Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm regularly working, using a library's wifi network that does some pretty draconian port blocking, away from home. That's a problem for a few reasons--for example, I like to connect, via ssh, to my home computer where my e-mail client is installed and runs. I've also run into a few occasions where some web site was blocked by their filter, though that's been less of an issue. Finally, I recently switched instant messaging protocols and now use an xmpp client--only to discover later that they block port 5222. So it's been a bit of a PITA.
I suppose the easiest solution to this problem would be to bring an ethernet cable with me when I work there, find an active jack (they do have them), and plug into the wired network, where none of this silliness interferes. But I've taken the path of more resistance, and have been doing ssh tunneling to get around their restrictions.
Port 443 is open on their wifi network, and I do have a shell account where I can access ssh via port 443. So I've been tunneling my ssh sessions that way, have figured out how to do a socks proxy for those rare cases when I want to access some web page they block, and have even got an xmpp chat client working through an ssh tunnel as well as through that proxy (not the chat client I'd like to run: the one of my choice--mcabber--isn't working through the tunnel or proxy for some reason, though Pidgin does work).
So I've just been thinking, shouldn't I be able to route all these applications through a single tunnel or through the proxy rather than starting up separate tunnels/proxies for each? I've got both a browser and Pidgin working through a socks proxy I set up via ssh (-D switch). Seems like I might even be able to route my ssh sessions over that same proxy. If I could, I could simply run one command, telling all affected apps to use the same proxied port, thus simplifying things quite a bit.
Like I said, I think I've got the chat client and browser parts of this recipe resolved. So what I'd like to ask here is whether anyone can offer suggestions--if this is even possible--for getting ssh sessions to my home computer working over the socks proxy. How bout it, anyone have suggestions?
Or should I just throw in the towel and start dragging an ethernet cable along with me when I go to the library? Input will be appreciated.
There are a couple of solutions. The solutions I like best are different VPN solutions on non-standard ports. The problem I have discovered is that the WIFI network gets updates in these libraries I frequent, and the blocking changes. What works one day may fail the next.
My advice, try a free or free to try id protecting VPN solution and see if that works. Pack a wire though, just in case.
Here are a couple of links that seem to cover the task I'm trying to accomplish, namely running ssh through a socks proxy: https://www.jethrocarr.com/2013/03/1...socks-proxies/ and http://superuser.com/questions/45421...-socks-5-proxy I tried, with what seemed to me appropriate modifications, the formula described at the first link, but without success. That said, this task is kind of a mind-bender for me, involving as it does running ssh through an ssh session (the proxy is created using ssh with the -D switch). Still trying to work out whether it's possible and whether I'm conceiving of the problem/solution correctly.
(looks like I had the wrong version of netcat [the nc part of the formula]--gnu-netcat installed and needed instead to install openbsd-netcat)
After having set up a socks proxy on localhost that connects to the shell provider where I've got ssh access on port 443, using the ssh command
Code:
ssh -D 8080 me@my.shellacct.org -p 443
, running the previous command allows me to my ssh session through that socks proxy at localhost to my home computer. So, with these two commands, which I could make into a script and call it via an alias, for example, I can route all traffic I need from that library wifi connection and that would otherwise be blocked: xmpp, some http, and my ssh session. Maybe this'll be of help to someone else.
LATER EDIT: there should be a way to edit ~/.ssh/config to enter the ProxyCommand part of the formula so as to make the process of connecting by ssh a bit less cumbersome, but I have so far not managed to figure out just how the entry should look.
EVEN LATER EDIT: I puzzled out how the ~/.ssh/config entry should look for this to work. Using values found in the above example, the entry should look something like this:
Code:
Host homehost
HostName my.homehost.net
ProxyCommand /usr/bin/nc -X 5 -x localhost:8080 %h %p
User my-user
Port 1234
With those sorts of values in your .ssh/config file, you should, once the proxy has been initiated, be able to just enter at the command line ssh homehost and have it connect to the remote server using the proxy.
NOTE: I've just realized that the board is, for some reason, stripping out percentage signs from the code snippets I'm posting. Both the h and the p switches in the above examples are supposed to be preceded by a percentage sign (%h and %p). I don't think those entries will be valid if you try to run them without percent signs in front of those letters.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.