| View previous topic :: View next topic |
| Author |
Message |
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1744
|
 Posted: Sat Sep 15, 2007 11:10 am Post subject: I need a proxy! |
 |
|
As more and more sites have started to use geographic information, while traveling, I frequently find myself increasingly unable to: a) use certain financial websites, b) view media restricted to certain countries.
I would like to install a proxy server on a home machine so that I can access it while on the road. I obviously want to restrict the proxy server to only accept connections from me (definitely using ssh and preferably with a certificate).
I don't know anything about setting up and using proxies at all, and I have several questions:
Does a general proxy exist that would work with both web pages and applications like mplayer (to forward connections to media servers)?
Does anyone have any recommendations?
Can someone point to a good (and preferably simple) configuration guide? |
|
| Back to top |
|
 |
Jointy
Tux's lil' helper
Joined: 23 Dec 2005
Posts: 142
Location: Saarbrücken
|
|
| Back to top |
|
|
Voltago
Advocate
Joined: 02 Sep 2003
Posts: 2593
Location: userland
|
| Posted: Sat Sep 15, 2007 11:56 am Post subject: |
|
|
You already have one: openssh. You just need sshd running at home. When away, contact it with
| Code: | | ssh -NfD 1080 user@address.of.your.server |
This opens a SOCKS proxy on localhost:1080 that relays all your traffic via ssh to your server. |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1744
|
| Posted: Sat Sep 15, 2007 1:15 pm Post subject: |
|
|
| Voltago wrote: | | Code: | | ssh -NfD 1080 user@address.of.your.server |
This opens a SOCKS proxy on localhost:1080 that relays all your traffic via ssh to your server. |
Seems simple enough. :) So sshd will automatically forward my requests, or do I need to configure anything special?
How do I set up something like Konqueror? Enable Proxy? Enable SOCKS support? Both? |
|
| Back to top |
|
|
Beju
Apprentice
Joined: 30 Mar 2006
Posts: 171
|
| Posted: Sat Sep 15, 2007 2:20 pm Post subject: |
|
|
Of course enabling proxy is required  Hmm, I think SOCKS should be also enabled (I've never used the Konqueror ), but on the other hand my 'version' of Internet Explorer doesn't work with that. You should set Your proxy to 127.0.0.1:1080 (if You used Voltago example), sometimes "http://127.0.0.1:1080" is required. For applications without proxy support env variables [http|https|ftp|etc...]_proxy env variables might come in handy. |
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23062
|
| Posted: Sat Sep 15, 2007 5:19 pm Post subject: |
|
|
| One caveat applies to the solutions posted so far: all of them assume that the applications you want to use are aware of proxies and will fully obey them. Depending on the applications involved, you may be better off using a full blown VPN. ssh has support for that too, via the TUN/TAP options. You could also use OpenVPN (SSL vpn; see also OpenVPN primer) or OpenSwan (IPsec vpn). |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1744
|
| Posted: Sun Sep 16, 2007 2:18 am Post subject: |
|
|
I can't get it to work yet.
First of all, do applications have to have specific SOCKS support (instead of just proxy support)? It seems that KDE (meaning any KDE application) won't work with this setup. If I understood what I read, KDE needs a separate SOCKS client.
Likewise, Opera (notoriously) has no SOCKS support. |
|
| Back to top |
|
|
Voltago
Advocate
Joined: 02 Sep 2003
Posts: 2593
Location: userland
|
| Posted: Sun Sep 16, 2007 10:42 am Post subject: |
|
|
| curmudgeon wrote: | | First of all, do applications have to have specific SOCKS support (instead of just proxy support)? |
Yes (if you want to use openssh).
| curmudgeon wrote: | | It seems that KDE (meaning any KDE application) won't work with this setup. If I understood what I read, KDE needs a separate SOCKS client. |
KDE supports SOCKS, there is a 'SOCKS' section in KControl->Network->Proxy.
For applications without explicit SOCKS support, have a look at net-proxy/dante. |
|
| Back to top |
|
|
xbmodder
Guru
Joined: 25 Feb 2004
Posts: 404
|
| Posted: Sun Sep 16, 2007 9:27 pm Post subject: |
|
|
I'd say use openvpn. When you add a tunnel setup a route for your house through your default GW, and for default through your home's GW.
