Debian Admin

Debian/Ubuntu Linux System Administration Tutorials,Howtos,Tips

  • RSS Subscribe

    subscribe to the Debian Admin RSS feed
  • Sponsors



  • Categories

  • Sponsors

  • Support DebianAdmin

    Amount $:
    Website(Optional):


  • Meta

  • Archives



Howto perform UDP tunneling through SSH connection

Posted by Admin on August 21st, 2008

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

In this tutorial we will are going to provide simple procedure how to to perform UDP tunneling through an SSH connection.Say you need to forward UDP packets between two remote networks securely.


E.g : dns queries from your home machine to your dns servers at work.

you can use the following way :

1. Connect to the remote server and set up TCP forward

client$ ssh -L 22222:127.0.0.1:22222 remote.server.be

Any request sent to your local tcp/22222 port will be tunneled securely to tcp/22222 on the remote server.

We will then use netcat to forward the TCP queries to the UDP server..

2. TCP to UDP forward with netcat on the server

server$ mkfifo /tmp/fifo

server$ iptables -A INPUT -p tcp --dport 22222 -j ACCEPT

server$ nc -l -p 22222 < /tmp/fifo | nc -u IP_ADDRESS_OF_DNSSERVER 53 > /tmp/fifo

3. UDP to TCP forward with netcat on the client

client$ mkfifo /tmp/fifo

client$ sudo nc -l -u -p 53 < /tmp/fifo | nc 127.0.0.1 22222 > /tmp/fifo

Use sudo if you are not root, you need root access for binding services to ports under 1024.

4. Query

nslookup sub.domain.be 127.0.0.1

Schema :

client –> request to 127.0.0.1 udp/53 –> netcat forwarding from udp/53 to tcp/22222 –> tcp/22222 request tunneled through SSH –> server receives requests on tcp/22222 –> netcat forwarding from tcp/22222 to the specified IP address on udp/53 –> server

  • Share/Bookmark

3 Responses to “Howto perform UDP tunneling through SSH connection”

  1. evr Says:

    This is a quiet smart & simple method, but i have a problem : the first DNS request works, but all the next attempts encounter timeouts.
    Have you any idea of the origin of the trouble ?
    Thanks,

  2. croco Says:

    This howto is simple-minded amazing! I will try to connect an extern teamspeak server with this method. I must check this because i’m behind a great firewall.

  3. Jan Says:

    I see the same behaviour as describes above by Evr:

    I am packing SNMP (UDP) into TCP and unpack on the other side. (I do not use the SSH tunnel, rather I connect directly to the servers port 22222)
    The first request is answered correctly, subsequent run into timeouts

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 
  • Using Rodney's Kontera ContentLinks / MIVA InLine Plugin v2.3.