Category Archives: Networking

ssh tunneling for fun and profit

Posted on by
1

ssh is one of those things that’s useful for way more than meets the eye. Here’s a handy feature to add to your bag of tricks — you can tunnel traffic from your machine to a remote machine through another server running an ssh server.

Where this is often useful is in setups where you want to access a system on a private LAN, but it’s behind a firewall or bastion host (running ssh). You could connect if you were on the LAN on the other side, but you’re not.

It looks something like this:

The magical command here is something like this:

ssh -NfL 8080:192.168.1.2:80 root@virtlab-cloud-04

That would map localhost:8080 (on the machine where you’re running this command — i.e., your computer, or “You” in the diagram) to 192.168.1.2’s port 80 — but it connects to 192.168.1.2’s port 80 _through_ a host named “virtlab-cloud-04”, which you’ve ssh’ed into as root. (You do not need to be root for this to work.)

So, maybe you’re on your laptop at an airport hotspot, and 192.168.1.2 is the IP of a home system. You can map a port on it to your laptop by ssh’ing through your Linux box listening over ssh at home.

At a previous employer, I used this to manage our SAN via its (awful) web-based UI on our production network. The SAN was obviously not reachable over the Internet, but I could map its web UI to localhost:8080 on my desktop through a bastion host we had.

Cisco WS-C2948G-GE-TX Review

Posted on by
1

I picked up a Cisco WS-C2948G-GE-TX switch on eBay a while back. I’m about a decade late to the party in reviewing one (mine’s dated November 3, 2003!), but they’re showing up in quantity on eBay for short money, so I thought a modern look at the thing might be helpful.

WS-C2948G-GE-TX (on top of a Dell C6100)

So, the executive summary is this:

Pros:

  • 48-port Gigabit switch
  • Managed
  • 4x SFP ports
  • Runs about $100 on eBay

Of course, a 48-port Gigabit managed Cisco for $100 seems must have some catch. Read on!

Cons:

  • Past End of Life
  • CatOS support only (no upgrade to IOS)
  • Oversubscribed switching fabric (12 Gbps)
  • SFPs have no 10Gb support
  • Appears to support SSH v1.0 only?

If you’re looking for a switch for a serious production environment, this isn’t for you. (But why are you even looking at sub-$100 switches on eBay if that’s the case?!) But for certain cases, this is seemingly the perfect switch. I’m building out a small home lab. I want Gigabit ports (and more than a few of them) but I’m not actually moving a ton of traffic through the switch, so the fact that the switch couldn’t support all 48 ports actually pushing 1Gbps simultaneously is of no concern to me. The CatOS bit isn’t great, but I’m not trying to go for my CCIE where I need all the latest features IOS brings, or running this in a production environment where having the latest security patches is critical. (Not that security is ever unimportant, but it’s on a private LAN in my basement so I’m not going to lose sleep if it’s got known vulnerabilities.) Realistically the only “managed” feature I have used is setting up a second VLAN for a few ports.

For the curious, here’s what mine came running:

sw01> (enable) sho ver

WARNING: This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and use.
Delivery of Cisco cryptographic products does not imply third-party authority
to import, export, distribute or use encryption. Importers, exporters,
distributors and users are responsible for compliance with U.S. and local
country laws. By using this product you agree to comply with applicable
laws and regulations. If you are unable to comply with U.S. and local laws,
return this product immediately.

WS-C2948G-GE-TX Software, Version NmpSW: 8.4(11)GLX
Copyright (c) 1995-2006 by Cisco Systems, Inc.
NMP S/W compiled on Apr 27 2006, 12:46:44
GSP S/W compiled on Apr 27 2006, 11:47:52

System Bootstrap Version: 6.1(6)

Hardware Version: 1.1  Model: WS-C2948G-GE-TX  Serial #: [redacted]

Mod Port Model              Serial #              Versions
--- ---- ------------------ -------------------- -------------------------------
1   0    WS-X2948G-GE-TX    [redacted]           Hw : 1.1
                                                 Gsp: 8.4(11.0)
                                                 Nmp: 8.4(11)GLX
2   52   WS-C2948G-GE-TX    [redacted]           Hw : 1.1

       DRAM                    FLASH                   NVRAM
Module Total   Used    Free    Total   Used    Free    Total Used  Free
------ ------- ------- ------- ------- ------- ------- ----- ----- -----
1       65536K  36933K  28603K  16384K  10779K   5605K  480K  320K  160K

Uptime is 94 days, 1 hour, 25 minutes

And then, the modules:

Mod Slot Ports Module-Type               Model               Sub Status
--- ---- ----- ------------------------- ------------------- --- --------
1   1    0     Switching Supervisor      WS-X2948G-GE-TX     no  ok
2   1    52    10/100/1000 Ethernet      WS-C2948G-GE-TX     no  ok

Mod Module-Name          Serial-Num
--- -------------------- --------------------
1                        [redacted]
2                        [redacted]

Mod MAC-Address(es)                        Hw     Fw         Sw
--- -------------------------------------- ------ ---------- -----------------
1   00-0d-bd-b1-XX-00 to 00-0d-bd-b1-XX-3f 1.1    6.1(6)     8.4(11)GLX
2   00-0e-bd-b1-XX-de to 00-0e-bd-b1-XX-3d 1.1

Note that I haven’t tried anything fancy. In theory it supports stuff like CDP, tagged VLANs, 802.1x, LACP, RADIUS, port mirroring, SNMP monitoring, STP, and so on, but I haven’t set any of that up, and frankly wouldn’t know how.

Back of switch

All in all, if you’re looking for a cheap Gigabit switch with some basic management features and don’t mind it running old software and having a heavily-oversubscribed backplane, I’ve found this switch to be a steal.