1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sharing port 80?

Discussion in 'Tomato Firmware' started by Burma, May 19, 2013.

  1. Burma

    Burma Networkin' Nut Member

    I've worked for several employers who block outgoing connections that use common ports such as ssh, telnet, rdp, and others. When this happens, I have to change my home router configuration to map external port 80 to whichever internal port number I need to get to on my home network.

    The problem is, I have several services I need to get to running on the home network and they can't all use port 80 can they? Does any one know of a way I can configure Tomato to share port 80 or some other solution I haven't thought of? Thanks a lot
     
  2. rs232

    rs232 Network Guru Member

    I don't think what you say would work, companies use firewalls and are these easily able to detect services running on wrong ports e.g. dns running on port 80.
    The way I personally work around this is to have a commercial product called "remotelyanywhere" (not to expensive) running on one of my LAN PCs and mapped to port 443 of my router (I use a different port for the tomato admin btw)
    This way you can connect to your router:443 via a normal browser and achieve a full remote administration. Once your on the remote desktop you can do anything you like. SSL is considered safe by most companies and is pretty much always enabled via the corporate firewalls.
     
  3. Burma

    Burma Networkin' Nut Member

    That has not been my experience. I've been doing it this way for over 5 years now. I run everything that way when I need to, rdp, ssh, ftp, and more. It's getting to be a pain though - switching port 80 to the right internal port. If possible, I'd like to find a solution that involves manipulating Tomato's configuration.
     
  4. rs232

    rs232 Network Guru Member

    I'm really surprised this has worked in the past. All the companies I worked for in the past have internet access granted only via HTTP proxy, that means: the application must talk http/s or the proxy would not understand.
    Different matter would be if you try to redirect e.g. http/s traffic only to a pool of LAN webservers as using a reverse-proxy you could take advantage of the host-headers functionality to redirect same port to different LAN IP.
    The only other thing I can think about in your scenario (if they really allow any traffic via the firewall!) would be to have an pptp or openvpn connection froum your laptop to your router and do anything you need that way. Mind you though: most of the companies see this as hacking and they might not be ok with that!
     
  5. MercuryV

    MercuryV Networkin' Nut Member

    You can install and try sslh package.
    sslh is a kind of multiplexer. It accepts connections on specified port and forwards them further based on tests performed on the first data packet.
     
  6. jerrm

    jerrm Network Guru Member

    Why not use ssh tunneling or VPN?
     
  7. Burma

    Burma Networkin' Nut Member

    Thanks for the recomendations. I'm thinking I'll go with sslh, ssh, or vpn through 443. OF these, which would be the best balance between easiest to setup, performance, and least likely to raise flags with netadmins?
     
  8. rs232

    rs232 Network Guru Member

    vpn +1
    simple to setup and does everything out of the box
     
  9. jerrm

    jerrm Network Guru Member

    VPN is ultimately more versatile, ssh doesn't require anything extra on the router and is a "lighter" install on the client, never used sslh, but looks like it would have the advantage of potentially no additional client side install.

    If I don't routinely need full blown LAN access, I usually just use ssh w/tunnels. Often even in situations where VPN is already setup and running.
     
  10. Burma

    Burma Networkin' Nut Member

    I'll start with ssh since, as you say, it's already set up on the router. I'm using WRT54GL with original Tomato 1.27.

    Can someone provide a simple example of how to make rdp connection to home pc? Do I need to tweak my Tomato settings?

    My Tomato SSH Daemon settings are:
    Enable at Startup x
    Remote Access x
    Remote Port 122
    Port 122
     
  11. jerrm

    jerrm Network Guru Member

    Nothing to do on the router.

    Assuming Putty:
    1. Go to Connection->SSH->Tunnels
    2. Enter any "Source Port" that is free on the local machine, for RDP I usually use "33389"
    3. In "Destination" enter IP: Port of the PC and process you wish to connect to. If the PC you want to connect to is at "192.168.0.101" then enter "192.168.0.101:3389" for RDP.
    4. Click "Add"
    5. Establish the ssh connection
    6. Open up Remote Desktop Connection, enter 127.0.0.1:33389 as the "Computer." Click Connect.
     
  12. Burma

    Burma Networkin' Nut Member

    I'm not sure that will help me. Here's my scenario:

    I'm at work and I want to establish an rdp connection to pc-1 at home, and another rdp connection to pc-2 at home. From work, I have to go out through port 443 (or 80). How do I set that up? I've used Putty before. Thx
     
  13. gfunkdave

    gfunkdave LI Guru Member

    Use port 443 for SSH on the router so it will look like an https connection.

    Create a tunnel in Putty to forward local port 3389 to port 3389 on the LAN IP of your desired target at home.

    Open a rdp connection to 127.0.0.2 and you'll be connected.

    Here's a slightly different take that should also work. I would avoid using port 22 for SSH on your home router because a) many companies block everything except 80 and 443 and b) it will be an instant flag to a half-alert IT admin that you are doing something nonstandard. Seeing encrypted traffic on port 443 won't raise any eyebrows.

    http://klinkner.net/~srk/techTips/ssh-remote/
     
  14. jerrm

    jerrm Network Guru Member

    It should work fine. Ssh remote port in tomato gui would be 443. If you can establish an ssh connection on 443, then follow the above steps for PC1. Once PC1 works, set up another tunnel using another "Source Port" say 13389 and pointing to PC2IP:3389 for "Destination", and point Remote Desktop Connection to "127.0.0.1:13389" when you want to connect to PC2.
     
  15. Burma

    Burma Networkin' Nut Member

    I got it working with Putty Portable on 443. That tunnel shit is cool once you get the hang of it. Thanks all for your help.
     

Share This Page