Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Using SSH to Bypass Firewalls and Elude Monitoring
http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&q=tunnel+proxy+ssh ^ | 10/09/02 | self

Posted on 10/09/2002 1:28:01 PM PDT by opticoax

I have been reading about ssh and using tunnelling to bypass proxy servers and go thru firewalls.

I have DSL at home and I have loaded the freeware AnalogX web proxy server broadcasting on port 6588. I have also loaded up the Putty ssh client at home and at work. I have the ssh clients on both ends listening at port 5000 and redirecting to port 8080 at work and to port 6588 at home. i.e. localhost:5000 port forwarding to localhost:8080.

I then directed internet explorer at work to use the proxy 127.0.0.1(or localhost):8080 for web access This configuration should create an ssh encrypted tunnel back to my web proxy at home and the firewall should show this traffic as going thru port 5000 and coming in on port 5000. The traffic should be unreadable and unsniffable since it is encrypted.

of course, this configuration doesn't work and I can't figure out why. Do I need an ssh server on my home box to authenticate to before I can access the ssh port forwarding? Any help would be greatly appreciated.


TOPICS: Computers/Internet
KEYWORDS: computers; encryption; security; spying; ssh
I think this would could be a cool computer security thread demonstrating how to avoid prying eyes or to access freerepublic.com in environments that restrict access.
1 posted on 10/09/2002 1:28:02 PM PDT by opticoax
[ Post Reply | Private Reply | View Replies]

We Replaced Patrick Leahy's Brains With Folger's Crystals. Let's See If Anyone Notices!

Donate Here By Secure Server

Or mail checks to
FreeRepublic , LLC
PO BOX 9771
FRESNO, CA 93794

or you can use

PayPal at Jimrob@psnw.com

STOP BY AND BUMP THE FUNDRAISER THREAD

2 posted on 10/09/2002 1:35:11 PM PDT by William McKinley
[ Post Reply | Private Reply | To 1 | View Replies]

To: opticoax
Your descriptions of your chain left me a little confused, so rather than try to debug, let me describe what I have done in the past.

First, set up the web proxy on your home system, listening on whatever port you like (8080 is reasonable). The proxy should accept connections only from the localhost.

Second, install an sshd daemon on your home system (and configure it so that you can authenticate yourself when connecting from work).

Then, your ssh client at work should redirect a local port to a remote one -- that is, localhost:8080 to your.home.box:8080. Then connections to localhost:8080 will be forwarded through the ssh tunnel on to your home system's port 8080.

Your web browser at work should use 127.0.0.1:8080 as the proxy.

Personally, the way I like to do it, is to run the Junkbuster proxy at home, which forwards requests to a squid cache at home, which forwards requests over an ssh tunnel to anonymizer.com's web proxy. Then, using ssh tunneling I expose my the Junkbuster on my home box to work (workbox:8080 to homebox:8080). It works well.

3 posted on 10/09/2002 1:40:12 PM PDT by posterkid
[ Post Reply | Private Reply | To 1 | View Replies]

To: opticoax
Do I need an ssh server on my home box to authenticate to before I can access the ssh port forwarding?

I'm pretty sure you do. I haven't used Putty, but I've done similar things with Unix. This is how I set up an encrypted tunnel to use VNC (remote display/control) on my home computer while at work:

Hopefully this makes some amount of sense...

4 posted on 10/09/2002 1:47:24 PM PDT by ThinkDifferent
[ Post Reply | Private Reply | To 1 | View Replies]

To: opticoax
A possibility that your corporate firewall is blocking port 5000?

One of my employers was blocking port 22 but allowing port 23 (stupid) so I set up an SSH server on port 23 at home. I built a Linux box at work which woke up periodically (via cron) and connected to the box at home (via private key) and forwarded certain ports over. Here is the script which ran on the box:


/usr/local/bin/ssh2 -q -f -p 23 \
 -L 5801:192.168.50.161:5801 \
 -L 5901:192.168.50.161:5901 \
 -L 222:127.0.0.1:22 \
 -L 8000:127.0.0.1:8000 \
 -L 8001:192.168.50.163:8001 \
 -L 8002:127.0.0.1:8001 \
 -R 5000:147.210.174.52:80 \
 -R 5001:147.210.174.46:80 \
 -R 5002:147.210.174.47:80 \
 -R 5003:147.210.174.48:80 \
 -R 5004:10.103.4.37:80 \
 -R 5005:10.103.4.30:23 \
 -R 513:10.101.4.15:513 \
 -R 222:127.0.0.1:22 \
 -R 322:10.103.4.37:22 \
 tech.junk.net

Using this, I could get into my network services at home from the office, AND contact stuff at work from my machines at home. Worked flawlessly and undetected for years.

Test which ports you can get through the firewall, and read up on SSH port forwarding. You should be able to get it working without too much trouble.

5 posted on 10/09/2002 1:50:22 PM PDT by TechJunkYard
[ Post Reply | Private Reply | To 1 | View Replies]

To: opticoax
Ever heard of "Bouncer"? Try here
6 posted on 10/09/2002 2:15:39 PM PDT by smith288
[ Post Reply | Private Reply | To 1 | View Replies]

To: smith288
you sure about that link?
7 posted on 10/09/2002 2:35:06 PM PDT by sharktrager
[ Post Reply | Private Reply | To 6 | View Replies]

To: sharktrager
Yea... its rather bland...just get past the ugliness...there is a docs sections and a bin section where you can download linux or win32 binary.
8 posted on 10/09/2002 4:23:39 PM PDT by smith288
[ Post Reply | Private Reply | To 7 | View Replies]

To: da_toolman; tanka wasichu; jdogbearhunter; Xphantasos; alieno nomine; Atsilvquodi
PING
9 posted on 10/10/2002 8:51:26 AM PDT by phasma proeliator
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson