April 26, 2019

An Easy Tutorial on IP Tables and Port Knocking - page 3

Basic Preparation

  • February 4, 2008
  • By Matt Waldo

To establish an SSH tunnel you need to download cygwin. You can get this Linux emulator from http://www.cygwin.com. Run the setup, choose to install from the internet, save it in c:\ and choose a mirror site to download from. At this point you'll see a long list of stuff you can download and install. Expand Net, and choose to install "curl" and "openssh".

Curl will allow you to throw a packet to a designated port on your firewall exactly once. So what you will do is set up a batch file to throw four packets at your firewall in order, to the four port numbers you specified earlier as your tokens. This will open the ssh port on your firewall for 10 seconds. at the end of your batch file it will call an ssh configuration file to establish the encrypted ssh tunnel so you can access your network. Its just that easy. just make sure that all the batch files, configuration files, and cygwin directory are in your c:\ directory.

Here is an example of the batch file and the configuration file.

cygwin\bin\curl -s -m 1 http://"IPADDRESS":"TOKEN1"
cygwin\bin\curl -s -m 1 http://"IPADDRESS":"TOKEN2"
cygwin\bin\curl -s -m 1 http://"IPADDRESS":"TOKEN3"
cygwin\bin\curl -s -m 1 http://"IPADDRESS":"TOKEN4"
cygwin\bin\ssh "username"@"IP ADDRESS" -F \"config file name"

The config file would look like this:

# Create a tunnel to access my private web server (

# Create a tunnel to access ssh on my web server (

# Create a tunnel to access the remote desktop on a Windows XP system (

To save as a batch file open Notepad, copy the code and when you save it give it a .bat extension. The "username" has to be an account no the computer you are trying to access, and the IP address is just that, the IP address of the computer you are connecting to.

If you are just trying to connect to a file server and don't care about the firewall portion of this you will probably have to port forward port 22 in your router. The IPADDRESS in the batch file refers to the IP of the server as well; however, the 192.168.*.* address is your homes INTERNAL address. So after making the SSH connection to your server, you can either access things on your server or you can go through the tunnel and touch other computers on your network. Suddenly, an encrypted tunnel for a remote desktop session with your computer at home without leaving your network wide open is a real possibility!

If you would like to be able to do this from any computer you sit down at then save your batch file, your configuration file, and cygwin to the root of a USB thumb drive. Just pop in the drive and run it from there to get an automatic connection.

Matt Waldo is an Instructor at TouchStone Technology, Beaverton, OR.

Most Popular LinuxPlanet Stories