I am not a big tutorial-fan, cause I always can’t quite shake the feeling that I’m doing something here I have no particular knowledge of. And depending on what I do, this bothers me. A lot. Take sewing for instance (yes, I do indeed enjoy the fun of sewing, at least as long as it is fun); in the beginning I only did pre-set tutorials. I got to see some achievements, pretty fast as well, and was happy. But the clothings didn’t fit that well, more often than not I had to make corrections to be at least a bit satisfied with my work.

By now, I do most of my sewing patterns myself by taking bits from tutorials and knowledge and putting them together, and it works just fine for me. My point is, tutorials are often brief, giving appealing results in a short time, but often lack some of the necessary theory. Ever happened to you that you did something with a tutorial that just would not work? And after going through the complete text again, looking at all pictures, you realize there’s a small mistake in it, or something you wouldn’t have thought of, which the author took as given?

I guess that’s the reason I don’t want to write tutorials, the danger of missing something (or to cut off too much or something like that) or to have people sitting in front of it thinking “Screw this guy, this just doesn’t work!”. Plus, there are plenty of tutorials out there regarding nearly any topic. Or are there?

But – as the headline suspects – I’m gonna break with this habit for now, and give you a few shots and explanations regarding my former post. No tutorial in a classical sense, but one like I try to write my stuff as well: just concepts and ideas, but this time with pictures.

So let’s get started. Since I’m keeping my connection open most of the time, I’m using PuTTyTray instead of the regular PuTTy or its portable cousin, so some functions described here are not available in other versions.

Here we got the starting screen. Use “Settings from file” (at the bottom of the screen) to save sessions to a file in the PuTTy-directory instead of the windows-registry. An absolute must for all portable users. The first ellipse is where you type your target server’s (or router’s, in our case) IP in. If you can’t remember your IP at any time or get dynamic IPs, make an dyndns-account to save you trouble. Most Routers come with built-in dyndns-support anyway nowadays, sparing you the effort of an update tool. Of course, we want to have “SSH” as a connection type, but it’s per default enabled, so there shouldn’t be any problems.

Ah, that one took me awhile to figure out. Or to be more precise: I was swearing and cursing about the problem I encountered and by accident managed to find a solution in the settings for my terminal, which struck me to be very odd. So I wanna share my insights. The option I circled changes the character send to the server by pressing the backspace-key. Since the routers I mentioned all use some sort of linux, you might wanna change the option to the right one, “Control+? (127)”. Without that enabled, my fritzbox would only type “[^” or something like that instead of deleting the last character. Very annoying.

That one is one of the PuTTyTray-only functions I mentioned that I don’t wanna miss ever again, regardless how more convenient PuTTyPortable sometimes might be for my purposes. Leave the option on “normal” to start it in normal terminal mode. I prefer that one, since I want to use password-authentication. No use minimizing the window to tray on start, only to have to bring it back up, type the password in and minimize it again. “Always” and “Never” produced funny behaviors that I couldn’t get a hold of, but, if you wanna guess and like riddles, go and give it a try.

And oh, the “Accept single-click…”-option is nice as well, if you use this kind of restoring in all of your programs. Mixing double-click and single-click is definitely not a good idea, at least not for me.

Oh, yeah. Not that important, I gotta admit. But it would allow you to pick a username that’s hard to remember (please don’t say anything about the “root” I typed in there.. it is for demonstration purposes only!), and even harder to guess. When using password authentication, I only have to type in my password and not my username. spares me ~1.2 seconds. yay!

Painting Frenzy!! Okay, now here we go. This tab is the mekka for all your needs, the holy grail of port forwarding.
The first option I circled is recommended to use, but it is not without risks (security, mostly). Some protocols may need this option to function properly though. When you look at the entries 1, 2 and 3 they all have a source port (the first column) and a destination (the second one), like my arrows – done extremely skilled, if I may say so – try to show you.

1.) This is a standard port forwarding like used by any program. I specified my source port, which is 5700 (always select “local” as a type if unsure for the others and their doings), and a destination that is usually an IP plus a port. As you can see or at least guess, it’s for VNC (port 5900), and it’s for a fictional desktop in my home network.

2.) That one I use for the emulation of a vpn. Remember the virtual network adapter I had to create? I gave it the very innovative IP 10.0.0.1, Windows File Sharing services use port 139, so its 10.0.0.1:139 for source. The destination is my main network-hard drive with the very same port. If you specify an IP for the source port, the port is only forwarded if the accordant network adapter is used. In case of the file sharing, I had to do this, since I wanted to work both ways at the same time – local file sharing and file sharing over SSH. If you need only one of both, feel free to just forward the port without a source IP.

3.) This one is pretty much like the first, but it points to a virtual network card I created on my Router. I did so because it is forbidden to map any ports directly to the routers own IP, but mapping to the virtual NIC is allowed. Here, I’m forwarding localhost’s port 80 (do NOT do this when running a webserver or any software using port 80) to the virtual NIC’s port 80, so I can display my router’s status page in my browser here at work, taking a look at phone lists and the like. I also could’ve made a port forwarding like “6666 192.168.178.253:80″, to view my routers page then, I would have to connect to “localhost:6666″ in my browser, as well as for connecting my VNC, I have to connect to “<dyndns-address>:5700″ instead of just “<dyndns-address>”.

Be careful with the Connection -> Proxy-Tab though. You don’t have to specify anything here for PuTTy to provide the SOCKS-proxy I mentioned. This is only necessary if PuTTy is forced (or wanted) to use a proxy to connect to the target net (usually, the internet) itself, like when using PuTTy over TOR for instance, which is by the way in my opinion the most comfortable way of using TOR there is.

Oh my, I almost forgot that one.. this is crucial when keeping your connection up and running for a long time. If the connection gets broken there is a chance that your server-component remains active and running on the router, and if your reconnect, you got a second one running, and a third one if that happens again.. you catch my drift. I chose a value of 60 seconds, and it works for me. It was a more or less random choice though, other values might do equally fine.

Okay. I admit, that didn’t hurt that much at all. Maybe I will just… keep posting funny daubed pictures about programs I use…

cya all soon! :)

Related posts

• Fun Things to do with PuTTy and Linux-Routers (7)
• Top Xp Freeware that every user needs part 3 (5)
• My Encrypted Tunnel (1)
• Manage your ssh connections with SecPanel (6)
• Manage Servers For Putty WinSCP VNC And Microsoft Terminal Server (0)

I was no exception to this when I decided to fool around a bit with my AVM Fritz!Box (Broadband Router quite common in Germany and Austria that runs with Linux) and installed – among other amusing things – the dropbear SSH Server on it. I was then able to connect to my home network from all around the world using just my dyndns-account and PuTTy, or better his cousin PuTTyPortable, which runs from thumb drives without leaving traces behind on the host system. Oh the joy!

After going through the massive troubles of installing and configuring dropbear via FTP and VM, I first started to think about the use I could get out of this.

note: I didn’t intend to give instructions of how to use PuTTy or to set up those functions I mention, more to give some inspiration. Google helps all, but if someone is interested in a particular HowTo, just ask, I’m here ;).

First of all, I found out that I could use my encrypted Connection to eliminate some holes in my firewall, VNC always being a big thorn in my side. If I use the standard ports, it’s insecure, and if I use custom ports, I’m bound to fail to remember them when needed. With the SSH Connection, I only have to remember one custom port (in fact, PuTTy does remember it), and I can spare the additional effort and cpu time for encrypting VNC sessions, as well as I could stuff all commonly used holes in my firewall.

Incredibly simple, but at the same time incredibly effective. If you want something like this, the tunneling function (also port forwarding) is for you. It also allowed me – with some tweaking on the router as well – to view the html-based configuration side from outside over the secure line, taking a look at the list of calls received in absence.

The next useful function I could think of was to use my secure Connection to obscure my internet traffic. Not to circumvent IP-Checks, but to prevent the casual network analyzer of having anything to work with besides my current IP at home. No destination, no protocol, no data. Setting it up was even easier than setting up the port tunnels, which, from time to time, tend to be a real pain in the ass, so to speak. For every open SSH Connection and without further configuration, PuTTy procures a full-fledged SOCKS proxy server for you. Ain’t that nice? And with plugins like QuickProxy for Firefox you are free to switch it on or off as you like. Which, of course, is also available as a portable version. But you all knew that already.

The third function I use pretty often was a nasty one to get by, but it was definitely worth the trouble, since it fits my setting nigh perfectly. I’m quite fond of VPNs, but I have yet to encounter a VPN-software that really satisfies me and my personal needs and/or beliefs. So, among the other amusing programs I set up on my router (as mentioned above), was a VPN-server, to allow me to connect to my network-enabled hard drives at home. To cut it short, it worked, I felt secure and all, but it was impossible to take the solution with me, since all VPN-Implementations (OpenVPN, that is) required installation and the creation (and configuration) of a virtual network adapter. So I tried to bring up a feasible solution involving PuTTy.

The easy one was to use a protocol that allows you to transfer files, (s)FTP, SCP, or even HTTP, but all require a special server component to be run on the target, which is not possible for me without leaving one of my computers on, which is entirely out of the question. The NAS is even able to manage FTP, but it would require me to rely on FTP and FTP alone. No Samba and FTP at the same time for the same files. So I had to discard that as well.

The next thought was to just forward port 139 (used by windows filesharing services) to my target network. It would’ve worked, but it would’ve rendered me incapable of using the filesharing service for local shares. I’m using this solution at work, so it’s either home or work. It would work, I could only start up the connection of needed, and so on, but I wasn’t just happy with it, so I digged further.

If I had found a software for windows, that used not the windows filesharing service but an own implementation of it, I could just tell it to use another port and forward that one, but unfortunately, I found no such program.
The best I could come up with was to create a network adapter as VPN does, but without configuring anything on it except for a meaningless IP, and then forward all traffic on 10.0.0.1:139 to my network at home. Works like a charm, but if anyone ever happens to find a program like mentioned above, I would be more than happy to give it a try. Portable Applications preferred ;)

Another function available, though I did not use it very often, was the forwarding of the X11-protocol used by common Linux-desktops, which gives you the power of controlling the remote computer similar to VNC but without the need for additional software.

The last one I want to mention is not one of PuTTy, but one that uses its opened shell to go through with it. A little program called etherwake can be run on common Linux-powered systems which enables you to start your computer without actually sitting in front of it via the magic of WOL (pun intended). A pre-set shell-script that’s run with a short command, a VNC server installed as a service, and you’re good to go. Connect the Router, wake up the computer, connect using VNC and take a look at the all-important document you left at home.

So, if you happen to own a Fritz!Box or one of them shiny, new, world-wide-available OpenSource-Routers, or just an old crappy computer that could deliver a reasonable SSH server for an equally reasonable amount of watts spent, maybe those ideas incorporated one for you.

Also, please notice that PuTTyTray works from Thumb Drives as well without leaving any Data behind (if you use the “session from file”-option), but has the advantage that it can be minimized to the system tray.

If you’re planning on keeping the connection up for quite some time, also remember to activate the “Keep Alive”-function ;)

Edit: After getting rebuked for not doing it from the beginning, I’d like to incorporate some useful links that might get you started.
Complete Installation Guide for Telnet, FTP, SSH, WOL & VPN on a Fritz!Box, German.
You can also get this functions creating a nice and easy pseudo-firmware-image here, but I guess one could lack the insight needed to fill in all the right information if he never did it manually before. So, feel free to screw around using the above link and once you figured it all out, use this one. Also German, but with very little text ;)
Another tutorial, this time for the Linksys WRT54G, including SSH and Tunneling.

Thx again to Ace_NoOne, who could’ve used Google instead ;)

Related posts

• About PuTTy and Tutorials, including a PuTTy Tutorial. (3)
• Top Xp Freeware that every user needs part 3 (5)
• Proxy Server Usage To Extend Jailtime In The US (8)
• My Encrypted Tunnel (1)
• Manage your ssh connections with SecPanel (6)