Ubuntu Networking :: SSH Through HTTP Proxy Locally
Feb 18, 2010
I'm behind a very blocked firewall that only allows connections through port 80 and 443. I wish to ssh to my machine at home, but the port is blocked. Is there a simple server that I can run to route my ssh connection through http?
there's a way to locally proxy or spoof just one web page. That is, use tsocks or hosts or something so that when I run an application that requests [URL], it receives /home/user/myversion.html, but for any other address it gets the normal page. Seems simple enough, if a little unusual... (I'm trying to work around a wget bug.)
My school network uses a http proxy to access the internet, but I am dubious about the security, and so I would like to use http inside ssh to keep my data secure. I don't really know where to start on this, so a step-by-step guide, or links to resources, would be helpful.
I have a http proxy account. It works well under windows through wodTunnel(an active X control component). But, I usually works under linux. I want to use it here. But I don't know how. I tried gstm, it can connect to the server successfully, but it seems can't respond to my http request. What should I do next?
Machine 1) I have a Server with RHEL5. eth0 = 192.168.48.x (static class C ip connected to VLAN switch)
Internet available via HTTP proxy through vlan but from other main server but not from machine below.
Machine 2) I also have a Server with RHEL4. eth0 = 124.30.XXX.xxx (public IP for availing internet) eth1 = 192.168.60.xxx (class c ip to share internet via squid on the same LAB) eth2 = 192.168.16.xxx (class c ip connected to VLAN switch)
Now what I want is ssh connectivity available to Machine 1, so as to enable remote machines on the internet connected. I know that it might be hard for Machine 1 to share ssh directly on the internet but if there is any kind of tool or tricks to setup pls tell. So the only chance is ssh via machine 2 then after connected to Machine 2 then again ssh to Machine 1. But how do I make ssh available online? IPtables are set correctly machine 2 can't be ping on the internet.
I'm a little stumped on this one so I reaching out to see if anyone here has any idea. I just changed my ISP to Surewest as they're doing fiber straight to the house in my area so I have 8Mbps up and down.
I have my linux box running openssh and I have no problems SSHing into it from my remote laptop at work. I use putty to connect to it and create a tunnel so I can configure my firefox to use it as a SOCKS proxy. The problem is my response time for page loads in firefox is atrocious now. It'll take over a minute to load yahoo.com. The only real differences in my setup now are my ISP and router hardware at home. Previously, I was using the firewall that was built into my AT&T Uverse gateway. Now, I'm using my old Linksys WRT54G v5.0 router with the latest firmware. My linux box is wired directly into it with ethernet. When I run the speed tests from that box I get my correct speeds of 8Mbps up and down with <15ms ping. From what I can tell, all of my router settings are correct.
I am trying to configure an eBox to act as an http proxy but having trouble using that proxy on client computers to browse internet. The ifconfig on ebox returns the following:
eth0 is on the internal lan with the client from which I want to access the internet eth1 is can access internet all right.
The ifconfig on a client returns eth0 Link encap:Ethernet HWaddr 00:0C:29:46:58:7F inet addr:10.45.48.102 Bcast:10.45.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fe46:587f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:16014030 errors:0 dropped:0 overruns:0 frame:0 TX packets:835276 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1297106653 (1237.0 Mb) TX bytes:738158694 (703.9 Mb)
I configured the Firefox on the client to use eBox's ip address/port in the proxy settings but I still can't get on the internet.
eBox is on a vmware workstation 7. It is eBox 1.4.1 eBox has two virtual nics (above) - one is NAT (eth1) and the other is bridged (eth0) The client is on vmware ESXi 4.0. It's an openSUSE 11.2.
i want to redirect the packet to proxy server. can u help me.
Present network.
MY internal network ==> switch ==> proxyserver ==> router ==> internet. (for internet i use to connect proxy, in web browser==> lan settings ==> proxy server ip address )
What i want is
My internal network ==> getway or firewall ==> switch ==> proxy server ==> router==> internet. ( where this getway or firewall i can configure for forward http request to proxy server.)
so that i can separate my internal network from intranet but able to access the internet.
I have a problem setting up a SSH tunnel. I know how it's usually done, but the setup is different this time. I am behind a HTTP(S) and FTP proxy, that does NTLM authentication, and I want to access a server beyond the proxy. MY CLIENT <-> LAN <-> HTTP PROXY <-> INTERNET <-> MY SERVER
So far, the best I have achieved is installing and configuring CNTLM as a local proxy for the authentication part. Using CNTLM, I managed to access and mount a secured (https) DAV share using davfs2. In theory, CNTLM should let me setup permanent tunnels from local ports to distant ports, and it does; however these tunnels don't seem to work for SSH nor for IMAP (another protocol I tried).
I suspect the problem is that neither SSH nor IMAP is HTTP- or FTP-based, but anyway it does not work. So back to square one: how should I proceed to get ssh to connect through the HTTP proxy (with NTLM authentication) to the remote server? For that matter, if there's a better way than SSH to create a tunnel, that would work in my situation, that's OK with me. Just in case, here are the relevant parts from my firewall setup on the server:
# allow continuation of established connections iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t filter -A INPUT -f -j ACCEPT
# allow local connections iptables -t filter -A INPUT -i lo -j ACCEPT
# open ports: # ssh iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT Yves.
I'm trying to set up a server for an NPO who connects to the Internet through an internal proxy (Websense). I can't access the Internet unless through the proxy.
Since it's a server I did not install a GUI so I'm wondering how to connect the new server to said proxy server. I have the IP address, port number and username-password for the proxy server. The new server has a static IP address and is ready too go!
I need to redirect all http/https/ftp traffic through the remote proxy, but when I changes connection settings in browser or in System->Preferences->Network Proxy it doesn't work well: instead of getting page content browser asks for saving some short (8 bytes) file with the same content for all requested pages. It happens in Chrome/Opera/Firefox. This proxy requires authorization and works on computer with Windos XP. It worked well when I was using Windows 7 and Proxifier, now I have Ubuntu 9.10 with all available updates.
I've been trying to make myself anonymous, but I cant find 'Tor' anywhere, tried 'yum & kpackagekit' neither have it. I did find 'Privoxy', installed it, set proxy for HTTP and HTTPS in Firefox, but it says 'unknown proxy' when I try to use it! I've been to the Privoxy web site and read through the 'User manual', but most of it is 'geek' to me!
I've been doing some security testing in a lab environment that does not have direct internet access. It's actually a little complicated: From home to connect to my lab machine, I
1. SSH to machineA. 2. SSH from machineA to machineB
where machineB is my actual lab machine. neither machineA or machineB allow anything other than SSH, and machineB is only accessible from machineA. However, I really need to run yum on machineB. I have managed to get internet access via Firefox on machineB by creating a series of SOCKS proxy via SSH.
where machineC has internet without limits placed. This is the only way I have managed to get internet working. I tried using ssh -L all the way from machineB->machineA->machineC but it didn't work (even when setting Firefox to use http proxy). I tried using ssh -D all the way, but again that doesn't work either.
I do have access via Firefox using socks proxy. However, yum update fails to retrieve mirror list, and from what I have found I don't believe yum supports socks proxy directly. Instead, it uses http_proxy / ftp_proxy. how to get yum to go out over the SOCKS proxy I created (same one using in Firefox)? It seems like since Firefox can access the internet and everything without issues, i should be able to get yum to tunnel through the same connection to access everything.... I tried
I'm trying to setup a Centos 5.6 Squid Proxy Server with Content Filtering & Antivirus Scanning Incoming HTTP Traffic from the Internet
I then proceeded to setup an configure the Proxy Server, i was able to test and confirm that Squid and Dansguardian Content Filter is working, however i dont know if Clamav is scanning HTTP traffic before it hits the client/server. Is there a way i can check if the Antivirus scanning is working.. is there some log file or real world test i can i can do to confirm that Clamav is scanning incoming traffic or even blocking potential viruses ??
