A great way to proxy your connections is to use port forwarding
through an SSH tunnel. SSH tunnels allow you open up a listening
port on your local workstation, connect to your server via SSH,
and then use your server as a SOCKS4/5 proxy. You can then
use any application that supports SOCKS4/5 proxies to access
resources using the IP address of the server you have logged into
via SSH.
The first step in this process is to have a shell account on a remote
SSH server that you would like to use for your tunneling. Several
companies offer cheap shell accounts that can be used for this purpose.
The Super Dimension Fortress (SDF) Public Access UNIX System5
offers SSH tunneling/port forwarding as a part of their MetaARPA
membership for $36 a year.
Setting up an SSH tunnel to be used as a SOCKS4/5 proxy in Linux
or Mac OS X is simple. Just follow these steps:
1. From a shell on your workstation, launch ssh to your server with
the –D flag:
$ ssh user@shell-server.net -D1080
This sets up dynamic application-level port forwarding by binding a
listening socket to your system on TCP port 1080. If the connection
succeeded, you should see the SSH client listening on the port specified.
$ sudo netstat –tnlp | grep 1080
tcp 0 0 127.0.0.1:1080 0.0.0.0:* LISTEN 17190/ssh
2. You can now configure applications that support SOCKS4/5
proxies to use your workstation (localhost or 127.0.0.1) and TCP
port 1080 for connections. Your SSH server will effectively be a
SOCKS proxy accessible to your local system.
3. You can be more specific with SSH tunneling by forwarding
connections to a certain local port to a specific IP and port combination.
For example, if you only wanted to proxy your SSH connections
to unlockedworkstation.com on TCP port 80, you would do the following:
$ ssh user@shell-server.net -L2080:unlockedworkstation.com:80
4. Now you can make connections to your localhost on TCP
port 2080 and they will be proxied through your SSH server
to the IP address for unlockedworkstation.com on TCP port 80.
$ wget http://localhost:2080
When you use ssh to set up a tunnel, it will result in a command
shell on the SSH server. You may not want to keep this window
open, but if you close it, your tunnel will no longer persist. To
alleviate this problem, you can keep the connection alive and
throw it in the background. The following is a modified version
of one of our earlier examples.
$ ssh user@shell-server.net -D1080 –f –N
The –f flag requests that the SSH client process goes into the
background just before command execution. The –N flag tells
SSH not to execute any remote commands (just maintain an open tunnel).
SSH Proxies on Windows
The steps to accomplish an SSH tunnel on a Windows workstation
are very different, but can still be easily accomplished with the
PuTTY SSH client. The Web Hosting Talk website has a good post
with step-by-step instructions for doing this with PuTTY.
(*) http://sdf.lonestar.org
(*) http://www.chiark.greenend.org.uk/~sgtatham/putty
(*) http://www.webhostingtalk.com/showthread.php?t=539067
biOos
No comments:
Post a Comment