Firewall Evasion Lab Report

Abstract
It is the aim of this report to trace a dynamic port forwarding through the SOCKS5 protocol and a VPN tunnel
as means of escaping firewall regulations and keeping a covert network connection. In comparison to
conventional port forwarding, which is comparatively evidently containing a difficulty to set up, the dynamic
port forwarding is stated for simplicity in configuring of TCP/IP ports exclusively. Consequently, this port
forwarding is obviously constrained as the port type is of protocol oriented, hence requires the enormous
attention in setting up of the system. On the other hand, VPN tunnelling can be set up in such a way that it can
provide a complete solution to such protocols and encryption and also with the help of dynamic routing one can
minimize latency. Nevertheless, VPN availability, monitoring, and customization make up for these issues but
the difficulty of installation along with the performance compromises has to be taken into account. The analysis
tries to contrast these tools using criteria e.g. traffic volume, the type of network, and the security needs they
would have, and thus gives network administrators a framework on which to make a choice of a suitable
firewall evasion method for their particular, individual networks.

SEED Labs – Firewall Evasion Lab NAT was set up on the router to
Report manage the traffic between these networks,
with specific iptables rules to facilitate and
With The Firewall Evasion Lab restrict traffic flow according to the lab
SEED Labs utilizes dedicated accessories requirements.
for deep consideration of the techniques
employed by the intruders aimed at Initial Setup:
bypassing the restrictive firewall policy
which in most cases blocks internet Network routes and initial firewall
services. The lab covers two critical rules were established to define the basic
concepts, namely VPN (Virtual Private operational parameters for the
Network) and port forwarding, SSH experiments.
tunnelling among them.
Objectives
Apprehending and installing VOIP
and port forwarding methods.
Education on the configuring and the
manipulating techniques of a network
traffic to surpass the protection limits of a
firewall.
Doing tasks like network set up and facing
up to the security evaluation risk with the
help of practical exercises.

Task 1: Static Port Forwarding

Lab Setup and Configuration
Objective: Set up a static port
Docker containers simulate
tunnel over SSH to have an external
different network hosts required for the
machine connect to the inner network
experiments.
being behind a firewall and doing so
Router Configuration: blocked.
Procedure: internal server, effectively bypassing direct
firewall restrictions.
1. An SSH tunnel was created using
the command:

This tunnel directed traffic from a

specified port on the external host to the

Results: Traffic analysis confirmed that the data

was routed through the newly established
Successful connection tunnel, circumventing the firewall rules.
establishment was demonstrated by
accessing services on the internal network
that are typically blocked.

Task 2: Dynamic Port Forwarding

Objective: Set up a static/dynamic
port tunnel over (or through) SSH to
enable an external machine to connect to
the inner network that is behind a firewall
and doing so blocked which blocks the
outside traffic seeking to communicate
from the outside.
Procedure:
1.A dynamic port-forwarding tunnel was
set up using the command:
The SOCKS proxy facilitated on-the-
fly destination configuration for outgoing
requests from the internal network.
Results:
The dynamic tunnel provided
access to previously blocked websites.
Command for blocking a website
The VPN tunnel between B and A
acts as a secure channel that envelops all
network traffic from B. During
transmission, the data packets are covered
by an encrypted layer which is equivalent
to a cloak of security that makes it
practically impossible for external devices
like firewalls to inspect the contents of the
data which results in total privacy of
network that originates from B. With that
in mind, it is notable that the source IP
addresses of these encapsulated packets
are not the initial source IP address of the
client (B), but rather, the IP address of the
VPN server (A). It can be said that this
alteration of the header of the packets Objective: To configure and test a
serves as a medium to bypass any firewall VPN tunnel between two networks,
rules that have been marked for blocking bypassing both ingress and egress firewall
traffic originating from network B. rules.
Besides, the presence of encryption barrier Procedure:
prevents firewall from analysis on the
packet content therefore ensuring that the 1.The VPN tunnel was created with SSH,
network traffic received is not restricted. using commands configured to set up and
link TUN interfaces on both the client and
server.
Besides, VPN tunnelling algorithm
allows B to bypass geo-blocking, which is 2.Additional routing and NAT
possible through the utilization of the configurations were applied to ensure the
network permissions of VPN server proper handling of the VPN traffic.
(A). Traffic sent from A is usually being
allowed to get any web pages, so firewall
identifies the packets as coming from a
genuine network and gives them access to
their favoured destinations without
interruption. This can end up in a scenario
where those rules are ignored and access is
given to a website that has been
specifically blocked. Consequently, by Results:
keeping VPN tunnel instead of firewall, The VPN allowed for seamless
the B, B1 and B2 users can access all the communication between the networks,
blocked sites just as they used to do. The bypassing all configured firewall
firewall does not hinder them in any way restrictions.
since they have free access to the internet.

Task 3: VPN Tunnelling

Testing tunnel using browser

Comparison of SOCKS5 Proxy and
VPN
Analysis: To conclude, I learned to
either use SOCKS5 proxy or tunnel traffic
when I was doing lab work, what could
ensure my protection. The individuality of
the operating systems also shines through
by the difference in which the installation
process is executed, the security features
provided and the granularity in the traffic
control functions respectively.
Conclusions:
SOCKS5 being minimally resource-
demanding can be implemented in
multiple methods but is also not protected
in case if it is not actually encrypted.
While VPN's configuration is not
usually an easy task it may still be the
most preferable solution for the
environments with high level of security
012). Protocol-level evasion of web application
firewalls. Black Hat USA.
[3] Lee, C. Y., & Cho, H. K. (2002). Port
partitioning and dynamic queueing for IP
forwarding. Computers & Operations
Research, 29(9), 1157-1172.
because VPN gives a complete protection
through encryption which is not a
guarantee of VPN's connection.
Conclusions
This classroom activity has proven
to me that there is a strong useful
component of using the VPN and port
forwarding method to bypass the firewall
restrictions. Real-world experience gained
through it increased the visibility of
network security along with the
complications attached to keeping the
balance between security and accessibility.
References
[1]. Marchand-Niño, W. R., & Bravo-Rengifo,
J. M. (2023, October). External Dynamic List
and Middle Relay Tor for Internet Access
Control in an Enterprise Network. In 2023
42nd IEEE International Conference of the
Chilean Computer Science Society
(SCCC) (pp. 1-8). IEEE.
[2]. Ristic, I. (2