Anyone who has squid proxy server with Clamav configured and its working can share there settings/setup with me and how they tested it ??
I need to have Opensuse 11.2 use my proxy server here in the office and it is by hostname/ip:8080 only not HTTP. The problem is using Yast2 I don't have the option of using the proxy that way it wants http. I've been using opensuse on and off since 9 (great flavor BTW my favorite) Easy as you need it to be and just as complicated as you want it to be, a perfect mix.
My router has two bridges, br0 and br1. I'm sharing wifi access, and the guest subnet will be 192.168.2.x.The home subnet will be 192.168.1.x. I want all traffic destined for port 80 from the guest net to forward to a proxy port on a box on the home network. That's the only traffic I want to cross the bridges. How do I set this up with iptables on the router?
My box has to connect to internet using specified http proxy.I have set proxy in both kde control center and yast2 control center. They both tell me the proxy works fine. But when I really try to use yast2 to update my system, it report an error:
Code: Failed to download ./repo/repoindex.xml from [URL] History: - [AbstractCommand.cc:195] URI = [URL]
Even I try Code: export http_proxy=http://XXXX yast in command line,the error still exist.
In debian apt-get and slackware slackpkg,my proxy works fine. So I am sure it is not my fault and maybe it is a bug of yast2.
Computer A has two network interfaces. One is on a 255.255.255.240(eth0) subnet and has an IP of 192.168.1.6 and the other is on 255.255.255.0(eth1) subnet and has an IP of 192.168.1.64. eth1 can communicate with modem(192.168.1.254), which also acts as a gateway to the Internet. eth0 can communicate with my internal LAN, which consists of several computers including Computer B. This subnet 255.255.255.240 has it's own gateway to the internet at 192.168.1.1. However gateways will not apply to this scenario. I just added them to help paint a picture of my network.
What I am trying to do is tunnel http from a web server running on the modem(192.168.1.254) across to Computer B within my internal LAN and be able to view the http content via a browser. Sure I can just open a browser on Computer A, but I'm running Computer A headless. I can also curl it from a command line, but I'd like to learn how to tunnel across a subnet. If I get this to work, would I be able to interact with the site(i.e. make modem configuration changes)? or would it just be one way? How do I tunnel data from the eth1 subnet over to the eth0 subnet and over to Computer B on my internal LAN?
What I tried was the following: I setup a proxymini to run on Computer A and have it listening on the eth0 interface on port 8080 by using this command 'proxymini -l 192.168.1.6 -p 8080'. Then on computer B, I setup httptunnel -a 80 -p 192.168.1.254:80 -d 192.168.1.64:8080. Then I should be able to view the site through a browser on port 80 on the computer I run httptunnel? This setup isn't working.
I am working on a project to create a video conferencing environment. For this I use a default installation of BigBlueButton on ubuntu 10.04. One of the main problems here is that it's not safe enough to share classified documents trough this software. It's a simple webserver that uses nginx. What I want to do is make this connection secure.
One of the problems is that I don't only have a connection trough port 80 but it uses the following ports: Port 80 (HTTP), 1935 (RTMP), 9123 (Desktop sharing). I would like to use a proxy instead of some tunneling or vpn to do this. Would anyone happen to know anything about squid or another equivalent to do this?
My company web access is behind proxy(http://abc.proxy). Network admin can get to check who is top10 user and web they access. I owned a centos server. I have a thought that create an encrypted tunnel within proxy so the admin cant detect my http address. This is how it going to works
client with OpenVPN -> OpenVPN server(centos with company proxy)-> proxy -> internet
My connectivity in my client are using OpenVPN server as bridge. Hence, no record for client is recorded in my Network admin monitoring list. OpenVPN server's activity can be traced by network monitoring tools, just assume that our ultimate goal is to hide client activity.
