On Tuesday 15 February 2005 05:02 pm, James Miller wrote: > I've run across some material on the web recently that piqued my interest > owing to a situation we'll be faced with while on vacation. The situation > is as follows: we'll have access to a DSL connection for internet, but the > service blocks all but http/https traffic. So, no ftp'ing, instant > messaging or pop/imap checking will be possible. So the material I ran > across was interesting because it dealt with how to get around this sort > of port-blocking firewall. It described setting up a Linux machine on the > 'net somewhere that has sshd running, but sshd listens on port 443 (https) > rather than the traditional port 22. I've managed to get my Freesco router > to do this, so that much is in place and I can at least ssh into my > machine from behind the port-blocking firewall. Other things I read on > this seemed to indicate that ssh can act as something of a proxy so that > other internet-bound traffic can travel over that ssh connection and be > routed through the remote Linux box running sshd on port 443 to allow > other programs that use other ports to work. I'm a little hazy on > how/whether this works, so I'd like to ask for feedback on that here. Yep. Just add this line in sshd_config file Port 443 and killall -HUP sshd. It can listen on multiple ports so you dont have to lose it on port 22 just to listen on 443. Do both! :) > I checked the ssh manpage and it does seem to indicate that ssh can be set > to listen for traffic to a certain port. So, the remote machine has sshd > listening on port 443, and the local machine would log into it and be > instructed to listen for traffic on a certain port locally. Let's say the > port for ssh to listen on on the local machine is 8080. As I get it, to > start the sort of proxying I've mentioned, you would issue something like > ssh -L 8080:host.uwannalog.into:443 -l uname . Once you're logged in like > that, you set the apps you want to use on the local machine that use > blocked ports so that they use the localhost as proxy. They would have > localhost:8080 entered into their proxy options. Then, in theory, they > would be communicating with the wider 'net on which all ports might be > open over ssh via the remote Linux machine and its routing capabilities. > > This is so complex, it's almost worse than entering the twightlight zone. > But I'd just like to check if I've gotten any of it right, and to ask for > corrections on whatever I've gotten wrong. Help will be appreciated.
Yep, you're 95% of the way there. Instead of the -L option try the -D option. This works to circumvent IRC restrictions for me in school ;) Im not too well read on ssh forwarding so I dont know the technical difference between them, but it seems -D will get you by just fine at least for web. Open console, type ssh -l username -D6667 mysshserver.com Then ssh will act as a socks4/socks5 proxy. Set up application appropriately and it will go! > Thanks, James > - > To unsubscribe from this list: send the line "unsubscribe linux-newbie" in > the body of a message to [EMAIL PROTECTED] > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.linux-learn.org/faqs -- ---------------------------------------- --EB > All is fine except that I can reliably "oops" it simply by trying to read > from /proc/apm (e.g. cat /proc/apm). > oops output and ksymoops-2.3.4 output is attached. > Is there anything else I can contribute? The latitude and longtitude of the bios writers current position, and a ballistic missile. ����������������--Alan Cox LKML-December 08,2000 ---------------------------------------- - To unsubscribe from this list: send the line "unsubscribe linux-newbie" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.linux-learn.org/faqs
