Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-31-2006, 11:57 AM   #1
Registered: Oct 2003
Location: Montreal Beach
Distribution: Debian Unstable
Posts: 368

Rep: Reputation: 30
a bit lost with ssh tunnels and proxy

Hi everyone.

I'm using debian etch at work and I'm running a clarkconnect server at home (clarkconnect is basically redhat/fc).

Some other employees here just discovered the joy of sniffing/arp poisonning/mitm...

It bothers me. I'm not the kind of guy that will go cry at the mighty sysadmin, I'll take care of my own concern with the help of the community and ssh!

I want to secure my msn chatting and my web browsing.

On my clarkconnect box I have port 24958 listenning for ssh. How would I do this? like that?
ssh -C -L localport:localhost:remoteport username@remotehost
So if I do
ssh -C -L 1234:localhost:24958
I could tell firefox to use a proxy and point it to localhost:1234, right? Can I use the same tunel for gaim/msn?

Old 05-31-2006, 03:55 PM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976Reputation: 1976
it's not the localhost in the middle there, it's the remote host as the ssh server will see it. you would establish one tunnel for each function you wish to use, you can have as many -L's on the ssh command as you wish.

basically you connect on your client to localhost:1234 and that pops out on the server and the server points that packet towards othermachine:2345 assuming that "othermachine" is resolvable and reachable by the server.

if you've not got the ssh even conecting yet, then you would ssh to a non standard port by "ssh" this is not part of the tunneling. the tunneling is added to the connections capabilities once you are connected via ssh.

i don't know how msn works with a tunnel, i'm sure it's totally possible but i don't know. for the web side, i personally have had success by using tinyproxy running on the ssh server and using that as a proxy for the clients web browser (so you would set your proxy locally to be localhost:8080 or whatever, and that ends up on the other end of the tunnel ( 8080:localhost:8080 ) hitting the proxy. nice and simple. i'm sure the use of localhost is a bit confusing, took me a while, but in that exmaple the "localhost" is referring to the server which would call itself localhost.
Old 05-31-2006, 04:11 PM   #3
Registered: Oct 2003
Location: Montreal Beach
Distribution: Debian Unstable
Posts: 368

Original Poster
Rep: Reputation: 30
thanks mate. I got it up and running, web browsing and IM.

Here's what I did:
ssh -p24958 -N -C -L 8118:localhost:8118 user@remotehost
On the remote host I have sshd (on port 24958), squid and privoxy running.

I set firefox to use the http proxy at localhost port 8118, which is redirected to remotehost. I configured gnome to use the proxy and set gaim to use the global proxy settings. Everything works, except my wheater applet in the gnome-panel. good enough for now!



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SSH-Tunnels, Firewall, VNC bojo Linux - Security 3 03-16-2006 06:08 AM
Interesting routing via ssh tunnels. alunduil Linux - Networking 2 12-26-2005 02:47 PM
Server Defined SSH Tunnels dlublink Linux - Software 1 09-29-2005 09:11 PM
SSH tunnels and VNC, yet again. Edaph Linux - Security 7 05-23-2004 10:55 AM
Automatic SSH Tunnels fearofcarpet Linux - Software 1 12-05-2003 12:36 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:52 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration