LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-27-2007, 08:16 AM   #1
depam
Member
 
Registered: Sep 2005
Posts: 861

Rep: Reputation: 30
How to use SSH as a proxy gateway


Hi!

I have an ssh configured on my home server. Now, I wanted to make sure that I always have the secure connection whenever I am away from home. You never really know how insecure a network can be. Is there a way for me to tunnel my connection using ssh or putty for instance? In such a way that it my home server configured with ssh will be push all internet connection on my pc even when I am away. The home server that I have is configured with ssh and has transparent internet access. Hope someone can help me out. Thanks.
 
Old 03-27-2007, 08:58 AM   #2
Manana
Member
 
Registered: Dec 2005
Distribution: Ubuntu,Debian
Posts: 41

Rep: Reputation: 15
What you really want is a VPN tunnel to your home that will give you complete access to everything as if you where on your own network(i can recommend OpenVPN for that).

However if you just want to use ssh it is very capable, its possible to tunnel connections to your lan/computer via ssh and the best part is you usually dont have to configure the server at all, only thing you need to check is if you have this parameter in your sshd_conf

AllowTcpForwarding yes

Then its a matter of making settings in the client, in this case putty. Just make the appropriate port forwarding under tunnels. Here is a Howto on that http://www.sanger.ac.uk/Software/Art...ual/putty.html .

Now if you want to tunnel all your webbrowsing you have to enable socks5 proxy in your webbrowser or messenger program or whatever, it is widely supported. Just to be clear, this setting is in the program you intend to use.
The setting in putty to make this work is a dynamic portforwarding, just check the dynamic box and enter a port then go to your webbrowser and set socks5 proxy to localhost:<theportyoujustconfiguredinputty>.

Dont know if this is clear but hopefully it will lead you in the right direction, i can add that this is very useful and i use it almost everyday.
 
Old 03-27-2007, 08:58 AM   #3
timdsmith
Member
 
Registered: Nov 2003
Location: The Colony, TX
Distribution: Slackware, Debian Etch, FreeBSD, MicroSh*t free.
Posts: 209

Rep: Reputation: 30
Sure. You don't even need a proxy server on your home computer. Only the ssh server.
When you are away from home, open putty and put in your home server's address. Then on the left, go to Connection>>>SSH>>>Tunnels

Tic the "Dynamic" radio button. Put 8080 in "Source Port" box. Click Add. You should see D8080 in the big box above...Save the configuration and connect.


Now....In your web browser, Under connection settings...leave all settings blank except for SOCKS. In this one, but 127.0.0.1 and put the port as 8080. Now you will be using your home computer as the proxy server. You can go to www.whatismyip.com to confirm. It will show your home ip address instead of the ip of the computer you are actually on.
 
Old 03-28-2007, 10:26 PM   #4
depam
Member
 
Registered: Sep 2005
Posts: 861

Original Poster
Rep: Reputation: 30
Guys,

can't seem to make it work. I have configured AllowTcpForwarding to yes but still can't make it through. My browser won't display any website. Is it possible to ping www.yahoo.com using this method?
 
Old 03-28-2007, 10:53 PM   #5
depam
Member
 
Registered: Sep 2005
Posts: 861

Original Poster
Rep: Reputation: 30
Hi!

I was able to surf the net by establishing ssh connection to the remote server with squid configured on port 3128. What I did is used 2110 local port and have the ssh forward ports 3128 to my local port. But what if I don't have a squid pre-configured? Is it also possible to route all traffic using SSH? IN such a way that I use the remote server as my transparent proxy not only for surfing the web but to do everything I want to do such as video conferencing, VOIP, mail sending, IMs which I believe will be more secure because all packets are tunneled and encrypted.

I've tried OpenVPN before but I wanted to explore if SSH can also do the same thing. What do you think?
 
Old 03-29-2007, 01:34 AM   #6
Manana
Member
 
Registered: Dec 2005
Distribution: Ubuntu,Debian
Posts: 41

Rep: Reputation: 15
Hmm did you create a dynamic portforward in putty to? Just tick the dynamic box and enter a local port(no need for remote adress and port here) it should say "D8080" in the list of portforwards when your done(assuming you chose port 8080).
Then it should work just to enable socks5 proxy in your webbrowser, and make sure you dont type anything in your other proxysettings just localhost:<portyouselected> next to socks5 then it should work.

As a reply to your first answer you wont be able to ping yahoo.com through the tunnel unless you forward icmp traffic aswell, what you have done here is just to forward the httptraffic.

Im not aware of a solution where you route ALL traffic through ssh tunnel but let me know if you find one

However most of the stuff you mentioned can be tunneled individually by setting your server as socks5 proxy in each program, i do this for Browser, IM and FTP client, most programs support this but you have to make the setting in each application.

Good Luck!
 
Old 03-29-2007, 05:58 AM   #7
depam
Member
 
Registered: Sep 2005
Posts: 861

Original Poster
Rep: Reputation: 30
I was able to make it work but instead of inputting the local port to socks5, it worked on http. I don't know how did that happen. Anyway, whats the syntax using the linux ssh instead of the putty? Thanks.
 
Old 03-29-2007, 06:50 AM   #8
Manana
Member
 
Registered: Dec 2005
Distribution: Ubuntu,Debian
Posts: 41

Rep: Reputation: 15
Ok thats sounds weird, sure your not still surfing throught squid?

Syntax for linux ssh client is

Dynamic:
ssh -D 8080 user@adress

Static
ssh -L 8080:remoteadress:80 user@adress

Cant check if this is correct atm but im pretty sure i remembered it correctly.
 
Old 03-29-2007, 08:13 AM   #9
depam
Member
 
Registered: Sep 2005
Posts: 861

Original Poster
Rep: Reputation: 30
Manana,

If you want to route all traffic and make your remote server as a gateway, try using OpenVPN. It's really cool. Yes, the server is configured with squid. I don't know why I needed to use socks rather than the http proxy.
 
Old 03-29-2007, 08:32 AM   #10
depam
Member
 
Registered: Sep 2005
Posts: 861

Original Poster
Rep: Reputation: 30
Ok, so let me get this thing straight. What are the other use of ssh tunneling aside from using the remote server as proxy to browse the web? Is it also possible to use the SSH to connect to other PCs connected on that PC? For example, if the remote server is acting as a gateway for a LAN network can I also access those machines within his LAN? Thanks.
 
Old 03-29-2007, 08:44 AM   #11
Manana
Member
 
Registered: Dec 2005
Distribution: Ubuntu,Debian
Posts: 41

Rep: Reputation: 15
Żes absolutely, thats the whole point

Lets say you connect to your router/firewall via ssh, the routers internal ip is 192.168.1.1, then on your lan you have your workstation with vnc server installed IP is 192.168.1.2. To connect to that vnc server via ssh all you need to do is this:

ssh -L 3200(this could be any port you like):192.168.1.2:5900(5900 is the vnc port) ... This is similar in putty im sure you can work it out.

Then you open vnc client on the computer you connected with and connect to localhost:3200 and bingo secure remote desktop with only sshport opened in firewall.

You can do this with any program you like as long as you know what port it uses.
 
Old 03-30-2007, 12:38 AM   #12
depam
Member
 
Registered: Sep 2005
Posts: 861

Original Poster
Rep: Reputation: 30
Manana,

Now I get it. Also tried connecting to LAN connected to the remote ssh server and it worked. My question is that why can't I use SOCKS? I have squid proxy installed on the remote ssh server and I can access the web by configuring the http proxy on the web brower. THis is the command I issued:

ssh root@remotesshserver -N -L 1111:localhost:3128

I configured the web browser to use http proxy localhost:1111 and it worked but when I input it on the SOCKS it doesn't work at all.

My other question is that what if the remote ssh server doesn't have squid but is connected on a transparent proxy, is it also possible for me to use it as proxy? What ports should I forward to my local machine? Thanks.
 
Old 03-30-2007, 01:46 AM   #13
Manana
Member
 
Registered: Dec 2005
Distribution: Ubuntu,Debian
Posts: 41

Rep: Reputation: 15
Great, you got that far
Now to the socks problem, i dont know why it isnt working, it doesnt require any configuration on the serverside so not much can go wrong. I connect like this:

ssh -D 8080 user@adress

Then i just input localhost:8080 as socksproxy and it just works.

Didnt understand your last question.
I think you mean that the computer you ssh to is itself connected to a proxy and you want to know how you can use that over the tunnel.
If so just find out what port the proxy is working on and then do ssh -L 8080roxylocaladressroxyport then set webbrowser to http proxy localhost:8080, think that works anyhow, never tried it
 
Old 03-30-2007, 03:14 AM   #14
depam
Member
 
Registered: Sep 2005
Posts: 861

Original Poster
Rep: Reputation: 30
What i mean is that what if the remote ssh server is connected via a DSL modem. It uses PPOE to authenticate itself and will gain internet access. It doesn't necessarily mean that I should setup a squid proxy for me to be able to tunnel the web browsing thru ssh, am i right?
 
Old 04-02-2007, 01:44 AM   #15
Manana
Member
 
Registered: Dec 2005
Distribution: Ubuntu,Debian
Posts: 41

Rep: Reputation: 15
No like i said earlier, you dont need squid as long as you can get socks proxy to work, then you dont need any installation/configuration on you server except sshd ofcourse.
However if you cant get that working you need squid(or some other proxysoftware) unless you want to make a different portforward for each adress you want to visit.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
IM Gateway/Proxy for linux rld1025 Linux - Security 1 03-31-2005 04:08 AM
Proxy or Gateway xowl Linux - Networking 1 02-05-2005 09:44 AM
Proxy problem: can`t connect SSH through proxy... bugzilla Linux - Networking 3 09-16-2004 10:36 AM
Linux proxy/gateway MRK Slackware 1 12-08-2003 04:19 PM
Gateway/Firewall and Proxy da_tibmeister Linux - Networking 5 10-03-2003 07:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration