LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-31-2006, 10:57 AM   #1
yanik
Member
 
Registered: Oct 2003
Location: Montreal Beach
Distribution: Debian Unstable
Posts: 368

Rep: Reputation: 30
a bit lost with ssh tunnels and proxy


Hi everyone.

I'm using debian etch at work and I'm running a clarkconnect server at home (clarkconnect is basically redhat/fc).

Some other employees here just discovered the joy of sniffing/arp poisonning/mitm...

It bothers me. I'm not the kind of guy that will go cry at the mighty sysadmin, I'll take care of my own concern with the help of the community and ssh!

I want to secure my msn chatting and my web browsing.

On my clarkconnect box I have port 24958 listenning for ssh. How would I do this? like that?
Code:
ssh -C -L localport:localhost:remoteport username@remotehost
So if I do
Code:
ssh -C -L 1234:localhost:24958 yanik@mydomain.com
I could tell firefox to use a proxy and point it to localhost:1234, right? Can I use the same tunel for gaim/msn?

Thanks
 
Old 05-31-2006, 02:55 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,378

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
it's not the localhost in the middle there, it's the remote host as the ssh server will see it. you would establish one tunnel for each function you wish to use, you can have as many -L's on the ssh command as you wish.

basically you connect on your client to localhost:1234 and that pops out on the server and the server points that packet towards othermachine:2345 assuming that "othermachine" is resolvable and reachable by the server.

if you've not got the ssh even conecting yet, then you would ssh to a non standard port by "ssh remotemachine.com:2345" this is not part of the tunneling. the tunneling is added to the connections capabilities once you are connected via ssh.

i don't know how msn works with a tunnel, i'm sure it's totally possible but i don't know. for the web side, i personally have had success by using tinyproxy running on the ssh server and using that as a proxy for the clients web browser (so you would set your proxy locally to be localhost:8080 or whatever, and that ends up on the other end of the tunnel ( 8080:localhost:8080 ) hitting the proxy. nice and simple. i'm sure the use of localhost is a bit confusing, took me a while, but in that exmaple the "localhost" is referring to the server which would call itself localhost.
 
Old 05-31-2006, 03:11 PM   #3
yanik
Member
 
Registered: Oct 2003
Location: Montreal Beach
Distribution: Debian Unstable
Posts: 368

Original Poster
Rep: Reputation: 30
thanks mate. I got it up and running, web browsing and IM.

Here's what I did:
Code:
ssh -p24958 -N -C -L 8118:localhost:8118 user@remotehost
On the remote host I have sshd (on port 24958), squid and privoxy running.

I set firefox to use the http proxy at localhost port 8118, which is redirected to remotehost. I configured gnome to use the proxy and set gaim to use the global proxy settings. Everything works, except my wheater applet in the gnome-panel. good enough for now!

Yanik
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH-Tunnels, Firewall, VNC bojo Linux - Security 3 03-16-2006 05:08 AM
Interesting routing via ssh tunnels. alunduil Linux - Networking 2 12-26-2005 01:47 PM
Server Defined SSH Tunnels dlublink Linux - Software 1 09-29-2005 08:11 PM
SSH tunnels and VNC, yet again. Edaph Linux - Security 7 05-23-2004 09:55 AM
Automatic SSH Tunnels fearofcarpet Linux - Software 1 12-04-2003 11:36 PM


All times are GMT -5. The time now is 01:45 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration