| View previous topic :: View next topic |
| Author |
Message |
cconroy
Tux's lil' helper
Joined: 26 Apr 2005
Posts: 81
|
 Posted: Wed Jun 08, 2005 3:13 am Post subject: Set up a Gentoo Box as a Secure, Private Proxy |
 |
|
I've done many google searches and forum searches before posting this. Basically every article out there on ssh port forwarding uses some specific example like protecting access to your Pop3 mailserver and shows how to forward the ports from an untrusted machine/network to a trusted one through an SSH tunnel.
However, that doesn't accomplish what I want:
I want to be able to use my home gentoo box as a private proxy for myself. So, I'm thinking I could ssh into my box, hopefully set up some kind of port forwarding, and then use localhost:somerandomport as my browser's proxy in order to route all my http traffic to a trusted machine.
Why do this? Well, a fairly common situation. I want to be able to browse the web at work WITHOUT the network admins being able to log what I do. I don't want them reading my email (web based) or looking at my google searches.
So, how would I go about doing this? A poor-man's setup would be to portforward to some public proxy on port 80, but I don't want to mess with that extra unnecessary hop. I just want my home machine to fetch the http and serve it to the work box for rendering in my browser with no prying eyes in the middle of the Work-Home connection. Also, the Work box is running Windows XP, but I should be able to get Putty on there.
Also, VNC is an option, but IMHO a really bad one. Seems like a huge hassle and totally unnecessary bandwidth hog. Would probably be faster to just use a public proxy. |
|
| Back to top |
|
 |
think4urs11
Bodhisattva
Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
|
| Posted: Wed Jun 08, 2005 5:54 am Post subject: |
|
|
Hi,
at first YOU should REALLY be aware that you WILL GET in TROUBLE if they catch you.
There IS a very good reason for your company to restrict internet access in the way THEY want, that includes every kind of tunneling, installing unofficial software as putty, ...
quick walkthrough, untested but should do, depending on your corporate security settings:
- using PuTTY you can ssh into 'home'
- establish with the port-forward feature a tunnel from an unused port on your work machine to an unused port on your home machine
- establish a second port forward from your home machine to the port your proxy listens on your home machine
- change the browser settings on work to use the port configured above on your work machine as proxy
-> all corporate sees will be encrypted traffic from some random port from your work machine through their proxy going to some machine on the internet (your home box)
If you really want to do this you should be able to find the more technical in-depth commands for the above steps in the forums.
HTH
T.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself |
|
| Back to top |
|
|
maj_tom
n00b
Joined: 01 Nov 2004
Posts: 2
|
| Posted: Thu Jun 09, 2005 2:20 am Post subject: putty and squid |
|
|
First, I have to agree with Think4UrS11. You can get in trouble for breaking the rules, no matter how cleverly you break them.
I recently set something like this myself. I have a friend at a school which aggressively filters the websites so I set up a proxy for him to use. The upside is that I now send all the surfing in my house through the squid proxy for marginal speedups. My procedure:
1. Double check your firewall rules. Make sure you're not preparing to shoot yourself in foot.
2. Install, configure, and test squid on the home proxy machine. It's in portage, just emerge squid. One important configuration change I made was to only allow connections to the proxy from localhost:
| Code: | | http_port 127.0.0.1:3128 |
3. Set up putty to tunnel web traffic to your proxy through the ssh connection. There are some good guides out there if you google "putty port forwarding." You want to forward the traffic on port 3128 of your local machine to port 3128 of the home proxy machine. In putty's "tunnels" configuration screen: set "Source port" to 3128, and "Destination" to localhost:3128.
4. Set your web browser to look for a proxy at localhost:3128. Now when you ssh into the home machine, you can surf the web using it as a proxy through the encrypted connection to the home machine.
(It's been a while, I hope I didn't leave anything out.) |
|
| Back to top |
|
|
cconroy
Tux's lil' helper
Joined: 26 Apr 2005
Posts: 81
|
| Posted: Thu Jun 09, 2005 2:30 am Post subject: thanks for the replies |
|
|
Thanks for the replies. Regarding breaking rules, etc... It's more a paranoia about them logging my activities. MOST companies log their employee's web activities, and I'm not even sure if that is happening at my office, but just in case, I'd like to have this set up. I'm certainly not dumb enough to use it to do anything bad from the office (anyways my monitor faces a lot of open space that people can walk through---mostly I need to be able to do personal email from work without worrying whether the boss is reading it or not...especially if say...i'm looking for something better than my crappy job! 
I've got the setup working on my home LAN, but it's looking like port 22 isn't open so I'm going to have to tunnel through port 80 it looks like.... |
|
| Back to top |
|
|
maj_tom
n00b
Joined: 01 Nov 2004
Posts: 2
|
| Posted: Thu Jun 09, 2005 2:43 am Post subject: |
|
|
| Quote: | | it's looking like port 22 isn't open so I'm going to have to tunnel through port 80 it looks like.... |
That shouldn't be a problem; you can have sshd listen on any port you are able to accept incoming traffic (hint: ListenAddress or Port keywords in sshd.conf), then set putty to ssh to that port. Good luck. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
