LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Closed Thread
 
Search this Thread
Old 10-01-2013, 11:06 PM   #1
bplis*
Member
 
Registered: Nov 2011
Distribution: Fedora
Posts: 65

Rep: Reputation: Disabled
Using a HTTP Web proxy to Get Around a Web Filter


OK- So my school hired a new IT lady to enforce blocks on "inappropriate content" as the old guy was quitting. Lo and behold, she turns out to be a complete control freak. Forums such as this are blocked under a blanket block of "Forums." I cannot do a Google Image search on medieval swords for an image for the cover of my report under the block heading "Illegal Weapons." Meanwhile, fellow students are using the 4G on their cell phones to look up what is truly inappropriate content. So, barring what you may consider to be "ethical" or not, I am looking to set up a web proxy at my house and use that to reroute the traffic so that I can connect to forums and such at the school. Again, please no suggestions like "talk to them" or "don't do it, I think its wrong," because I have tried talking, and it does need to be done.

I am currently using ssh tunneling to create a SOCKS5 local proxy on my laptop from my home computer, and that works just great. Decent speeds, less than 100ms ping time, etc, with the simple command
ssh -C -D 1080 myipnumber
and configuring the system proxy settings to use localhost:1080.
Again, great on my laptop. But, I would also like to be able to do this on my mobile devices (ipod touch, and samsung galaxy exhilerate) as my 4G limit is only 500MB a month.

So I decided to try to set up a HTTP web proxy to route around the filter, as the ipod natively supports using a web proxy, and my phone does not have to be rooted to use a regular HTTP proxy. Great news. Only, this doesn't seem to work so well. I have Tried setting up both Squid and Tinyproxy (separately- never both at once) to run on port 8888 on my local machine, and the router forwards the port to my machine, just like pmy ort 22 for ssh. I enter the settings for this (my IP address and the port number) into my system and... failure. This is what confuses me- I have internet connection. I can go to, say, google.com and it works, albeit rather slowly. I can check my IP address (google "my IP") and it says it is coming from my home machine's IP. I can access my local router (192.168.xxx.xxx) and see the settings (yes I'll fix that later) and that is all good.

At first all I notice is that it runs significantly slower than my SSH Tunnel. Then, I try going here (linuxquestions.org) and hit a redirect to a 192.168.xxx.xxx/NetBlock or something like that (the local page for a blocked website) which then gets fed to my proxy which then tells me it does not exist, as I host no such page. This happens on my phone, ipod, and laptop. What? I am curious on how, with using a port like 8888, the filter works on my request to the proxy, and slows everything way down, despite a basic ssh tunnel working fine. Same results with both proxy servers (squid, tinyproxy; both port 8888)

I am fairly new to networking, though I do have a few years experience with the basics of Linux. So my apologies if the answer is obvious. But is there a way to set up a HTTP proxy on my home computer so that the traffic is not intercepted and web addresses changed? Is there something wrong with the way I set my proxies up? Or will I have to stick to only using my laptop?

Thanks in advance,
-bplis*
 
Old 10-01-2013, 11:27 PM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,465
Blog Entries: 35

Rep: Reputation: 363Reputation: 363Reputation: 363Reputation: 363
For your iDevices just use openvpn. That's the way to go in my opinion. I use it all the time and it's encrypted. Your IT pro sounds like a dunce.
 
Old 10-02-2013, 05:28 PM   #3
jefro
Guru
 
Registered: Mar 2008
Posts: 11,787

Rep: Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449
We are really not supposed to help you in this sort of devious task.

You do realize the school has to be in charge of teaching you and not letting you use the web for your personal tasks.
 
Old 10-02-2013, 08:07 PM   #4
bplis*
Member
 
Registered: Nov 2011
Distribution: Fedora
Posts: 65

Original Poster
Rep: Reputation: Disabled
"We are really not supposed to help you in this sort of devious task.

You do realize the school has to be in charge of teaching you and not letting you use the web for your personal tasks."

Jefro- There is a reason I had a long-winded speech at the beginning about not telling me that "it is wrong." And "Personal Tasks"? Most of what I do is FOR school, so please don't give me that. If this is against any rules, report it to a mod and have them take it down, do not harass me about it. However what I am doing is NOT against the terms and agreements I signed, or against any school technology policy. Believe me I have looked. Thank you for at least attempting to "help me" in whichever way you think, but please do not waste posts and time as I have explicitly stated that your answer will not be accepted as an answer to the question. Again, I do sincerely thank you for trying to help, but please read the whole post and respect what I ask as well, as the nicest person in the world is not of help if they cannot answer with what information the questioner needs.

And sag47, Can I set up a VPN that will not require user credentials, and will block access to local resources, like my router, printer, etc? I am hoping to make this simple and efficient.

Regards,
bplis*
 
Old 10-03-2013, 11:22 AM   #5
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,493
Blog Entries: 6

Rep: Reputation: Disabled
dubious/devious - what's the diff?

It's the school's resource and they are entitled to run it anyway they (or someone they hire) sees fit.
If you were paying the Bills for Internet access at school, you'd appreciate that.

Internet access is a privilege, not a right.
I'd be grateful and move on.
 
1 members found this post helpful.
Old 10-03-2013, 03:18 PM   #6
sag47
Senior Member
 
Registered: Sep 2009
Location: Philly, PA
Distribution: Kubuntu x64, RHEL, Fedora Core, FreeBSD, Windows x64
Posts: 1,465
Blog Entries: 35

Rep: Reputation: 363Reputation: 363Reputation: 363Reputation: 363
Quote:
Originally Posted by bplis* View Post
And sag47, Can I set up a VPN that will not require user credentials, and will block access to local resources, like my router, printer, etc? I am hoping to make this simple and efficient.
If you want simple/efficient then Verizon sells 3G wifi portable hot spots where you can access the net anywhere. There's your simple/efficent solution. Also, most phone companies offer the option to turn your phone into a portable wifi hotspot.

Running anonymous open proxies is not smart and very dangerous as well as opening yourself (or who ever pays the bills at home) to liability for being financially responsible for misuse of said open proxy (e.g. DOS attack, DMCA violators, etc). Running proxies takes serious care and any misconfiguration could seriously open yourself and anyone who uses your network to attack (both technically, financially, and legally). So you better know what you're doing in that case.

Your best bet is to just configure something with authentication such as VPN or SSH tunneling. Or wrap your proxy with HTTP(s) auth. What you're asking for is not simple (relative to experience ofc). You can block access to local resources but you'll need to learn iptables. When you set up the VPN just don't bridge your home network with the VPN network (starting out they're two separate networks with different IP ranges).

I agree with what others are saying about trying to subvert your school IT, not smart on your part. If you didn't want to encounter such back lash then it would have been smarter for you to simply ask *how* to do something and leave the drama out of it. I don't care about your situation and it's unnecessary information for the goal you're trying to achieve. Just my 2c based on what I've been reading so far.

Last edited by sag47; 10-03-2013 at 03:20 PM.
 
Old 10-03-2013, 03:36 PM   #7
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,601
Blog Entries: 2

Rep: Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060
Quote:
Originally Posted by bplis* View Post
Jefro- There is a reason I had a long-winded speech at the beginning about not telling me that "it is wrong."
If this is ethically wrong is open to discussion, that it is against the LQ Rules is not open to a discussion. Circumventing the restrictions in your school's network falls under the cracking rule. This thread is reported for closure.
 
2 members found this post helpful.
Old 10-03-2013, 05:08 PM   #8
jefro
Guru
 
Registered: Mar 2008
Posts: 11,787

Rep: Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449Reputation: 1449
I have to admit you were a bit more polite than some of the kids trying this.

As noted by sag47, pay for your private use and you won't have to devise some scheme.

Could some of the people at LQ get past it? Maybe. Many here are very ethical and would simply not do it for that reason alone.
 
Old 10-03-2013, 05:18 PM   #9
corp769
Guru
 
Registered: Apr 2005
Posts: 5,807

Rep: Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996Reputation: 996
Tip to OP: Especially if you get caught, they want to press charges because technically they can, and they just so happen to see this thread... How would that hold up in court? We all aren't trying to scare you, but it's the truth in this modern society.
 
Old 10-08-2013, 03:51 PM   #10
bplis*
Member
 
Registered: Nov 2011
Distribution: Fedora
Posts: 65

Original Poster
Rep: Reputation: Disabled
It has not been closed yet, so here I go. First- if you want to get into ethics, remember that I already use SSH tunneling to get around it on my laptop anyways. I can do the same if I were to root my phone or jailbreak my ipod, but I was looking for a method to do so on those devices without modifications, as it is more convenient. So I'm doing it help or no. Second, please don't call me some "kid." I'm not running around or doing anything devious. And as stated above, I am violating NONE of the terms and agreements of using the provided internet connection, and am actually well within legal bounds to do what I am doing. The school sues/presses some kind of charge? Go ahead, it would make for a fun day in court. Then again, my school is too small to be able to afford to file a suit. Worst case they re-write the terms and conditions of use. If I were to keep doing it, then they would revoke my access. I have also spoken with my principal about getting an account like that of a teacher's without these restrictions. He is all for it, but the new tech lady told him that it is impossible to do. As he is only minimally tech literate, he could not argue with her over whether it is an impossibility. Again, not just some dumb kid here. And part of this is also for learning it just for the sake of learning it. Again, my laptop could suffice, but I am curious as to what is going on for a HTTP proxy on a non-standard port to not work. Are they scanning every port for certain web addresses/words/etc.? Or am I being routed through a certain DNS of theirs and my requests to a different dns (in this case OpenDNS) are not happening? I know the basic concept of web connectivity (Your computer ==> DNS Lookup ==> Server) but what is going on in this case?

And TobiSGD- the only rule relating to what you speak of is as follows-
Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed.
I do not consider this to be cracking at all, as noone is harmed, and it violates no rules/laws.
You have clearly helped a lot of people over time, and I thank you for that. I also know that it is bad form to argue with moderators. But in this case it truly comes down to whether or not this is considered "Cracking." So it most certainly is open to discussion as to whether or not this is against LQ Rules until it is either closed down or it is decided that it will be left alone. I, for one, believe that it is not at all against any rules.

Thanks to all,
bplis*
 
Old 10-08-2013, 04:01 PM   #11
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,601
Blog Entries: 2

Rep: Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060Reputation: 4060
Quote:
Originally Posted by bplis* View Post
and it violates no rules/laws.
It violates the rules that the admin of your school's network has established. It is policy on LQ that we do net help people to circumvent network restrictions of their school's, workplaces or countries.
 
Old 10-08-2013, 04:06 PM   #12
Habitual
Senior Member
 
Registered: Jan 2011
Distribution: Undecided
Posts: 3,493
Blog Entries: 6

Rep: Reputation: Disabled
Reported.
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reverse Proxy for non-web (non-http) ? cheezy Linux - Server 3 07-23-2014 09:54 PM
moved to ubuntu from XP. I need a proxy web filter like the one I have used for ever. anoniemouse Linux - Newbie 6 04-28-2010 08:22 AM
Ubuntu Software Center unable to Access the Web Proxy filter Nabeel Ubuntu 7 12-28-2009 11:13 AM
internal proxy server and web filter EmCee09 Linux - Server 3 02-02-2009 07:52 AM
Looking for web-based HTTP proxy theevilshiftkey Linux - Networking 1 01-09-2002 01:44 AM


All times are GMT -5. The time now is 07:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration