The wonders of SSH forwarding
by BenV on Aug.21, 2009, under Boring
This is trivial stuff, but nice to know.
Do they have a cute little firewall at your work that only allows outgoing traffic on a certain port? Does some site have retarded IP restrictions? Does the piratebay block you from home?
Have no fear, ssh is slow as a bear. (huh?)
Anyway, you could use an anonymous proxy to get around all of this, but they are often slow and hard to find. Not only that, they often require you to use a specific port.
So the simple solution for all this: use ssh. Of course this requires you to have ssh access on a machine outside of the network that you’re trying to get out of.
But if you don’t even have that, you probably suck anyway. (get lost with your micro~s fail piece of cardboard).
Solution #1, for simple TCP port forwards. For instance when you’re trying to access a remote snmp server that has the irc port (6667 by default) firewalled:
idiot@yourmachine$ ssh -L 1234:127.0.0.1:6667 ip.of.irc.machine
*username and password stuff*
After a successful login you can now connect an IRC program to localhost on port 1234 and it will act as if you were connecting to the remote machine directly. (bypassing the firewall).
Woei. Too bad this fails for UDP though. You also need to keep the ssh connection open, but that’s pretty obvious.
Solution #2, for a real proxy solution. When you’re trying to access a remote web server it becomes more annoying to use a simple port forward, since your browser will not pass the correct
information to the remote server. (It will say Host: 127.0.0.1
for where it was supposed to be Host: www.piratebay.org
for example).
To make this work we simply turn ssh into a socks proxy like this:
moron@yourmom$ ssh -D 1234 ip.remote.shell.machine
*username and password stuff*
Now you can enter localhost and port 1234 in your browser’s proxy configuration in the SOCKS proxy section. Magic, you can now go to any site and it will be tunneled through the nicely encrypted ssh session. (although it might be a bit slower).
Well, so much for the obvious stuff today.
1 Trackback or Pingback for this entry
October 21st, 2009 on 18:27
[…] And if you would like to use… oh I don’t know… tor… or maybe simple ssh proxying support to test stuff from an external IP instead of from inside your local network, or for whatever your […]