Filter piercing with Linux

by Scott Morris @ 7:15 am. Filed under General Linux, How-To, SUSE Tips & Tricks, ssh tips

The other day, I was given a challenge. My friend said to me, “I sure wish I knew how to get around this filter.” Of course, he was talking about a web content filtration system that was active on the network’s Internet connection. I thought about it for a second, looked around to see if anyone was listening, and whispered, “I can show you how to do that.”

What’s funny is that it is a one-line command, and uses the ssh command.

The idea is that you set up a tunnel between two computers. One is the computer that you are on, which is behind the filter (in a local network with the connection being filtered). The other computer is one accessible from the Internet to which you have ssh access. This might be your router box at home, or your web server, or whatever machine. As long as it is directly on the Internet and you can ssh into it.

The next thing you need is to know the hostname of the machine you are trying to access (which your filter is blocking). If this is a single webhost, you can just use that machine directly. If it is several webhosts, you are in a bit of a bind. This is because when you set up the tunnel, you can only forward the connection to a single host.

It’s probably a great time to start using examples. Alright, so I am on a machine which is in a local network. My machine will be called alpha. Now, I also have a router box at home. I am going to use this box to set up my tunnel. This machine is called homebox.

Now, I can create my ssh connection, but I still need to tell homebox to forward my HTTP requests to somewhere. The catch is that I can only tell it a single place. Therefore, if it is one webhost, I’m great. However, if there are multiple websites that I want to access, I would have to tell homebox to forward my HTTP requests to some kind of HTTP proxy server. Then, because the proxy server just forwards requests, it will be able to hit any and all websites, rather than just a single one.

I will call the proxy server notreal.proxyserver.com.

The cool part of the ssh tunnel is that I can tell the end on the local alpha machine to listen for connections. When something connects, that connection is forwarded to homebox, which is then forwarded to notreal.proxyserver.com, which makes the actual request to the site that we are trying to view. When the page is served, it first arrives at notreal.proxyserver.com, then gets sent to homebox, and finally arrives back at alpha.

Now, all we have to do is tell these machines which ports to do all this on, and we are SET! To do this, I will give you the syntax:

ssh -L [LOCAL PORT TO LISTEN ON]:[PROXY SERVER]:[PROXY SERVER PORT] [USERNAME]@[SSHSERVER]

OK, so my local port to listen on will be 8080. The proxy server is notreal.proxyserver.com. The proxy server port will be 8080. The username will obviously be a user that exists on your ssh server, which in this case is homebox. Thus, the final commandline will look like this:

ssh -L 8080:notreal.proxyserver.com:8080 scott@homebox

Once you have that connection established, do not close the window. As long as that window is open, your tunnel is active.

All you have to do now is set the proxy server in your browser to 127.0.0.1 and port to 8080, and you will have access to whatever websites your heart desires.

Ain’t Linux cool?!

Share and Enjoy:

If you enjoyed this post, make sure you subscribe to my RSS feed!

[Comments (4)] [link]

4 Responses to “Filter piercing with Linux”

Gabriel Gunderson Says:
July 15th, 2006 at 9:09 am
Be careful, in many work places that could cost you your job. Right, wrong or otherwise, many jobs require you to sign something saying that you will not bypass filters that are in place.

Just a word of warning. Enjoy
Javier Guerra Says:
July 15th, 2006 at 9:21 am
look into the -D option to ssh; it turns the tunnel into a SOCKS-compatible proxy, letting you connecto to any number of remote machines.
dietrich Says:
July 15th, 2006 at 1:58 pm
Gabriel Gunderson’s caveat noted,

You can also use a ‘R’everse port tunnel (with the -R)

The idea being, assuming you have a work PC behind a firewall that blocks port 22 inbound.

Assuming you have a legimate and blessed scenario, you can reverse tunnel out of your firewall to your home PC on a high non-priviledged port (e.g. port 10000)

Once the ssh reverse tunnel is established, you can ssh from home to your work PC.

Think of it as being a “poor man’s” VPN.

And the icing on the cake is that you can also tunnel vnc over the ssh connection.

The office PC, if Windows, a sshd server running, so either Putty or Cygwin will do (Cygwin being my preference).

OK, ssh your brains out!

Static (!@#$%^&) Click. Blip.
dietrich Says:
July 15th, 2006 at 2:25 pm
P.S.

The -f switch will tell ssh to run in the background, so there’s no issue as to your bolded ‘don’t close the window’

Ok Auf Wiedersehen!

Static (!@#$%^&) Click. Blip.

internal links:

SUSE Resources

Computer World

Desktop Linux

http://www.opensuse.org/

search blog:

rss feeds

Site RSS Subscription

Comments RSS Subscription

news & syndication

March 2010
S	M	T	W	T	F	S
« Feb
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

latest tweets:

Anyone have a 350Z/370Z that I can drive around for a few hours? 2 days ago
The skunk thunk the sunk sump pump in the stump stunk. 2 days ago
Five Tools for Measuring and Improving Linux System Performance | Linux.com http://tinyurl.com/yd8wglz 1 week ago
Beginner's Guide to Nmap | Linux.com http://ow.ly/1pEKDr 1 week ago
The Church History Symposium on Fri was spectacular. Vaughn J. Featherstone and Pres. Kimball's son were highlights for me. Fully loved it! 1 week ago
A magician was driving down the road... then he turned into a drive way. 2 weeks ago
No cavities for me. Yay! :) 2 weeks ago
Just finishing getting our proprietary Windows software humming along on wine. At 1:00 AM. 2 weeks ago
More updates...

OpenSUSE Linux Rants

July 15, 2006