Using VPN To Access All Local Services Without The Need To Open Up Unnecessary Inbound Ports

Before knowing much about VPN, I usually opened up many inbound ports for my computer firewall and the firewall that resided within the router so remote services such as APF (Apple Time Machine) would function correctly.  Obviously, these remote services (e.g., APF, FTP, CIFS, etc…) are also accessible within local area network, therefore one does not need to have to be outside a local area network to use these remote services.  For an example, one can just sit next to the APF server (i.e., APF which hosts on a network attached storage) and locally backup one’s Mac to the Time Machine service.  When using such services locally, one has to use local IP addresses, because one  is within a local area network (e.g., home network, office network, etc…).

The idea is to open up less ports to protect everything within a local area network better.  So, when one travels abroad, one cannot use local IP addresses to access one’s remote services (e.g., APF, FTP, CIFS, etc…), and one has to open up ports for these remote services so remote access would be possible.  Since one has to open up inbound ports for remote connections, one’s local area network might become more vulnerable.  The more open ports there are, the more exploits that hackers can use to test or attack against the services that rely on the open ports.

Luckily, we have VPN.  VPN stands for Virtual Private Network.  Big companies love to deploy VPN for their employees.  If you have ever met one of those employees from one of those big companies, you might see this person logins into a VPN network through a laptop when this person is away from the company.  Since big companies are using VPN, VPN must be for the elites only right?  Wrong!  Just about anyone can use VPN to protect oneself, and it doesn’t take a rocket scientist to do so.  If you watch other videos of mine within my YouTube channel, you will see how easy it’s to set up VPN server/service on Windows 8.  Anyhow, the whole idea is to open up less ports for a network so everything within a network can be somewhat more secure.

Using VPN, one can access local area network as if one never leaves local area network all along.  For an example, one can sit at a Starbucks and yet connect to remote services(e.g., APF, CIFS, FTP, SSH, etc…) with local IP addresses.  How is this possible?  Like I said, using VPN, one never leaves local area network!  This is why VPN is definitely a better option than just opening up whatever inbound ports there are for different remote services.  With VPN, all one has to do is to open up one port which VPN relies on.  Through the connection of VPN, one then can just access all services within a local area network as if one has never leave a local area network all along.  In case you don’t know, VPN encrypts data automatically.  This is just another reason why I think VPN is definitely a better solution for remote access.

X11 Forwarding

Have you ever had the need of firing up an application inside Linux box from another machine whether it be a Mac or Linux or Windows box?  When you think it’s impossible, think again!  It’s quite easy as long you have a running Linux box and the Linux box itself has a running SSH server.  On Windows, you need to use a terminal such as PuTTY to X11 Fowarding into your Linux box.  On Mac, you can just use your regular terminal.

When all requirements are met, all you have to do is firing up the terminal, type in the command line:  ssh -p your-port-number -X username@ip-address-of-the-server and hit enter key.  You should be able to X11 Forwarding into your Linux box!  You can replace the -X part with -Y for switching from untrusted connection to trusted connection.

Why going through all this trouble?  I see the need of using X11 Forwarding when you want to manage your Linux box from long distance, but you want to do it through the GUI way (that’s, graphical user interface).  For an example, you want to manage Firestarter (a GUI front end for managing IPFilter if I’m not wrong on this), you need to fire up its graphical user interface, and X11 Forwarding allows you to do just that.  Now, sometimes there are applications that Linux has but Windows and Mac don’t, you can use those applications’ GUIs by using X11 Forwarding.

Additional tips:  Make sure your SSH server’s configuration inside /etc/ssh/sshd_config allows the port that you are connecting to such as port 22.  Check the firewall to make sure it allows the port that your SSH server requires in order for a connection to be made.  On the machine that you are going to execute the X11 Forwarding command, make sure this very machine is allowing you to make an outgoing connection on the specific port that SSH server requires.  That’s, open up a required outgoing port on the machine that you will be executing the X11 Forwarding command.

Check the video below to see X11 Forwarding in action — that’s, if you don’t mind my broken English!