_________________
http://xbmodder.us/ |
|
| Back to top |
|
|
Voltago
Advocate
Joined: 02 Sep 2003
Posts: 2593
Location: userland
|
| Posted: Sun Sep 16, 2007 9:39 pm Post subject: |
|
|
| xbmodder wrote: | | I'd say use openvpn. |
If it's only for web-browsing and mail, openvpn is overkill IMO. |
|
| Back to top |
|
|
MiXi-IL
n00b
Joined: 21 Aug 2005
Posts: 36
Location: Technion
|
| Posted: Mon Sep 17, 2007 9:45 am Post subject: |
|
|
Assuming you travel with a Linux laptop, you can install there a software called tsocks:
tsocks is used to tunnel all network traffic of a program invisibly through your socks server (which, as mentioned before can be opened using ssh)
Configuration isn't much of a burden:
You have an example file in /etc/socks, there you can see how to config it. Actually, because configuration is 3 lines I show it here:
In my gentoo box I open the following in a seperate console (and keep it alive). I randomly chose port 2021 to be the SOCKS port.
| Code: |
ssh -D2021 my.proxy.server -l myuser
|
The configuration file in /etc/socks/tsocks.conf matches that port number:
| Code: |
# local address -> this is for local access, bypass tunneling. Put your IP/subnet here.
local = 100.100.100.0/255.255.255.0
# Otherwise we use the server
server = 127.0.0.1
server_port = 2021
|
Usage is easy:
Have fun. |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1744
|
| Posted: Tue Sep 18, 2007 3:01 am Post subject: |
|
|
| Voltago wrote: | | KDE supports SOCKS, there is a 'SOCKS' section in KControl->Network->Proxy. |
Yes, but it asks which socks implementation you have installed (NEC or Dante). That suggests to me (not that I know anything about this) that it won't work without one of those. |
|
| Back to top |
|
|
Voltago
Advocate
Joined: 02 Sep 2003
Posts: 2593
Location: userland
|
| Posted: Tue Sep 18, 2007 7:38 am Post subject: |
|
|
| curmudgeon wrote: | | Voltago wrote: | | KDE supports SOCKS, there is a 'SOCKS' section in KControl->Network->Proxy. |
Yes, but it asks which socks implementation you have installed (NEC or Dante). That suggests to me (not that I know anything about this) that it won't work without one of those. |
NEC SOCKS is the standard SOCKS and implemented by ssh. |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1744
|
| Posted: Tue Sep 25, 2007 5:57 am Post subject: |
|
|
It works great with Pidgin (which has built in SOCKS support).
But I still can't get it to work with anything KDE. In Konqueror, I went to the SOCKS tab, and clicked on "Enable SOCKS support," then selected "NEC SOCKS."
On the proxy tab, I selected "Manually specify the proxy settings," and entered localhost (port 1080) in the HTTP field.
But I keep getting:
| Code: | An error occurred while loading http://any.site:
Connection to host any.site is broken. |
Can somebody tell me how to get this to work with Konqueror? Thanks. |
|
| Back to top |
|
|
curmudgeon
Veteran
Joined: 08 Aug 2003
Posts: 1744
|
| Posted: Wed Oct 03, 2007 2:47 am Post subject: |
|
|
| Still need help with this. Thanks. |
|
| Back to top |
|
|
Basin
n00b
Joined: 16 Jul 2004
Posts: 41
|
| Posted: Sat Oct 06, 2007 8:25 pm Post subject: |
|
|
I've just being trying to do the same, firewalled access to my university network has been making my kde apps crash randomly when they try and use the network, because the connections never seem to timeout or close.
Anyway, the point is I've eventually sorted it out by installing privoxy, dante and ssh, using ssh to connect to a shell server on my university network, which has a real ip address of its own, then connecting both privoxy and dante through the ssh socks tunnel. Then I told konq to use privoxy as its http proxy and dante for socks, and everything's rosy again. I'm not sure why konq refuses to use socks for http connections.
btw to route privoxy through socks, go down to the forwarding section in /etc/privoxy/config and uncomment the line that says something like 'forward-socks4 .......' and change the ip address/port to the appropriate values.
If anyone is interested in an init script to automatically set up the tunnel, I have one. |
|
| Back to top |
|
|
enigma128
n00b
Joined: 28 Feb 2009
Posts: 9
|
| Posted: Sun Mar 01, 2009 1:18 am Post subject: |
|
|
| Voltago wrote: | You already have one: openssh. You just need sshd running at home. When away, contact it with
| Code: | | ssh -NfD 1080 user@address.of.your.server |
This opens a SOCKS proxy on localhost:1080 that relays all your traffic via ssh to your server. |
Thanks man, I just ran a search and this was exactly what I was looking for.
I used to do this via Bitvise Tunnelier on WinXP.
What command would I issue to close this connection properly if it was sent to the background (other than hard killing the process)? |
|
| Back to top |
|
|
|
Networking & Security