I bought a firefox extension which support proxy with username and password, but seems only http version and not socks 5 server which I already have installed on server. I know for privoxy, but privoxy don't support username/password. Is there anything else what works with username/password? Also what is different between http and socks5?
I have searched and searched for a reverse proxy solution for non-website traffic. TCP but not http, on ports other than 80, 443, 8080, etc. Basically I just need a TCP forwarder that works with multiple TCP servers, WITHOUT webpage caching features. I do not need or want any webpage caching. Can squid work as a reverse proxy for TCP traffic without http? The other program I came across in searching was HAproxy. Both programs are for http but I am curious if they would work for TCP servers that do not serve webpages.
Using netcat, nc(1), craft a valid http/1.1 request for getting http headers (not the html file itself!) for the main index page of www dot aalto dot fi. What request method did you use? Which headers did you need to send to the server? What was the status code for the request? Which headers did the server return? Explain the purpose of each header.
nc -v www dot aalto dot fi 8080 HEAD / HTML/1.1 host: www dot aalto dot fi And it returns: 200 OK Content-Length: 858 Content-Type: text/html Last-Modified: Thu, 02 Sep 2010 12:46:01 GMT [Code]....
I really don't know what does it mean. Question 2: Using netcat, nc(1), start a bogus web server listening on the loopback interface port 8080. Verify with netstat(, that the server really is listening where it should be. Direct your browser to the bogus server and capture the User-Agent: header "Direct your browser to the bogus server and capture the User-Agent: header" I don't understand this question.
Will squid or HAproxy work to reverse proxy non-http traffic? I have searched and searched for a reverse proxy solution for non-website traffic. TCP but not http, on ports other than 80, 443, 8080, etc. Basically I just need a TCP forwarder that works with multiple TCP servers, WITHOUT webpage caching features. I do not need or want any webpage caching. Can squid work as a reverse proxy for TCP traffic without http? The other program I came across in searching was HAproxy. Both programs are for http but I am curious if they would work for TCP servers that do not serve webpages.
A Linux (CentOS5.3) server is setup with apache reverse proxy. The reverse proxy server is opened to outside and an internal server is mapped to ProxyPass configuration. SSL certificate is also installed on the Apache reverse proxy server. The problem is, it is extremely slow in serving http requests through reverse proxy. There is no problem with server resources or bandwidth. When the internal server is directly accessed through Internet, there is no delay. The backend server and the reverse proxy server are also on the same switch (same subnet). When I searched the Net, there were recommendations to enable cache in Apache. I did so as follows in httpd.conf.
But still there is no progress. Do I want to enable cache in ssl.conf too? Or is there any other workaround to speed up Apache reverse proxy. Is there a way to check that caching is happening?
Currently my DHCP Server is working now what i want to have is auto detection of squid proxy in any browser but I still got an error in my dhcp server when I restart it.
My Config:
# DHCP configuration generated by Firestarter ddns-update-style interim; ignore client-updates;
How would I set up a website that would be only accessible locally. There's a router machine (server) that keeps provides internet access for a number of client machines. I need to set up a learning platform (moodle) locally. The server machine runs moodle server (apache server) and students should have access to their accounts locally (no need to be accessible outside of LAN). First of all, what would be the best network configuration for it.Sorry for a dumb question, but could I just come up with any domain name if everything stays locally within LAN?
At the moment I have a proxy and all the users have to configure it in the browser to access internet. I want to make the users able to browse even without configuring the proxy in the browser. but eventually it should be received in the proxy rather than giving an error to the user. I heard with transparent proxy I can redirect all the traffic from a particular network, to a particular host( ie my existing proxy).
I tried this using firewall rules. But then the existing proxy doesn't understand the protocol of the requests. I heard that it should be in the kind of proxy protocol.