LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Linux Answers > Networking
User Name
Password

Notices

By glsen_az at 2010-01-01 16:10
I've been running a http://www.smoothwall,org (open source firewall/router) system at home for a number of years and have been very pleased with the performance and stability. Running Smoothwall 2 (running on an old Pentium I w/128 MB RAM and 10 GB HD) - Linux boxes and Vista/Windows XP boxes behind it.

I wanted to do the following:
While at coffee shops/free WiFi be able to have encrypted traffic (with SSH) back to Smoothwall box (via the static IP address supplied by DynDNS service), then turn around and have the traffic re-routed, still encrypted, out to the requested Internet sites. I guess this scenario would be similar to the GoToMyPC concept, except it would be on MY hardware and Internet connection, and use freely available open-source software.

I'm just getting too paranoid about surfing in the open at coffeeshops (I never do any shopping or banking-type transactions!) and want to nail things down.

Here's my particular configuration:

Home using Smoothwall (SW):
  • Cable Internet modem out to SW box's ethernet NIC (unfriendly/Internet-facing "RED" NIC) - gets dynamic IP address via DHCP from cable provider.
  • Second ethernet NIC out of SW to switch (trusted/home network on "GREEN" NIC) - Smoothwall's own DHCP server doles out IP addresses to home PCs.
  • SW offers the option to use DynDNS service to get a static IP address that the SW box can be referred to from the Internet.
  • Our current cable connection provides top end of 7-9 Mb throughput on a very consistent basis.

Ubuntu 9.04-based Dell laptop with (wired &) wireless for unsecure coffee house Internet access. I also do WPA secure wireless access at home sometimes. I also set up my wife's HP laptop running Windows Vista to use an encrypted connection when she does WiFi in cafes.

Here's what I did:
  • Turned on the remote access option with port 222 on SW and allowed for a VPN session and SSH to port 222.
  • Run ssh on my Ubuntu-based laptop:
    Code:
    ssh -D 5678 -p 222 <user>@sub-domain.dyndns.org
  • Opened Firefox Network | Settings preferences and set SSL Proxy to localhost port 222
  • Set the "No proxy for:" option to localhost port:5678 using SOCKS v5.

I had a friend at the coffee shop sniff my packets and saw that all the traffic was encrypted and simply jibberish.

Thanks to all of you for your suggestions and help. I'm also indebted to others who shared their setup information and helped the rest of us along.

Original LinuxQuestions post:
http://www.linuxquestions.org/questi...5/#post2750710

Original Smoothwall Forums post:
http://community.smoothwall.org/foru...=167567#167567

Very nice how-to location here:
http://geekblog.oneandoneis2.org/ind...firewalls_with


  



All times are GMT -5. The time now is 11:07 AM.

Main Menu

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration