General :: Create An External SSL Wrapper/tunnel Page For An Insecure Webpage Behind A Firewall?
Mar 14, 2011
I have an security cam with a built-in webpage inside my home network. That camera is using basic HTTP authentication instead of SSL. I want to be able to access the camera's webpage from outside my network, but I don't want to open an unencrypted video stream to the outside world. Right now, I'm doing some cumbersome ssh tunneling where I bounce off an ssh server like: ssh -N -L 9090:[URl]..and then I connect to my web page like: http://localhost:9090
But this is a pain. Now, gentle reader, I beseech you to tell me how I can use linux (Ubuntu) to get a fully encrypted SSL connection to my internal web page without the hassle of creating an ssh tunnel each time. I believe I can use stunnel, but I'm not sure of the command.
I've set up a Lan-to-Lan (routed) OpenVPN tunnel. For redundancy I want to set up a second VPN tunnel on a fallback gateway/firewall on the client side. Currently, both sides (server/client) know how to route packets across each others physical LAN. So no NAT is used. When the primary gateway (fw1) is connected to the VPN server all traffic runs via the fw1 tunnel. Than when the secondary gateway (fw2) connects to the VPN server and fw1 is still connected all traffic for fw1 will be delivered to fw2 and effectively destroying traffic intended for fw1. This is of course no problem if I first shutdown (fence) fw1, than set up fw2 to use the gateway IP address from fw1 and set up the VPN tunnel to the VPN server. Effectively replacing fw1 with fw2 on the client side. However, I can't seem to find a decent howto.
I am also exploring the possibility to let both tunnels active and let OpenVPN (or another tool) decide how to route packets back and forth the different LANs. A virtual IP between two gateway's both running a VPN or something similar. This would be the preferred method of course. However, I don't know how to tackle this one but I'm pretty sure there are people out there who are happy to share their 2 cents.
Machine A is located behind client firewall. The machine runs telnetd. This is Linux machine with Python 2.5.4 installed. I do not know the IP addy of the router and firewall is not open incoming. outgoing firewall is open.
Machine B (Windows machine) is a server with well known IP address. I can install any programs I want on either machine.
The idea is that I want Machine A to open a socket to machine B. Then I want to hold that socket and use to run a telnet session from Machine B to Machine A telnetd server.
I have set up a Ubuntu 10.10 server. I have been using ssh tunnels to encrypt my web traffic at public wifi. I am trying to make this server as secure as posible so I enabled ufw. I allowed SSH and HTTP traffic in and denied everything else. But when I do that I can not use SSH -D because when I try to visit a webpage it does not load and I get the following.
Code: uname@mybox:~$ channel 3: open failed: connect failed: Connection timed out ^C uname@mybox:~$ fclchannel 4: open failed: connect failed: Connection timed out ^C uname@mybox:~$ exit logout
What do I have to do to allow ufw to allow ssh tunnels through?
I am now using CentOS5 as the server providing Apache services. I have managed to setup the web page under /home/user1/public_html, now I wish to change the default web page of our server to /home/user1/public_html. i tried to modify httpd.conf, in which i changed the "/var/www/" to the above user directory, but didnot work. Please kindly suggest.
I Need to make an SSL tunnel over SSH, I need to create exactly an SSL tunnel,I have a situation like that, I heared it is possible,but don't know how to create an SSL tunnel over SSH i am having putty installed on my pc,So i think i can use putty for this purpose, But i don't know how to do this.
I wanted to create an ssh tunnel but I do not know what commands to run .. my environment is as follows: LAN Internet Office LAN Home PC <-> Linux firewall <-> http server..
According to the above what I figure is that I have an internal web server at my job and I need to create a tunnel to access the web server from my PC in my home. I know I can do a port forwarding with the firewall but I don't want to publish this web server to Internet. My home PC and both servers (firewall and web) are ubuntu. My idea is create a ssh tunnel that forward port 8080 on localhost in my home pc, to the firewall (obviously with public ip), and the the firewall forward to port 80 on office web server at my job. Note that the firewall accepts ssh connections to port 22, same for web server...
Just give you the background:1) Let's call the two machines, Box A and Box B.2) OpenSSH is running on both machines.3) Key based authentication is setup between two users on these two machines, and both can login into the other with: "ssh user@host" with no problems at all.4) I'm also port tunnelling over SSH to encrypt some traffic between the two machines: "ssh -f -N -L 1000:HOSTNAME:1000 user@HOSTNAME"I can obviously then use "localhost:1000" to connect Box A to port 1000 on Box B securely.However ... and this is my problem ... I want this port tunnelling connection to be automatic when I boot the machine, e.g. "Presession" and "before" a user logs in.I tried adding to gdm/PreSession/Default: "ssh -f -N -L 1000:HOSTNAME:1000 user@HOSTNAME"But the problem then is because the user is not *logged in* at this stage, it can't use the user's private key to connect to the server, and hence can't automatically create the connection.How do I get Box A to automatically create a tunnel over a port to Box B, without any intervention from me, *prior* to any users logging in?
when my laptop connects to internet. I have placed the script in /etc/network/if-up.d/.The scripts is being run when it should, but the SSH-tunnel isn't created.I can however run the script manually, as root, and then the tunnel is created.
Just give you the background:1) Let's call the two machines, Box A and Box B.2) OpenSSH is running on both machines.3) Key based authentication is setup between two users on these two machines, and both can login into the other with no problems at all.4) I'm also port tunnelling over SSH to encrypt some traffic between the two machines. (I did have the port tunnelling code here, but this forum won't let me post URL ).I can obviously then forward port 1000 on Box A to port 1000 on Box B, securely.However ... and this is my problem ... I want this port tunnelling connection to be automatic whenoot the machine, e.g. Presession" and "before" a user logs in.I tried adding the tunnel command to gdm/PreSession/Default, but the problem then is because the user is not *logged in* at this stage, it can't use the user's private key to connect to the server, and hence can't automatically create the connection.
I'm trying to create EoIP interface on ubuntu so i can create a simple tunnel to my mikrotik router. Is there anyone know how or even done that? If EoIP is not possible, is there any other simple way?
I had already read and thought about doing it with OpenVPN, but when I read the community documentation for OpenVPN on ubuntu 10.10, I fear it won't connect the tunnel to mikrotik OpenVPN server, since OpenVPN on ubuntu uses 2 certificate and 2 key files(as i read on the docs), but mikrotik configuration, i can see only 1 certificate can be applied on. This confuses me and make me decide to use EoIP(but i can't find any tutorial/docs about it). I don't actually need the encryption and security, i just need to create a tunnel for ubuntu and mikrotik.
I'm looking for a tutorial on how to create a simple pppd tunnel between two machines. I've found alot of tutorials about pppd over ssh (using the pty option) but for the purpose I just want a simple pppd tunnel.
Specs host 1: lan ip 10.101.10.20 running slackware 13.0 host 2: lan ip 10.101.10.21 running slackware 13.1
I'm working with a dual-boot laptop running Ubuntu 10.0/Windows 7 and a Debian 5 VPS while the OS's shouldn't have much impact on my question.
What I would like to do is create a html page that I can upload to my VPS which lists all of the files/folders on my local 2TB hard drive (Specifically media such as Movies, Music, TV Shows...). The media obviously will not reside on the server, but I would like to at least have a list which will allow me to select, for instance, a bands artist so that it redirects me to the albums in the directory below.
Ultimately, I'm looking for Open Directory Browsing without actually having the media on my server. I have been attempting to create something to this effect using lynx, however, I'm not sure if it can be done with this command or if it's even possible for that matter.
I have been having a couple of problems with various programs, and though I have read some threads that addressed the issues, they haven't solved myproblems.Keeping in mind for this, I have the 10.04 lucid version of Ubuntu.Now, a few days ago, Transmission decided to stop downloading songs. Transmission says that a port is closed, and I'm not entirely sure that that is the problem. Still, I attempted to go into my modem, and it didn't work. The page wouldn't load. I tried to get into my firewall, and I couldn't figure out how. A friend of mine who also has Ubuntu gave his Transmission a try, and it worked. When he checked the port, it also said that it was closed. So, I have no idea what the problem could be.Second, I have a Creative Zen Mosaic EZ300, and have been trying to get software to use it on my computer. I can sync to it, and add songs, but I can't delete or edit anything. I tried gnome, but it didn't recognize the player.
I need to write a wrapper script for iostat functionality . in solaris unix i have iostat but in linux i don't have iostat , so I need to write a wrapper script which does all the functionality of iostat . i am entirely new to scripting
i have a server running vsftpd, and when i connect to it from the server itself using my externel ip address, everything checks ok, and i can browse files. but when i try to do the same on a windows computer on my network, this is what happens: [my externel ip is blocked out with x]
now mind you, my linux server is running from port forwarding from my router, which is connected to the main computer, and i have ssh and squid running as well. not sure if those two have any affect on the service. i think this is a problem with the firewall, because i have read somewhere that multiple ports need to be open for a passive ftp to work.
Since I installed FC11 I can't get vpnc to work (I always getno response from target").Also I can't ping any external IP even with the firewall disabled.What I see strange is that I had the same configuration in FC10 and the router configuration seems okay to me:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.64.64.64 * 255.255.255.255 UH 0 0 0 ppp0
All has been fine with my emails but today morning when i tried to log on I got an error message "You must be logged in to access this page, go to logon page" I dont understand why even when i supply my correct user name and password.
I don't know what bugzilla wants to know. I tried to create a new report, but I failed at the first page/question. THe page ask me to enter a classification. But I don't know want that could be. I check multible times but I got always just a big red EM. What's to enter at 'named tag' and at 'to bugs'?
I've already tried Seamonkey to create a web page but can find no way to create a web form in which I want to create form fields. Before moving to Ubuntu I used Microsoft FrontPage to create web pages with form fields. This was easy to do. what is available to do the same in Ubuntu?
The title of this post may sound like it's real easy and simple enough for a noob to do but my situation isn't noobish.I have this script that i found on the internet that i wish to edit and create a new user and set a pass word AND create a default web page in the /var/www/html directory. This is the script with my edits included. The commented out field are my own editing.....
Code: #!/bin/bash # Script to add a user to Linux system if [ $(id -u) -eq 0 ]; then