BenV's notes

Tag: firewall

Windows Firewall blocking applications

by on Mar.10, 2012, under Software

These days windows has a built-in firewall that’s good enough for most people. However, other than nagging you about “OH NOES YOU’RE ON A NEW NETWORK!!! ALERT!!! ALERT!!!” you need to go through quite a hassle to manually say “Don’t allow this program to make outbound connections“, something that I often want. (for example when running pirated^Wnetwork tests). (continue reading…)

Leave a Comment :, more...

The wonders of SSH forwarding

by on Aug.21, 2009, under Boring

This is trivial stuff, but nice to know.

Do they have a cute little firewall at your work that only allows outgoing traffic on a certain port? Does some site have retarded IP restrictions? Does the piratebay block you from home?
Have no fear, ssh is slow as a bear. (huh?)

Anyway, you could use an anonymous proxy to get around all of this, but they are often slow and hard to find. Not only that, they often require you to use a specific port.
So the simple solution for all this: use ssh. Of course this requires you to have ssh access on a machine outside of the network that you’re trying to get out of.
But if you don’t even have that, you probably suck anyway. (get lost with your micro~s fail piece of cardboard).

Solution #1, for simple TCP port forwards. For instance when you’re trying to access a remote snmp server that has the irc port (6667 by default) firewalled:

idiot@yourmachine$ ssh -L 1234:127.0.0.1:6667 ip.of.irc.machine
*username and password stuff*

After a successful login you can now connect an IRC program to localhost on port 1234 and it will act as if you were connecting to the remote machine directly. (bypassing the firewall).
Woei. Too bad this fails for UDP though. You also need to keep the ssh connection open, but that’s pretty obvious.

Solution #2, for a real proxy solution. When you’re trying to access a remote web server it becomes more annoying to use a simple port forward, since your browser will not pass the correct
information to the remote server. (It will say Host: 127.0.0.1 for where it was supposed to be Host: www.piratebay.org for example).
To make this work we simply turn ssh into a socks proxy like this:

moron@yourmom$ ssh -D 1234 ip.remote.shell.machine
*username and password stuff*

Now you can enter localhost and port 1234 in your browser’s proxy configuration in the SOCKS proxy section. Magic, you can now go to any site and it will be tunneled through the nicely encrypted ssh session. (although it might be a bit slower).

Well, so much for the obvious stuff today.

1 Comment :, , , , more...