunneling please check out [[http://www.oreillynet.com/pub/a/wireless/2001/02/23/wep.html| Using SSH Tunneling]].
===== Setting Up The Tunnel =====
==== Through Putty ====

  * Open up [[http://www.compsoc.nuigalway.ie/links/downloads/files/putty.exe|Putty]].
  * Specify the host as 'riviera.nuigalway.ie' and the port as '22' as shown below.
    {{how_to:session.png|}}
  * In the left menu, go to Connection->SSH->Tunnels.
  * Create the new local tunnel as below and click 'Add':
    {{how_to:tunneling.png|}}
  * Click 'Add' to add this forwarded port to the list of forwarded ports.
  * 'Click Open' and log into your Compsoc account as normal.

==== Through the Terminal ====
  * Use ssh to connect to the server and specify the local port, host and hostport . For example:

<cli>$ssh <username>@riviera.nuigalway.ie -L 3022:proxy.nuigalway.ie:8080</cli>

  * You will be prompted for your Compsoc password.


===== Setting Up the Browser =====

  * Open up your browser ([[http://portableapps.com/apps/internet/firefox_portable|firefox portable]] will work on your U:/ drive) and go to Options->Advanced->Network->Settings if using Firefox on Windows or Edit->Preferences->Advanced->Network->Settings if you are using Firefox on Linux.
  * Add the manual proxy details as below:
  {{:how_to:manual_proxy_firefox.png|Firefox NUIG Proxy Settings}}    
  * Load the page you are trying to browse such as http://www.google.ie/ .  Viola!
===== Reverse Tunnels =====

Reverse tunnels can also be created. These tunnels allow you to use a port on a remote machine and have it redirected back your local machine.

For example: 

Johnny is in his student accomodation and has created a webpage for his group project. Johnny decides he wants to show his buddy Jimmy the website he's made but can't redirect port 80 on his gateway. Both Johnny and Jimmy are members of their local CompSoc which run an SSH server. 

Johhny can use a reverse tunnel to let Jimmy view his website via their CompSoc server.

Johnny used the following code:

<cli>$ ssh username@domain.com -NR REMOTEPORT:localhost:LOCALPORT -v</cli>

Jimmy used the following tunnel to redirect his traffic from local port 8080 through Johhny's reverse tunnel:

<cli>$ ssh username@domain.com -N -L REMOTEPORT:localhost:8080 -v</cli>

Now all Jimmy needs to do is enter http://localhost:8080 into his web browser and he'll be redirected to the web server running on Johhny's laptop.

Of course the same can be used for VNC, FTP, SFTP and all other TCP protocols.