New SOCKS support for Bastion Service

You may have noticed a new type of session in the Oracle Cloud Infrastructure (OCI) Bastion Service.   Now there are three types of sessions, you can read about the other two in my post here.

 

You can also read the OCI documentation here.

 

The new session type is called Dynamic Port Forwarding (SOCKS) Session. The session type allows you to access the range of IP addresses defined within the private subnet.  So instead of specifying a single IP Address or Compute instance name, you now only specify the private subnet. 

 

Once the session is created in the console, the command line for the session looks like:

 

ssh -i <privateKey> -N -D 127.0.0.1:<localPort> -p 22 ocid1.bastionsession.oc1.iad.amaaa....@host.bastion.us-ashburn-1.oci.oraclecloud.com

 

Replace the private key and local port number.  No need to specify the private IP within the proxy call like we did for Port forwarding sessions. 

 

Note: You can also create sessions using the SDK,  read Jake Bloom's post for more details on how that can be accomplished.  He has created a command line interface using the python SDK.

 

IMPORTANT: In order to communicate to private resources the "client" must be able to support SOCKS.

 

In my previous blog post, I used Putty to port forward to the WebLogic Admin Console via the browser.  Just for fun, let's try creating a new Putty session using the above SOCKS session.  But first I must validate that the command link works.  Remember for Dynamic Port Forwarding the client , in my case the browser, must support SOCKS; which most browsers do. I happenedd to use FireFox and hereare the settings for SOCKS that I configured:

 

 

The <localport> you used in the  above command line must also be use for the port in the browser's settings.

Now lets try and access the weblogic console using the URL that contains the private IP and port. 

 

 

As you can see using the private IP, I was able to access the console.  No need to port proward from local host as in my previous post on port forwarding with Putty.

 

Now for the Putty configuration:

 

 

 

 

The screens above are configured the  same in the Port Forward example. 

 

To support SOCKS the screen below is configiured for dynamic routing:

 

Remember to use the local port that is configured for the SOCKS client, in my case the browser. So I configured port 2222 and selected 'Dynamic'.  In doing so, I essentially told Putty to use the SOCKS protocol.

 

I then tried to access the Weblogic Console again with the private IP in the URL and it worked.  Now keep in mind you do not need to use the private IP.  The compute node also has a fully qualified domain name (FQDN) you can use, however to get this to work you much specify that  you want to proxy DNS for SOCKS5 and as shown here:

 

And now you will be able to use the FQDN instead of private IP.

 

Good Luck!