[leaf-user] Secure browsing...
Hello all -- I'm an older leaf user -- haven't really bothered to upgrade because there was no reason to -- I'm using Eigerstein 1680k. However, if I can't do this with eigerstein, then maybe this will be a motivation to move up if I can do it with something else. Anonymizer.com offers a pay service for ssh tunnelled secure browsing -- so you can browse at work kind of stuff. SSH to their server, and tunnel your browser through it. They, in turn, push that out onto the internet -- So your boss doesn't know you're searching monster, or a competitor's site, or reading your browser-based email for that matter. I know I can tunnel my browser through ssh to my LRP at home to view a webserver on my internal network at home, but how about redirecting that browser outside onto the internet? I'd localhost:8080 my browser from work, which would go to my lrp, which would, in turn go out onto the internet. I know I'm missing some piece here because port forwarding only works to a specific machine - there has to be another piece, but I don't know what it is Anybody have any thougths? thanks. mike. ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Secure browsing...
On Thu, 23 May 2002 08:25:30 PDT Michael McClure wrote: > Anonymizer.com offers a pay service for ssh tunnelled secure browsing -- > so you can browse at work kind of stuff. SSH to their server, and > tunnel your browser through it. They, in turn, push that out onto the > internet -- So your boss doesn't know you're searching monster, or a > competitor's site, or reading your browser-based email for that matter. > I know I can tunnel my browser through ssh to my LRP at home to view a > webserver on my internal network at home, but how about redirecting that > browser outside onto the internet? If you setup a proxy server on your firewall or internal network at home, you can setup an ssh tunnel to your proxy server and then use the proxy over the tunnel. Apache is pretty easy to setup as a proxy server and I have used it exactly as you described above. There many other proxy servers that would work too, including squid and junkbuster. Technically, the proxy doesn't need to be on your network at all. You could setup a tunnel like so: ssh myhost -L 8080:public.proxyserver:proxyport The traffic between myhost and public.proxyserver would not be encrypted, but you'd still be encrypted from the the ssh client host to myhost. --Brad > I'd localhost:8080 my browser from > work, which would go to my lrp, which would, in turn go out onto the > internet. I know I'm missing some piece here because port forwarding > only works to a specific machine - there has to be another piece, but I > don't know what it is > > Anybody have any thougths? > > thanks. > mike. ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Secure browsing...
I got this to work successfully! In fact, I'm sending this message through an SSH tunnelled http session right now!. Here's what I did. 1) Download "proxy" from analogx.com: www.analogx.com/contents/download/network/proxy.htm This is a windows based proxy server. Install it on a windows box running on your internal network. It's super easy, just run the install and read the readme. 2) Start the proxy server on your windows box. 3) Set up port forwarding in your ssh session to your from some localhost port (I used 8080) to your internal windows proxy server on port 6588 (proxy's port). 4) From work (I dialed in), ssh to your LRP Router/LEAF. 5) On your browser, set the browser to use a proxy server. The hostname is "localhost" and the port is whatever localhost port you used in step 3 above. (again, I used 8080). 6) Start up your browser, and VOILA! you have secured browsing -- It's secure between your office an home, but not secure behind your LEAF -- but then again, that's why we have a LEAF, right! 7) You can verify that your LEAF is doing the proxy, by, from you LEAF ssh session, doing an ipchains -ML (or whatever your command is to look at masqueraded sessions). You should see something from the IP of your internal windows proxy to the site you are browsing. Happy Secure Surfing! mike. Quoting [EMAIL PROTECTED]: > > How do you tunnel your browser through ssh to your LRP at home? I > would > like to do the same. > > Can it be done from windows? > Are you using PuTTY to do this? > What is the syntax of the comand? > > Cam > > On Thu, 23 May 2002, Michael McClure wrote: > > > Hello all -- > > > > I'm an older leaf user -- haven't really bothered to upgrade because > > > there was no reason to -- I'm using Eigerstein 1680k. However, if I > > > can't do this with eigerstein, then maybe this will be a motivation to > > > move up if I can do it with something else. > > > > Anonymizer.com offers a pay service for ssh tunnelled secure browsing > -- > > so you can browse at work kind of stuff. SSH to their server, and > > tunnel your browser through it. They, in turn, push that out onto the > > > internet -- So your boss doesn't know you're searching monster, or a > > > competitor's site, or reading your browser-based email for that > matter. > > I know I can tunnel my browser through ssh to my LRP at home to view > a > > webserver on my internal network at home, but how about redirecting > that > > browser outside onto the internet? I'd localhost:8080 my browser from > > > work, which would go to my lrp, which would, in turn go out onto the > > > internet. I know I'm missing some piece here because port forwarding > > > only works to a specific machine - there has to be another piece, but > I > > don't know what it is > > > > Anybody have any thougths? > > > > thanks. > > mike. > > > > > > > > ___ > > > > Don't miss the 2002 Sprint PCS Application Developer's Conference > > August 25-28 in Las Vegas -- > http://devcon.sprintpcs.com/adp/index.cfm > > > > > > > leaf-user mailing list: [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > > > Michael McClure [EMAIL PROTECTED] ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Secure browsing...
I'm still wondering how to tunnel my http traffic thought ssh to my internal web server. I use Putty to connect to a RH box behind LEAF from outside giving me a comand line interface. Is the tunneling done by somehow directing traffic through PuTTY ? Cam (sorry if this got sent twice) On Fri, 24 May 2002, Michael McClure wrote: > > I got this to work successfully! In fact, I'm sending this message through an > SSH tunnelled http session right now!. > > Here's what I did. > > 1) Download "proxy" from analogx.com: > www.analogx.com/contents/download/network/proxy.htm > > This is a windows based proxy server. Install it on a windows box running on > your internal network. It's super easy, just run the install and read the > readme. > > 2) Start the proxy server on your windows box. > > 3) Set up port forwarding in your ssh session to your from some localhost port > (I used 8080) to your internal windows proxy server on port 6588 (proxy's port). > > 4) From work (I dialed in), ssh to your LRP Router/LEAF. > > 5) On your browser, set the browser to use a proxy server. The hostname > is "localhost" and the port is whatever localhost port you used in step 3 above. > (again, I used 8080). > > 6) Start up your browser, and VOILA! you have secured browsing -- It's secure > between your office an home, but not secure behind your LEAF -- but then again, > that's why we have a LEAF, right! > > 7) You can verify that your LEAF is doing the proxy, by, from you LEAF ssh > session, doing an ipchains -ML (or whatever your command is to look at > masqueraded sessions). You should see something from the IP of your internal > windows proxy to the site you are browsing. > > Happy Secure Surfing! > > mike. > > > > Quoting [EMAIL PROTECTED]: > > > > > How do you tunnel your browser through ssh to your LRP at home? I > > would > > like to do the same. > > > > Can it be done from windows? > > Are you using PuTTY to do this? > > What is the syntax of the comand? > > > > Cam > > > > On Thu, 23 May 2002, Michael McClure wrote: > > > > > Hello all -- > > > > > > I'm an older leaf user -- haven't really bothered to upgrade because > > > > > there was no reason to -- I'm using Eigerstein 1680k. However, if I > > > > > can't do this with eigerstein, then maybe this will be a motivation to > > > > > move up if I can do it with something else. > > > > > > Anonymizer.com offers a pay service for ssh tunnelled secure browsing > > -- > > > so you can browse at work kind of stuff. SSH to their server, and > > > tunnel your browser through it. They, in turn, push that out onto the > > > > > internet -- So your boss doesn't know you're searching monster, or a > > > > > competitor's site, or reading your browser-based email for that > > matter. > > > I know I can tunnel my browser through ssh to my LRP at home to view > > a > > > webserver on my internal network at home, but how about redirecting > > that > > > browser outside onto the internet? I'd localhost:8080 my browser from > > > > > work, which would go to my lrp, which would, in turn go out onto the > > > > > internet. I know I'm missing some piece here because port forwarding > > > > > only works to a specific machine - there has to be another piece, but > > I > > > don't know what it is > > > > > > Anybody have any thougths? > > > > > > thanks. > > > mike. > > > > > > > > > > > > ___ > > > > > > Don't miss the 2002 Sprint PCS Application Developer's Conference > > > August 25-28 in Las Vegas -- > > http://devcon.sprintpcs.com/adp/index.cfm > > > > > > > > > > > leaf-user mailing list: [EMAIL PROTECTED] > > > https://lists.sourceforge.net/lists/listinfo/leaf-user > > > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > > > > > > > > > > Michael McClure > [EMAIL PROTECTED] > > ___ > > Don't miss the 2002 Sprint PCS Application Developer's Conference > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm > > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Secure browsing...
I'm not sure I know how to tell you any more than I already have. Set up SSH Tunneling -- it is a session property. I don't know if putty has it -- can somebody else on the board please tell us if putty has port forwarding? Otherwise, Cam, download the trial copy of secureCRT to work with. Set up the session properties like I suggested in my other email. Install the proxy server on your RH box. Set the IE to use a proxy server using the localhost tunnelled port. The http calls will go to the local port. SecureCRT will notice the call out on that port on your local machine. SecureCRT will direct it through the SSH tunnel to your SSH Server. Your SSH server has been told, by port forwarding, to take anything coming over the local port, to send it to the proxy server. Once done at the proxy server, the browsing will work normally as a proxy server. Good luck. mike. Quoting [EMAIL PROTECTED]: > > I'm still wondering how to tunnel my http traffic thought ssh to my > internal web server. I use Putty to connect to a RH box behind LEAF > from > outside giving me a comand line interface. Is the tunneling done by > somehow directing traffic through PuTTY ? > > Cam > > (sorry if this got sent twice) > > On Fri, 24 May 2002, Michael McClure wrote: > > > > > I got this to work successfully! In fact, I'm sending this message > through an > > SSH tunnelled http session right now!. > > > > Here's what I did. > > > > 1) Download "proxy" from analogx.com: > > www.analogx.com/contents/download/network/proxy.htm > > > > This is a windows based proxy server. Install it on a windows box > running on > > your internal network. It's super easy, just run the install and read > the > > readme. > > > > 2) Start the proxy server on your windows box. > > > > 3) Set up port forwarding in your ssh session to your from some > localhost port > > (I used 8080) to your internal windows proxy server on port 6588 > (proxy's port). > > > > 4) From work (I dialed in), ssh to your LRP Router/LEAF. > > > > 5) On your browser, set the browser to use a proxy server. The > hostname > > is "localhost" and the port is whatever localhost port you used in > step 3 above. > > (again, I used 8080). > > > > 6) Start up your browser, and VOILA! you have secured browsing -- > It's secure > > between your office an home, but not secure behind your LEAF -- but > then again, > > that's why we have a LEAF, right! > > > > 7) You can verify that your LEAF is doing the proxy, by, from you LEAF > ssh > > session, doing an ipchains -ML (or whatever your command is to look at > > > masqueraded sessions). You should see something from the IP of your > internal > > windows proxy to the site you are browsing. > > > > Happy Secure Surfing! > > > > mike. > > > > > > > > Quoting [EMAIL PROTECTED]: > > > > > > > > How do you tunnel your browser through ssh to your LRP at home? I > > > would > > > like to do the same. > > > > > > Can it be done from windows? > > > Are you using PuTTY to do this? > > > What is the syntax of the comand? > > > > > > Cam > > > > > > On Thu, 23 May 2002, Michael McClure wrote: > > > > > > > Hello all -- > > > > > > > > I'm an older leaf user -- haven't really bothered to upgrade > because > > > > > > > there was no reason to -- I'm using Eigerstein 1680k. However, if > I > > > > > > > can't do this with eigerstein, then maybe this will be a > motivation to > > > > > > > move up if I can do it with something else. > > > > > > > > Anonymizer.com offers a pay service for ssh tunnelled secure > browsing > > > -- > > > > so you can browse at work kind of stuff. SSH to their server, and > > > > > tunnel your browser through it. They, in turn, push that out onto > the > > > > > > > internet -- So your boss doesn't know you're searching monster, > or a > > > > > > > competitor's site, or reading your browser-based email for that > > > matter. > > > > I know I can tunnel my browser through ssh to my LRP at home to > view > > > a > > > > webserver on my internal network at home, but how about > redirecting > > > that > > > > browser outside onto the internet? I'd localhost:8080 my browser > from > > > > > > > work, which would go to my lrp, which would, in turn go out onto > the > > > > > > > internet. I know I'm missing some piece here because port > forwarding > > > > > > > only works to a specific machine - there has to be another piece, > but > > > I > > > > don't know what it is > > > > > > > > Anybody have any thougths? > > > > > > > > thanks. > > > > mike. > > > > > > > > > > > > > > > > ___ > > > > > > > > Don't miss the 2002 Sprint PCS Application Developer's > Conference > > > > August 25-28 in Las Vegas -- > > > http://devcon.sprintpcs.com/adp/index.cfm > > > > > > > > > > > > > > > > leaf-user mailing li
Re: [leaf-user] Secure browsing...
Quoting Michael and Cam: cam> I'm still wondering how to tunnel my http traffic thought ssh to cam> my internal web server. I use Putty to connect to a RH box behind cam> LEAF from outside giving me a comand line interface. Is the cam> tunneling done by somehow directing traffic through PuTTY ? mm> I'm not sure I know how to tell you any more than I already have. mm> Set up SSH Tunneling -- it is a session property. I don't know if mm> putty has it -- can somebody else on the board please tell us if mm> putty has port forwarding? PuTTY does support port forwarding. You can do it with just putty.exe and tweaking the Connection->SSH->Tunnels properties. Rather than explain how to work the GUI, here's how to do it with plink[1]. Run: plink.exe -ssh you@a_RH_box -L :internal_web_server:80 and after you've logged in, point the browser on the machine you started plink on to: http://localhost:/ You should see the web server running on internal_web_server. internal_web_server and a_RH_box can be the same hostname if you are SSHing to the web server; the topology wasn't clear from your description. Hope that helps. If not, please reply with more specific details about what you're trying and how it is failing. --Brad [1] http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Secure browsing...
I think that may be the ticket. I have wondered in the past what those other utlities on PuTTY download page were for. Thanks for the info. I will give it a try tomorrow. Cam On Mon, 27 May 2002, Brad Fritz wrote: > > Quoting Michael and Cam: > > cam> I'm still wondering how to tunnel my http traffic thought ssh to > cam> my internal web server. I use Putty to connect to a RH box behind > cam> LEAF from outside giving me a comand line interface. Is the > cam> tunneling done by somehow directing traffic through PuTTY ? > > mm> I'm not sure I know how to tell you any more than I already have. > mm> Set up SSH Tunneling -- it is a session property. I don't know if > mm> putty has it -- can somebody else on the board please tell us if > mm> putty has port forwarding? > > PuTTY does support port forwarding. You can do it with just > putty.exe and tweaking the Connection->SSH->Tunnels properties. > Rather than explain how to work the GUI, here's how to do it > with plink[1]. Run: > >plink.exe -ssh you@a_RH_box -L :internal_web_server:80 > > and after you've logged in, point the browser on the machine you > started plink on to: > > http://localhost:/ > > You should see the web server running on internal_web_server. > internal_web_server and a_RH_box can be the same hostname if > you are SSHing to the web server; the topology wasn't clear from > your description. Hope that helps. If not, please reply with > more specific details about what you're trying and how it is > failing. > > --Brad > > [1] http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html > > > ___ > > Don't miss the 2002 Sprint PCS Application Developer's Conference > August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm > > > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Secure browsing...
THANKS BRAD! OK, Cam, so if you follow Brad's suggestion, you will be able to browse an internal webserver. However, if you want to browse the web in general, Brad is missing something. You'll need a proxy server - like squid for your RH box (I run a windows proxy server on port 6588). Let's say squid also runs on port 6588 (it doesn't, but I don't know what port it runs on so let's just use this as an example). Change his Brad's plink command to : plink.exe -ssh you@a_RH_box -L :internal_squid_server:6588 Now, in your Internet Explorer (or other browser), set it up to use a proxy server. The proxy server address is "localhost" the port is . Once you do that, your browser will be tunnelled on port through SSH to your proxy server which will push your HTTP requests out onto the internet. Should be straightforward now. good luck. mike. Quoting Brad Fritz <[EMAIL PROTECTED]>: > > Quoting Michael and Cam: > > cam> I'm still wondering how to tunnel my http traffic thought ssh to > cam> my internal web server. I use Putty to connect to a RH box > behind > cam> LEAF from outside giving me a comand line interface. Is the > cam> tunneling done by somehow directing traffic through PuTTY ? > > mm> I'm not sure I know how to tell you any more than I already have. > mm> Set up SSH Tunneling -- it is a session property. I don't know if > mm> putty has it -- can somebody else on the board please tell us if > mm> putty has port forwarding? > > PuTTY does support port forwarding. You can do it with just > putty.exe and tweaking the Connection->SSH->Tunnels properties. > Rather than explain how to work the GUI, here's how to do it > with plink[1]. Run: > >plink.exe -ssh you@a_RH_box -L :internal_web_server:80 > > and after you've logged in, point the browser on the machine you > started plink on to: > > http://localhost:/ > > You should see the web server running on internal_web_server. > internal_web_server and a_RH_box can be the same hostname if > you are SSHing to the web server; the topology wasn't clear from > your description. Hope that helps. If not, please reply with > more specific details about what you're trying and how it is > failing. > > --Brad > > [1] http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html > > Michael McClure [EMAIL PROTECTED] ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Secure browsing...
--On Monday, May 27, 2002 10:00 AM -0400 [EMAIL PROTECTED] wrote: > I'm still wondering how to tunnel my http traffic thought ssh to my > internal web server. I use Putty to connect to a RH box behind LEAF from > outside giving me a comand line interface. Is the tunneling done by > somehow directing traffic through PuTTY ? The concept is like this: box1 > box2 ...> network2 (SSH) (SSH) The tunnel then makes a port on box1 (Web/HTTP port for example) act as if it was another host located on network2 (or reachable therefrom). For example: box1 -> box2 > box3 (SSH) (SSH) (HTTP) ### --> (HTTP) Note that if you are tunnelling this way, then data from box2 to box3 is NOT encrypted. Also note that you then would (on box1) use this url: http://127.0.0.1/ --or-- http://box1/ ...instead of this one... http://box3/ Note also, that the SSH session used to create the tunnel may have a shell or may not. I know Teraterm/SSH allows you to port forward, and only does it with a shell. OpenSSH and other UNIX variants allow you to run ssh in the "background" with port forwarding and no SSH shell. One other thing to be aware of - what you want is almost certainly called "local port forwarding" and not "remote port forwarding." Just to be aware. I thought there was a portforwarder for PuTTY at the DOS command line Me, I use (when I use Telnet/SSH under Windows, that is) Teraterm/SSH. It gives you top-notch telnet, ssh, AND port-forwarding. ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] Secure browsing...
Everything works. Thanks to all. I used plink and tinyproxy. Cam ___ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
