setup reverse tunnel with stunnel

Unlike ssh,  stunnel dosen’t support the reverse tunnel by it’s self.

With the help of tgcd ( TCP/IP Gender Changer Daemon ), we are able to setup a reverse tunnel by chain the tgcd and stunnel:

For example:

We try to access the corp server from home,  but due to the NAT firewall of the corp, only out going 80/443 port are opened:

client  ==> tgcd LL node (home server)  ==> tgcd CC node (corp agent) ==> corp server:

Home Server:

Launching tgcd daemon in LL mode:

   tgcd -L -q 2222 -p 22222

Listen on port 2222 for client access

Listen on port 22222 for tgcd CC access

 

Launching stunnel in server mode:

       /usr/local/bin/stunnel /etc/stunnel/stunnel_server.conf

Listen on port 443 for incoming ssl connection

Forward link with sni=tgcd to port 2222

cat /etc/stunnel/stunnel_server.conf

[tls]
accept = 0.0.0.0:443
connect = 127.0.0.1:1080

[tgcd]
sni = tls:tgcd
connect = 127.0.0.1:2222

 

Corp Agent Server:

Launching tgcd daemon in CC mode:

tgcd -C -s 127.0.0.1:222 -c 127.0.0.227:2222

Connect to tgcd LL node at:   127.0.0.227:2222

Connect to sshd server at:     127.0.0.1:222

Launching stunnel in client mode:

/usr/local/bin/stunnel /etc/stunnel/stunnel_client.conf

Listen on port 127.0.0.227:2222 from tgcd CC, and

Access Home server via port 443 behind NAT and http proxy

cat /etc/stunnel/stunnel_client.conf

 

[ssh-tgcd-home]
accept = 127.0.0.227:2222
protocolHost = home.serverip:443

connect = http_proxy_ip:http_proxy_port
protocol = connect
sni = tgcd

 

******************************************

With such configuration, we can login into the corp server by means of:

ssh -p 22222   home.server.ip

Config Godaddy Smtp Realy

Config 3rd (Godaddy)  SMTP server as the relay of your smtp server

 

Godaddy:

MX records:

0 smtp.secureserver.net
10 mailstore1.secureserver.net

 

Host Names (CNAME)

POP pop.secureserver.net
IMAP imap.secureserver.net
SMTP smtpout.secureserver.net

 

Port:

  • Without SSL
    • Incoming Port
      IMAP – 143
      POP – 110
    • Outgoing (SMTP) port
      One of the following: 25, 80, 3535
  • With SSL
    • Incoming Port
      IMAP – 993
      POP – 995
    • Outgoing (SMTP) port
      465

 

 

Install Postfix

sudo apt-get install mailutils
sudo apt-get install postfix

Config Postfix

sudo nano /etc/postfix/main.cf

Test Postfix SMTP Server Can Send Email

echo "This is the body of the email" | 
mail -s "This is the subject line" xxx@gmail.com

Forward System Mail via the Postfix SMTP Server

cat /etc/aliases

# /etc/aliases
mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
usenet: root
news: root
webmaster: root
www: root
ftp: root
abuse: root
noc: root
security: root
root:  account@yourdomain

Send  Mail via external (Godaddy) smtp server

Configuring  Usernames and Passwords

sudo nano    /etc/postfix/sasl/passwd
[smtpout.secureserver.net]:80 account@yourdomain:passwd
sudo postmap /etc/postfix/sasl/passwd

Configuring Relay

sudo nano    /etc/postfix/main.cf

# specify SMTP relay host 
relayhost = [smtpout.secureserver.net]:80

At the end of the file, add the following parameters to enable authentication:

cat /etc/postfix/main.cf

smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd

Test Postfix SMTP Relay

echo "email via godaddy smtp" | 
mail -s "smtp relay" "From: account@yourdomain" xxx@dest

Config email  alias From header in Postfix

 Add the line into /etc/postfix/main.cf

smtp_generic_maps = hash:/etc/postfix/generic

cat /etc/postfix/generic

other-email  account@yourdomain

sudo postmap /etc/postfix/generic