# <strong>Setting Up Port Forwarding</strong>

Three labs (Pathname, SQL Injection and Cross-Site Scripting) require port forwarding to be set up in order to access a web server that's hosted from these nodes. This notebook will be a guide that will assist you with how to configure port forwarding for your machine.

### Step 1: Creating The Required Files

First, click "Create Key" below. This will automatically generate a zip file that contains required files that your machine will need to use.

In [1]:
# Click the button below to create a zip file.
import ipywidgets as widgets
import subprocess
from IPython.display import display, HTML, Javascript

def create_key(b):
    with output1:
        output1.clear_output()
        display(HTML("<span>Loading... This will take some time.<img width='12px' height='12px' style='margin-left: 5px;' src='resources/loading.gif'></span>"))
        
    result = subprocess.run("sudo su USERNAME_GOES_HERE -c 'resources/port-forward/port-forward-setup'", shell=True, capture_output=True, text=True)

    with output1:
        output1.clear_output()
        display(HTML("<span style='color: green;'>Completed!</span><span> You may continue to the next step.</span>"))

# Creating the button.
button = widgets.Button(description="Create Key")

# Creating an output area.
output1 = widgets.Output()

# Run the command on click.
button.on_click(create_key)

# Display the output.
display(button, output1)

Button(description='Create Key', style=ButtonStyle())

Output()

### Step 2: Moving the Data to Your Machine

Inside of your notebooks directory (in ```/project/USERNAME_GOES_HERE/notebooks```), a new zip file was made called ```port-forward-data.zip```. You can view this in the file explorer menu to the left of your XDC. Right-click on this file, and select Download. <strong>Delete the ```port-forward-data.zip``` file from your XDC after you have downloaded it, as it contains your SSH key to your XDC.</strong>

### Step 3: OS-Specific Instructions

Unzip the ```port-forward-data.zip``` file anywhere onto your machine. Inside of the folder, there are three files:
- ```deterlab-port-forwarding/```
- ```merge_key```
- ```config```

Now, depending on your operating system, you will need to follow some slightly different steps. 

#### <strong><u>Windows 10 (or newer)</u></strong>

- Navigate into ```deterlab-port-forwarding/```. Inside of there should be three files. The file that you will need is ```port-forward-windows.ps1```. <strong>Do not right-click on the file and select "Run with Powershell".</strong> This will not work due to Windows' security system.
- Open a terminal on your computer, such as Terminal, Command Prompt, or Powershell, and <strong>run as administrator</strong>. Then, type in the following command: ```powershell -ExecutionPolicy Bypass -File "\\path\\to\\port-forward-windows.ps1"```
    - For example, if you extracted the .zip file to your Downloads folder, then you would have to run: ```powershell -ExecutionPolicy Bypass -File "c:\\Users\\[YourName]\\Downloads\\port-forward-data\\deterlab-port-forwarding\\port-forward-windows.ps1"```

Here is what your terminal should say:

<figure><center><img src="resources/port-forward/windows_demo.jpg" style="width: 75%; height: 75%;"></img></center></figure>

<strong>If you are facing issues with this script, you may manually do what the script is attempting to do:</strong>
- Navigate to ```C:/Users/[YourName]```.
- Navigate into ```.ssh```.
  - If you do not have this folder, then simply create a new folder inside of ```C:/Users/[YourName]``` called ```.ssh```.
- Take the ```config``` and ```merge_key``` from your extracted folder, then cut/paste them into your ```.ssh``` folder.

<strong>Finally, delete your zip file and your extracted folder when you are complete.</strong>

#### <strong><u>MacOS and Linux</u></strong>
- Navigate into ```deterlab-port-forwarding/```. Inside of there should be three files. The file that you will need is ```port-forward-unix.sh```.
- Open Terminal, then type ```/path/to/port-forward-unix.sh```.
  - For example, if you extracted the .zip file to your Downloads folder, then you would have to run: ```~/Downloads/port-forward-data/deterlab-port-forwarding/port-forward-unix.sh```.
 
<strong>Finally, delete your zip file and your extracted folder when you are complete.</strong>

### Step 4: Navigating Into Your XDC

Now that port forwarding is complete, you are able to SSH into your Deterlab from your own machine.

To test this, type ```ssh USERNAME_GOES_HERE-xdc-USERNAME_GOES_HERE``` into your terminal. You will be asked if you wish to continue connecting with the footprint. Type "yes" twice. The first time is to add SPHERE as a known host, and the second time is to add your ```USERNAME_GOES_HERE``` account as a known host. This only needs to be done once.

When successful, you can access your XDC from your own terminal. You may exit by typing ```exit```.

### Step 5: Port Forwarding to Access Web Server

If you are currently attempting to access your Pathname, SQL Injection, or Cross-Site Scripting labs, you will have to modify the way that you SSH into SPHERE.

Here is the general outline:

```ssh -L port:node:80 USERNAME_GOES_HERE-xdc-USERNAME_GOES_HERE```

Here are the three SSH commands that you will need to use to access the ```pathname```, ```sqli```, and ```xss``` labs:
- Pathname: ```ssh -L 5000:pathname:5001 USERNAME_GOES_HERE-xdc-USERNAME_GOES_HERE```
  - Please read Step 1 of the Pathname lab to understand how to connect to your lab.
- SQLi: ```ssh -L 8080:sqli:80 USERNAME_GOES_HERE-xdc-USERNAME_GOES_HERE```
- XSS: ```ssh -L 8080:server:80 USERNAME_GOES_HERE-xdc-USERNAME_GOES_HERE```
  - Note that XSS does not have an ```xss``` node. Instead, you will need to SSH into the ```server``` node instead.

### Step 6: Accessing a Web Server

After you have SSH'ed into your XDC with a port forward command, you can now access the web server that your node is hosting. To do this, open your web browser and navigate into ```localhost:port```, where ```port``` is a number from 1-65535 that you can choose from. In the examples above, ```8080``` (or ```5000```) were used for a port number. So, if you used the example(s) above, you will need to navigate to ```localhost:port``` in your web browser, where the ```port``` was provided above.

When you type the SSH command from Step 5, <strong>you do not need to type ```ssh <node>``` to complete the port forwarding process</strong>. When you use the SSH command, you will be signed in as ```USERNAME_GOES_HERE@xdc```. You will need to leave the terminal open as you work through the lab, but you may minimize it to keep the connection open.