Skip to comments.Using SSH to Bypass Firewalls and Elude Monitoring
Posted on 10/09/2002 1:28:01 PM PDT by opticoax
I have been reading about ssh and using tunnelling to bypass proxy servers and go thru firewalls.
I have DSL at home and I have loaded the freeware AnalogX web proxy server broadcasting on port 6588. I have also loaded up the Putty ssh client at home and at work. I have the ssh clients on both ends listening at port 5000 and redirecting to port 8080 at work and to port 6588 at home. i.e. localhost:5000 port forwarding to localhost:8080.
I then directed internet explorer at work to use the proxy 127.0.0.1(or localhost):8080 for web access This configuration should create an ssh encrypted tunnel back to my web proxy at home and the firewall should show this traffic as going thru port 5000 and coming in on port 5000. The traffic should be unreadable and unsniffable since it is encrypted.
of course, this configuration doesn't work and I can't figure out why. Do I need an ssh server on my home box to authenticate to before I can access the ssh port forwarding? Any help would be greatly appreciated.
FreeRepublic , LLC
PO BOX 9771
FRESNO, CA 93794
First, set up the web proxy on your home system, listening on whatever port you like (8080 is reasonable). The proxy should accept connections only from the localhost.
Second, install an sshd daemon on your home system (and configure it so that you can authenticate yourself when connecting from work).
Then, your ssh client at work should redirect a local port to a remote one -- that is, localhost:8080 to your.home.box:8080. Then connections to localhost:8080 will be forwarded through the ssh tunnel on to your home system's port 8080.
Your web browser at work should use 127.0.0.1:8080 as the proxy.
Personally, the way I like to do it, is to run the Junkbuster proxy at home, which forwards requests to a squid cache at home, which forwards requests over an ssh tunnel to anonymizer.com's web proxy. Then, using ssh tunneling I expose my the Junkbuster on my home box to work (workbox:8080 to homebox:8080). It works well.
I'm pretty sure you do. I haven't used Putty, but I've done similar things with Unix. This is how I set up an encrypted tunnel to use VNC (remote display/control) on my home computer while at work:
Hopefully this makes some amount of sense...
One of my employers was blocking port 22 but allowing port 23 (stupid) so I set up an SSH server on port 23 at home. I built a Linux box at work which woke up periodically (via cron) and connected to the box at home (via private key) and forwarded certain ports over. Here is the script which ran on the box:
/usr/local/bin/ssh2 -q -f -p 23 \ -L 5801:192.168.50.161:5801 \ -L 5901:192.168.50.161:5901 \ -L 222:127.0.0.1:22 \ -L 8000:127.0.0.1:8000 \ -L 8001:192.168.50.163:8001 \ -L 8002:127.0.0.1:8001 \ -R 5000:220.127.116.11:80 \ -R 5001:18.104.22.168:80 \ -R 5002:22.214.171.124:80 \ -R 5003:126.96.36.199:80 \ -R 5004:10.103.4.37:80 \ -R 5005:10.103.4.30:23 \ -R 513:10.101.4.15:513 \ -R 222:127.0.0.1:22 \ -R 322:10.103.4.37:22 \ tech.junk.net
Using this, I could get into my network services at home from the office, AND contact stuff at work from my machines at home. Worked flawlessly and undetected for years.
Test which ports you can get through the firewall, and read up on SSH port forwarding. You should be able to get it working without too much trouble.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.