Socks proxy over WinRM Tunnels - socks

We have Windows machine acting as WinRM server and a Linux machine acting as WinRM client, with PyWinRM.
Our Linux machine hosts a program that runs a remote program on the windows Host, over WinRM.
We are not allowed to install any extra package on the Windows Host.
The Windows host can't reach any other host, all the outgoing requests are blocked by firewall. Let's say that only Incoming TCP on WinRM port is allowed.
Is it possible to make a reverse tunnel over the winrm incoming traffic that makes our windows host communicates with the external world over the linux host over a TCP socks proxy.
This is possible by SSH, over tunneling, but is it possible over WinRM ?
Any solution please ?
Regards,

Related

Get client source IP on docker for Windows

I have a docker container running on a Windows Server host, it has a Java app running which communicates with remote client bidirectionally, when the remote client communicates with my server it gets the Docker gateway ip, 10.1.0.1 instead of the remote ip;
It only happens on Windows host, with an Ubuntu Server host it works without any trouble, I get the remote client ip, which I need to answer the petition.
Things I tried:
Disable ip masquerading from docker-compose.yaml file with;
com.docker.network.bridge.enable_ip_masquerade: 'false'
Disable ip masquerading from daemon.json with;
"ip-mask": false
This is how I create the network on docker-compose.yaml;
Nothing of these two solutions worked, thanks in advance.

Install Jenkins on windows server and access it using VM's external ip [google-compute-engine]

I have created a VM instance with windows OS (windows-server-2019-dc-v20200211) in Google cloud.Established RDP connection and installed Jenkins on the VM, but how can I access it from other networks using the VM's external ip?
Could someone help me on this!!
Note: I want to install Jenkins in windows server and not on Linux.
I'll suggest you should check the following:
First, make sure your local firewall on windows server is enabled and allows connections on port 8080. Secondly, Network ACL for both incoming traffic on TCP 8080 and outcoming traffic on TCP port 8080 should be allowed.
Also check some of these stackoverflow use cases for more help: [1]https://superuser.com/questions/1212645/cannot-expose-jenkins-externally [2]https://apple.stackexchange.com/questions/31376/how-can-i-open-port-8080-of-mac-os-x-lion [3] Jenkins server is not accessible by host name (ip address)

Testing box application from virtual machine

Box requires you to use HTTPS for any URL other than localhost. Unfortunately, I developed on a Linux virtual machine running inside a Windows machine, and I want to access the server running on Linux from a browser in Windows. Therefore, I cannot use localhost.
Is there a way that I test out my box application without needing to create a certificate on my Linux machine?
Yes. You can use an SSH tunnel.
Set up an SSH server on the Linux machine (make sure you secure it if it's accessible from the Internet)
Use a Windows SSH client (like plink or cygwin's SSH client) to create a tunnel to the desired port (80?) of the Linux box. For example, if you're using plink:
C:\>plink.exe -L 1234:127.0.0.1:80 <username>#<Linux machine IP>
using cygwin, the command would be the same:
$ ssh -L 1234:127.0.01:80 <username>#<Linux machine IP>
This will establish a tunnel between the Windows machine's local port 1234 (127.0.0.1:1234) and the Linux machines port 80 (127.0.0.1:80). So if you open a browser on the Windows machine and point it to 127.0.0.1:1234, you'll really be connecting to 127.0.0.1:80 of the Linux machine.
There are some nice tutorials on SSH tunnels, but make sure you're reading about the right type of tunnel. They come in 3 forms - Local (-L), Remote (-R) and Dynamic (-D). You need the local one.
To debug the tunnel, you can use nc. Use something like nc -l 127.0.0.1 80 to get nc to listen on 127.0.0.1:80, then try using the tunnel from the Windows browser. You should see the HTTP request in nc.

Use VirtualBox to access site on host from guest? the host and guest is linux

I'm running VirtualBox on a ubuntu (host), the VM i'm using is fedora (guest). VirtualBox is setup to use the NAT network adapter, and I'm able to get to the internet.
i use Port Forwarding to access ssh and the rails web server
port Forwarding Rules
<NAT>
<DNS pass-domain="true" use-proxy="false" use-host-resolver="false"/>
<Alias logging="false" proxy-only="false" use-same-ports="false"/>
<Forwarding name="Rule 1" proto="1" hostport="5679" guestport="22"/>
<Forwarding name="Rule 2" proto="1" hostport="3080" guestport="3000"/>
</NAT>
now i can access internet on guest machine , and i can logging through ssh
but i cannot access the Rails web server on port 3080
i tried :
localhost:3080
10.0.2.15:3080 #the guest IP
what i can do all i need is SSH and internet connection and open the web site i host on gust machine by Browser in host machine
thanks
Just a stab in the dark here but this might be your issue...
When you provision a new Linux Virtual Machine in VirtualBox, the Network settings for that VM are set to 'NAT'. This results in your new VM being assigned a 10.x.x.x address.
Change this setting to Bridged mode, which will assign your VM an address within the same subnet as your host (most likely 192.168.x.x).
Try to connect to the site running on your host.
If you're still not able to access the site running on localhost, confirm the app isn't blocking connections from your new VM. Add a rule in to your access list (possible iptables) permitting tcp port 80 traffic from your VM's address (found using ifconfig).
Happy hunting!
In your VB you have to set network only with host. It is in preferences->network.
Then you can access your virtual machine via 192.168.56.101 from ubuntu. Port forwarding set on this network card. List it with ifconfig. I recommend to use iptables for port redirects.

Port Forward Directly to a Guest OS with VirtualBox

I am currently using Ubuntu 10.04 for some rails development. It is installed as a guest machine using VirtualBox on a Windows 7 x64 host.
Within Ubuntu, I am trying to port tunnel several ports from a remote server directly to the Guest OS in order to avoid having to download a remote database.
Let's say I want to forward port 5000 on the remote server to port 5000 on the guest os.
I have set up a forwarder for the port on the Windows side, using VBoxManage.exe. This forwards HostPort 5000 to GuestPort 5000.
Then within ubuntu I run, ssh -L5000:127.0.0.1:5000. However, whenever I try to access "127.0.0.1:5000", I receive the message "channel 7: open failed: connect failed: Connection refused"
Am I missing something?
Thanks for the help!
connect failed: Connection refused
This means that you'r not able to connect to 5000 on the remote end.
If you'r only using this connection from within your guest through your SSH tunnel then you don't need the forward from VBoxManager, as this will open op so that outside computers can connect directly to your guest, it won't help your guest connect to the outside.
Are you sure the server you connect (SSH) to is the same server that runs your database? And is the database running on that server?
When you've connected (SSH) to the server, you can try to list what ports are listening for connections or you could try to connect to the database with telnet. To list listeners you can run "netstat -lnt" (-l shows listening, -n is numeric (show IP and port number) and -t is tcp). You should have a line like "tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN" if you have a service listening for TCP on port 5000. To try and connect you can simply do "telnet 127.0.0.1 5000", if you can't connect with telnet from the server then the database ain't listening/allowing your connection, or the server is running on another port or server.
SSH uses TCP traffic by default, right?
Just to verify, NAT in VirtualBox does have these limitations (per the User Manual):
There are four limitations of NAT mode which users should be aware of:
ICMP protocol limitations: Some frequently used network debugging tools (e.g. ping or tracerouting) rely on the ICMP protocol for sending/receiving messages. While ICMP support has been improved with VirtualBox 2.1 (ping should now work), some other tools may not work reliably.
Receiving of UDP broadcasts is not reliable: The guest does not reliably receive broadcasts, since, in order to save resources, it only listens for a certain amount of time after the guest has sent UDP data on a particular port. As a consequence, NetBios name resolution based on broadcasts does not always work (but WINS always works). As a workaround, you can use the numeric IP of the desired server in the \server\share notation.
Protocols such as GRE are unsupported: Protocols other than TCP and UDP are not supported. This means some VPN products (e.g. PPTP from Microsoft) cannot be used. There are other VPN products which use simply TCP and UDP.
Forwarding host ports lower than 1024 impossible: On Unix-based hosts (e.g. Linux, Solaris, Mac OS X) it is not possible to bind to ports below 1024 from applications that are not run by root. As a result, if you try to configure such a port forwarding, the VM will refuse to start.
Try ssh -L5000:0.0.0.0:5000 instead of ssh -L5000:127.0.0.1:5000
There is something called a "loopback" that is tangled up with 127.0.0.1 that will cause you grief if trying to access ports from a different machine. I.e. your host machine.

Resources