Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running Suse 10.0 with ssh running on my home linux box. I am able to connect fine from my windows machine using putty. I want to be able to tunnel all my traffic, specifically http, ftp, pop to my home pc.
I see there is a category in putty for tunneling. I was wonder is it that easy? Do I simply have to tell putty to forward all traffic on 80 or 8080 etc and it will hook all my IE or Mozilla, or FTP transfers and forward them to my home machine when I run putty? The many reason is that I want to do webpage updates and check my email securely when i'm using wifi since wep is practically worthless.
You've got it all wrong!
Read some 2000 pages more and come back only after you are done!
SSH is not meant for that, as for secure mail, that's up to your provider.
There's no reason for me to start teaching now, so read some more 2000 pages!
No one teached me my basics!
Thanks, that was real helpful. Note my sarcasm. I'm not usually like this, but rtfm doesn't really help. As for reading 2000 pages, I don't want to know everything there is to know about ssh, I just want to get it up and running.
ok, worksman was a bit hars. but ssh really is not meant for that kind of traffic, as far as i know. but the again, i am no guru. all i use ssh for is X forwarding, sftp and remote control via command line.
Originally posted by Worksman You've got it all wrong!
Read some 2000 pages more and come back only after you are done!
SSH is not meant for that, as for secure mail, that's up to your provider.
There's no reason for me to start teaching now, so read some more 2000 pages!
No one teached me my basics!
I really hope this was some kind of joke. If a mod sees this, you'll get a lecture. Better read the rules while you are reading one of the 2000 pages.
I believe that what you are talking about is possible, but possibly not the best solution.
- FTP should not be a problem, you can use sFTP which you can use with PuTTY.
- For HTTP, you would need to be running a proxy server on your SSHd. You might be better using an SSL proxy over the Net.
- POP is the one that I have heard of before be tunnelled over SSH. Again though, you would need a POP server running on your SSHd.
SSH port forwarding only forwards the connection to a port on the machine that sshd is running on . Therefore for most of what you describe, you would need to be running servers to forward the connection on again from your sshd.
A better solution to the wireless security issue is to use freeradius to do 802.1x authentication with EAP-TLS or PEAP encryption. This is quite easy to set up - check out:
This is a 3 part tutorial which I found really helpful. You might need to google for parts II and III.
Another solution to the overall problem might be to set up some sort of VPN into your home network. I'm not all that familiar with this solution, but check out FreeSWAN.
Firstly I want to apologize if I semed a little hars. I was just saing that mac should read the manual. He says that won't help him in any way, but from my own experience that *is* what helped me! At first reading man pages was hard for me too, but after I realized how fast I can solve my problem if I just follow the manual than wait for posts on some forum, I never configure something or say something about some *thing* without reading its man page. So 2000 pages is just a way of saying RTFM (read: Read The Fine Manual ).
Now about what you've asked, ok I'll just write my own opinion based on what I understand from your post(I would like it to have been more specific).
Tunelling your web traffic thruw ssh is not the best option, the whole line must be secure, meaning both ends have to support ssh.
A way to secure your web traffic is to use encryption, just like sshd does. This is HTTP secure. Or use a proxy?
Also about checking your mail securely, is the POP/IMAP sever third party?
If so then the third party must give you ssh support to check your mail, i.e login to that machine and check your local mailbox.
If it is in maildir format, then the mailbox should be like /home/'use'/.maildir/.
If it's mailbox format then it's something like /var/spool/mail or /var/mail (I donno because I have no interest in this, and besides who uses it?).
Then you would have to use a mail client (MUA) that would read the mail like mutt for example.
Also you can check your mail securely provided you have encryption support from the third party again.
For example google's gmail provides POP access usinf TLS encryption. I use gmail.
That means that you do not need to use a web interface to check your mail, you can uses any MUA like mutt, MS Outlook, Mozilla Firebird.
Also transfering files thruw ssh is possible with the use of scp. There is a windoze verison too, pscp, IIRC.
So what you ask is possible, but somewhat hard to achieve and a bit pointless when you can have encryption support in the http (https) or ftp (ftps) protocols(and others).
Hmm I think I finished... I hope this helped... Now I have to go back to installing windoze on my laptop so good luck reading manuals.
I'm running Suse 10.0 with ssh running on my home linux box. I am able to connect fine from my windows machine using putty. I want to be able to tunnel all my traffic, specifically http, ftp, pop to my home pc.
I see there is a category in putty for tunneling. I was wonder is it that easy? Do I simply have to tell putty to forward all traffic on 80 or 8080 etc and it will hook all my IE or Mozilla, or FTP transfers and forward them to my home machine when I run putty? The many reason is that I want to do webpage updates and check my email securely when i'm using wifi since wep is practically worthless.
Thanks for any help.
I'm curious as to why you weren't given a simple answer to your question... it really is simple; I have done it in the past myself.
You are already to connecting to your home computer via putty. You are half way there. you need to do a few small things, in the end you will have a nice socks v4 (or 5) proxy which is actually a tunnel from putty to your home computer.
1. Find your sshd configuration file.
Code:
# locate sshd | grep conf
2. Edit it to allow port forwarding (with vi or whatever you use)
3. Stop the ssh service.
4. Start the ssh service. (if you don't know how to do 3, and 4, reboot your linux box)
5. Go to the windows computer.
6. Start putty, and under the tunnel section, configure a dynamic port forward of the port 1111 to localhost:22 (22= the port your home computer listens for ssh connections 1111 will be explained later)
7. save putty configuration.
8. ssh to your linux box with putty.
You now have a nice socks proxy with which you can use for just about anything. You simply have to configure any aplication to use the socks v4(you might want to try 5 aswel) on port 1111 (as stated above)
Let me know, personally, how it works.
Remember. ssh has wonderful encryption in the whole tunnel. Anything sent through is encrypted.
I'm curious as to why you weren't given a simple answer to your question... it really is simple; I have done it in the past myself.
Quote:
Originally Posted by fiery_ice
You now have a nice socks proxy with which you can use for just about anything. You simply have to configure any aplication to use the socks v4(you might want to try 5 aswel) on port 1111 (as stated above)
Hmm, does this work for multiple protocols at once? That's what he seemed to be asking. He would still require forwarders to the services that he specified.
Hmm, does this work for multiple protocols at once? That's what he seemed to be asking. He would still require forwarders to the services that he specified.
Yes. I used Firefox, while chatting on Gaim, while typing commands on my home linux box...
Don't forget to change the seconds between keepalives from 0 to 30 (or around there). This can be found in the connection settings.
This works with any program that supports the socks v5 proxy protocal.
Think of it as a personal proxy on the machine you are currently working on.(127.0.0.1:1111)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.