LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-13-2016, 06:17 PM   #1
retghy
LQ Newbie
 
Registered: Jul 2011
Posts: 17

Rep: Reputation: Disabled
Question SSH tunnel -D


The scenario is as follow:

2 computers (PC1 & PC2) Both access internet using an HTTP Proxy that requires authentication.

I ssh to PC2 from PC1 using:

Code:
ssh -D 8080 user@PC2_IP -v
The tunnel is created, but when I try to access the internet (Firefox) in PC1 using 127.0.0.1:8080 as socks4/socks5 proxy it just doesn't work.

What am I missing?

I have tried different ports. Also I tried it at home and it works, but the difference is that there is no proxy.

How can I tell PC1 using a SSH tunnel to access PC2's internet?
  • I have root access in both PC's
  • The O.S. is Debian 6.0.4 in both PC's

Verbose parameter output when accessing a website:

Code:
debug1: channel 11: new [dynamic-tcpip]
debug1: Connection to port 8080 forwarding to socks port 0 requested.
debug1: channel 12: new [dynamic-tcpip]
debug1: Connection to port 8080 forwarding to socks port 0 requested.
debug1: channel 13: new [dynamic-tcpip]
channel 19: open failed: connect failed: Connection timed out
debug1: channel 19: free: direct-tcpip: listening port 8080 for www.superuser.com port 80, connect from 127.0.0.1 port 59380, nchannels 17
channel 20: open failed: connect failed: Connection timed out
debug1: channel 20: free: direct-tcpip: listening port 8080 for www.superuser.com port 80, connect from 127.0.0.1 port 59381, nchannels 16
channel 3: open failed: connect failed: Connection timed out
debug1: channel 3: free: direct-tcpip: listening port 8080 for safebrowsing.google.com port 443, connect from 127.0.0.1 port 59335, nchannels 15
channel 4: open failed: connect failed: Connection timed out
debug1: channel 4: free: direct-tcpip: listening port 8080 for www.google.co.ve port 443, connect from 127.0.0.1 port 59385, nchannels 14
channel 13: open failed: connect failed: Connection timed out
debug1: channel 13: free: direct-tcpip: listening port 8080 for clients2.google.com port 80, connect from 127.0.0.1 port 59391, nchannels 13
In browser I get net::ERR_TIMED_OUT.

Thanks in advanced.
 
Old 04-14-2016, 02:38 AM   #2
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Ubuntu, PopOS, Raspbian
Posts: 1,899
Blog Entries: 36

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
I prefer to specify iface and make it more verbose e.g.

Code:
ssh -vND 127.0.0.1:1080 pc2
If you're running selinux on pc2 then you'll need to enable an sebool. Outbound firewall on pc2 could also affect browsing. Try reaching websites on pc2 via curl.
 
Old 04-14-2016, 03:30 AM   #3
average_user
Member
 
Registered: Dec 2010
Location: Warsaw, Poland
Distribution: Slackware
Posts: 560

Rep: Reputation: 220Reputation: 220Reputation: 220
Have you tried using corkscrew in conjunction with SOCKS?
 
Old 04-14-2016, 07:47 AM   #4
retghy
LQ Newbie
 
Registered: Jul 2011
Posts: 17

Original Poster
Rep: Reputation: Disabled
Both computers have internet access, using http proxy that ask for user/password in browser when accessing any website.

PC1 curl (when tunnel is active):
Code:
curl --socks5 127.0.0.1:8080 http://www.google.com
curl: (7) Failed to receive SOCKS5 connect request ack.
PC2 curl:

Code:
curl --socks5 127.0.0.1:8080 http://www.google.com
curl: (7) couldn't connect to host
Code:
curl http://www.google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.co.ve/?gfe_rd=cr&amp;ei=YIwPV-GmJ87itAeil7mwBg">here</A>.
</BODY></HTML>
 
Old 04-14-2016, 10:47 AM   #5
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Ubuntu, PopOS, Raspbian
Posts: 1,899
Blog Entries: 36

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
Why are you attempting to use socks5 with pc2? It was my impression that pc2 is your proxy host and pc1 will ssh to pc2 and set up a proxy. The proxy port should only be listening on 127.0.0.1:8080 of pc1. pc1 should set internet to proxy through socks5 and pc2 should simply connect directly.
 
Old 04-14-2016, 12:59 PM   #6
retghy
LQ Newbie
 
Registered: Jul 2011
Posts: 17

Original Poster
Rep: Reputation: Disabled
Quote:
Why are you attempting to use socks5 with pc2? It was my impression that pc2 is your proxy host and pc1 will ssh to pc2 and set up a proxy. The proxy port should only be listening on 127.0.0.1:8080 of pc1. pc1 should set internet to proxy through socks5 and pc2 should simply connect directly.
There was another post that was deleted asking for a curl test including PC2.


Quote:
Have you tried using corkscrew in conjunction with SOCKS?
I don't have access to the proxy configuration if that is the case.
 
Old 04-15-2016, 03:02 AM   #7
average_user
Member
 
Registered: Dec 2010
Location: Warsaw, Poland
Distribution: Slackware
Posts: 560

Rep: Reputation: 220Reputation: 220Reputation: 220
Quote:
Originally Posted by retghy View Post
I don't have access to the proxy configuration if that is the case.
Do you really need to have? A couple of years ago I successfully used corkscrew to bypass an HTTP proxy. I didn't know too much about its configuration except for an address and port.
 
Old 04-15-2016, 10:45 AM   #8
retghy
LQ Newbie
 
Registered: Jul 2011
Posts: 17

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by average_user View Post
Do you really need to have? A couple of years ago I successfully used corkscrew to bypass an HTTP proxy. I didn't know too much about its configuration except for an address and port.
But Do I really need to use corkscrew? I can ping and ssh to PC2 from PC1 just fine without using proxy.

The proxy is only needed to access internet.

Maybe I'm not seeing it the way you do.

Last edited by retghy; 04-15-2016 at 11:05 AM.
 
Old 04-15-2016, 11:01 AM   #9
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Ubuntu, PopOS, Raspbian
Posts: 1,899
Blog Entries: 36

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
What do your system logs (/var/log) and dmesg say about it? Check pc2 and run your commands with more verbosity (-v).

Last edited by sag47; 04-15-2016 at 11:03 AM.
 
Old 04-15-2016, 11:29 AM   #10
retghy
LQ Newbie
 
Registered: Jul 2011
Posts: 17

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sag47 View Post
What do your system logs (/var/log) and dmesg say about it? Check pc2 and run your commands with more verbosity (-v).
What would you need exactly? I am using verbosity with the SSH command, and already pasted the output.

Syslog is a big file from I what I know, what filter should I use?

Last edited by retghy; 04-15-2016 at 11:30 AM.
 
Old 04-16-2016, 03:00 AM   #11
sag47
Senior Member
 
Registered: Sep 2009
Location: Raleigh, NC
Distribution: Ubuntu, PopOS, Raspbian
Posts: 1,899
Blog Entries: 36

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
Quote:
Originally Posted by retghy View Post
What would you need exactly? I am using verbosity with the SSH command, and already pasted the output.

Syslog is a big file from I what I know, what filter should I use?
I am saying you should read them while you're attempting to connect for potential related errors. Web search lines that look like could be the cause.
 
Old 04-24-2016, 04:25 PM   #12
retghy
LQ Newbie
 
Registered: Jul 2011
Posts: 17

Original Poster
Rep: Reputation: Disabled
Unhappy

I cannot find what the problem is or where to keep looking...

The tunnel is created but no internet connection..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] ssh tunnel Paul! Linux - Security 6 03-03-2015 10:38 AM
SSH Reverse Tunnel - ~/.ssh/config - PHP marcelp1 Linux - Newbie 1 05-28-2014 12:49 AM
Initiate ssh tunnel to connect to ssh? brianmcgee Linux - Security 2 09-07-2011 10:07 AM
setting up an ssh soxy or local ssh tunnel from within an ssh soxy Mangenius Linux - Networking 0 03-05-2007 03:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration