Re: Download Manager with Socks proxy support
On 2009-04-21, MANI wrote: > Sorry if it's not related to OpenBSD, but I need to download some large > files through socks proxy on my OpenBSD box, and wget doesn't support socks > proxy ( I know about --with-socks option, but apparently it's no longer > supported according to: > http://www.mail-archive.com/w...@sunsite.dk/msg10824.html ) > > Do you know any download manager which supports socks proxy? > > Thanks, > -- Mani > > curl, or you can use a SOCKS wrapper like dsocks.
Download Manager with Socks proxy support
Sorry if it's not related to OpenBSD, but I need to download some large files through socks proxy on my OpenBSD box, and wget doesn't support socks proxy ( I know about --with-socks option, but apparently it's no longer supported according to: http://www.mail-archive.com/w...@sunsite.dk/msg10824.html ) Do you know any download manager which supports socks proxy? Thanks, -- Mani
Re: SOCKS proxy vs. HTTP proxy!
2009/2/16 Tony Berth : > Dear List, > > what is the functional difference between a SOCKS implemented proxy and a > HTTP one? > > Thanks > > Tony http://en.wikipedia.org/wiki/SOCKS#Comparison_between_SOCKS_and_HTTP_proxies regards, --ropers
Re: SOCKS proxy
Thanks a lot for your help. I was missing that '-o' ssh option. Cheers Tony On Mon, Feb 16, 2009 at 11:30 PM, Pete Vickers wrote: > As I put in my initial email, the key is the -o option "ProxyCommand" > > > http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config > > and search for it, there is even a similar example included. > > > /Pete > > > > > > > On 16 Feb 2009, at 17:28, Tony Berth wrote: > > The order is the following: >> >> A(ssh client) - C(http proxy server) - - B(ssh server with >> static >> IP) >> >> Now A can't access the Internet. I can only run a browser on that machine >> which includes the details from C and only then I can surf/have access to >> the Internet only on ports 80 and 443! >> >> As a result ssh from A to B doesn't work. >> >> If I use putty on A and define the details of C in the putty proxy dialog >> box, I can open a ssh session to B. >> >> So the question is, how does this action of putty gets translated into an >> ssh command? Which flag should I use from the ssh command line in order to >> achieve the same result? >> >> Thanks >> >> Tony >> >> On Fri, Feb 13, 2009 at 2:05 PM, Pete Vickers wrote: >> >> Hmm, I can't grok you problem description, since it's ambiguous. >>> >>> >>> there are serveral devices here: >>> >>> A. ssh client >>> B. ssh server >>> C. http(s) proxy server >>> D. http(s) proxy client (web browser) >>> >>> >>> I thought you mean A+D were one device, C was an interim device, and B >>> was the remote device. >>> >>> Do you instead mean A+C are the same device ? or that B+C are the same >>> device ? >>> >>> B+C on the same device seems to make the most sense, I guess. - eg. >>> you want the tunnel your http sessions over your ssh sessions, and use >>> a proxy server (e.g. squid) on your ssh server device. in which case a >>> line like this in the relevant line in your client's "~/.ssh/config" >>> would do it: >>> >>> LocalForward 8080 127.0.0.1:8080 >>> >>> and then set your web browser to use a proxy at 127.0.0.1:8080 >>> >>> >>> >>> /Pete >>> >>> >>> >>> >>> On 13 Feb 2009, at 13:45, Tony Berth wrote: >>> >>> Hi Pete, by "http proxy" you mean your proxy sitting in your machine where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers wrote: Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~> cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD="CONNECT $1:$2 HTTP/1.0" echo "yyy${CMD}yyy" >&2 (echo "$CMD$LF" echo cat ) | nc proxy_server_ip_address 8080 | ( while read L && [ ! -z "${L%$LF}" ]; do echo "xxx${L%$LF}xxx" >&2; done cat ) [p...@air] ~> cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~> ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: >>> http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls >>> I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2&a=0&b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
As I put in my initial email, the key is the -o option "ProxyCommand" http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config and search for it, there is even a similar example included. /Pete On 16 Feb 2009, at 17:28, Tony Berth wrote: The order is the following: A(ssh client) - C(http proxy server) - - B(ssh server with static IP) Now A can't access the Internet. I can only run a browser on that machine which includes the details from C and only then I can surf/have access to the Internet only on ports 80 and 443! As a result ssh from A to B doesn't work. If I use putty on A and define the details of C in the putty proxy dialog box, I can open a ssh session to B. So the question is, how does this action of putty gets translated into an ssh command? Which flag should I use from the ssh command line in order to achieve the same result? Thanks Tony On Fri, Feb 13, 2009 at 2:05 PM, Pete Vickers wrote: Hmm, I can't grok you problem description, since it's ambiguous. there are serveral devices here: A. ssh client B. ssh server C. http(s) proxy server D. http(s) proxy client (web browser) I thought you mean A+D were one device, C was an interim device, and B was the remote device. Do you instead mean A+C are the same device ? or that B+C are the same device ? B+C on the same device seems to make the most sense, I guess. - eg. you want the tunnel your http sessions over your ssh sessions, and use a proxy server (e.g. squid) on your ssh server device. in which case a line like this in the relevant line in your client's "~/.ssh/config" would do it: LocalForward 8080 127.0.0.1:8080 and then set your web browser to use a proxy at 127.0.0.1:8080 /Pete On 13 Feb 2009, at 13:45, Tony Berth wrote: Hi Pete, by "http proxy" you mean your proxy sitting in your machine where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers wrote: Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~> cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD="CONNECT $1:$2 HTTP/1.0" echo "yyy${CMD}yyy" >&2 (echo "$CMD$LF" echo cat ) | nc proxy_server_ip_address 8080 | ( while read L && [ ! -z "${L%$LF}" ]; do echo "xxx${L%$LF}xxx" >&2; done cat ) [p...@air] ~> cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~> ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2&a=0&b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
SOCKS proxy vs. HTTP proxy!
Dear List, what is the functional difference between a SOCKS implemented proxy and a HTTP one? Thanks Tony
Re: SOCKS proxy
The order is the following: A(ssh client) - C(http proxy server) - - B(ssh server with static IP) Now A can't access the Internet. I can only run a browser on that machine which includes the details from C and only then I can surf/have access to the Internet only on ports 80 and 443! As a result ssh from A to B doesn't work. If I use putty on A and define the details of C in the putty proxy dialog box, I can open a ssh session to B. So the question is, how does this action of putty gets translated into an ssh command? Which flag should I use from the ssh command line in order to achieve the same result? Thanks Tony On Fri, Feb 13, 2009 at 2:05 PM, Pete Vickers wrote: > Hmm, I can't grok you problem description, since it's ambiguous. > > > there are serveral devices here: > > A. ssh client > B. ssh server > C. http(s) proxy server > D. http(s) proxy client (web browser) > > > I thought you mean A+D were one device, C was an interim device, and B > was the remote device. > > Do you instead mean A+C are the same device ? or that B+C are the same > device ? > > B+C on the same device seems to make the most sense, I guess. - eg. > you want the tunnel your http sessions over your ssh sessions, and use > a proxy server (e.g. squid) on your ssh server device. in which case a > line like this in the relevant line in your client's "~/.ssh/config" > would do it: > > LocalForward 8080 127.0.0.1:8080 > > and then set your web browser to use a proxy at 127.0.0.1:8080 > > > > /Pete > > > > > On 13 Feb 2009, at 13:45, Tony Berth wrote: > > > Hi Pete, > > > > by "http proxy" you mean your proxy sitting in your machine where > > you do the ssh to? > > > > In my case I want to include the proxy which allows Internet access > > sitting on the clients terminal and not in the remore machine. > > > > Thanks > > > > Tony > > > > On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers > > wrote: > > Hi, > > > > > > If your just trying to do an SSH connect via a http proxy, then I do > > something like this: > > > > [p...@air] ~> cat ~/.ssh/pconn.sh > > #!/bin/bash > > # pconn.sh > > > > LF=$'\015' > > > > CMD="CONNECT $1:$2 HTTP/1.0" > > echo "yyy${CMD}yyy" >&2 > > > > (echo "$CMD$LF" > > echo > > cat ) | > > nc proxy_server_ip_address 8080 | ( > > while read L && [ ! -z "${L%$LF}" ]; do echo "xxx${L%$LF}xxx" >&2; > > done > > cat ) > > > > > > > > [p...@air] ~> cat ~/.ssh/config > > # > > # > > Host my-server-via-proxy > > Hostname my-server.com > > ProxyCommand ~/.ssh/pconn.sh %h %p > > TCPKeepAlive yes > > ServerAliveInterval 30 > > # > > # > > > > > > > > and then just > > [p...@air] ~> ssh my-server-via-proxy > > to connect > > > > > > but be aware it only works if the proxy admin has not restricted the > > proxy to prevent CONNECT method to ports other than 443. > > > > /Pete > > > > > > > > > > > > On 13 Feb 2009, at 12:34, Tony Berth wrote: > > > > On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert > > wrote: > > > > On Wed, 11 Feb 2009, Tony Berth wrote: > > > > Hi Diana, > > > > this is a 'dumb' proxy and allows http/https traffic only. So ports > > 80 and > > 443! > > > > What I'm after is the ssh command I have to issue in order to open a > > connection from 'a1' to 'a3'! If I read correctly, in case I would > > have > > used > > putty on 'a1' I should do the following: > > > > > > > http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls > > > > I was wondering if ssh flag '-L' is doing the same job. > > > > By 'httptunnel' you mean the following: > > > > http://www.jumperz.net/index.php?i=2&a=0&b=0 > > > > Thanks > > > > Tony > > > > > > httptunnel nows refers to more than one software project to tunnel tcp > > traffic via an http proxy. > > > > take a look at SSH(1) -C > > and SSH_CONFIG(5) LocalCommand > > > > > > if I'm reading correctly, ssh -C requests compression of the data and > > ssh_config LocalCommand specifies a command AFTER I was able to make > > the > > connection! > > > > Sorry, but I don't understand how this 2 things are related to my > > problem! > > > > The proxy is blocking me before any connection can be stablished. I > > want to > > include the data of that proxy in my ssh command in order to make the > > connection but how can I achieve that? > > > > Thanks for your help > > > > Tony
Re: SOCKS proxy
On 2009-02-13, Pete Vickers wrote: > If your just trying to do an SSH connect via a http proxy, then I do > something like this: > > [p...@air] ~> cat ~/.ssh/pconn.sh > #!/bin/bash > # pconn.sh > > LF=$'\015' > > CMD="CONNECT $1:$2 HTTP/1.0" > echo "yyy${CMD}yyy" >&2 > > (echo "$CMD$LF" > echo > cat ) | > nc proxy_server_ip_address 8080 | ( > while read L && [ ! -z "${L%$LF}" ]; do echo "xxx${L%$LF}xxx" >&2; done > cat ) Related; people behind MS proxies that need auth might want to look at ports/www/ntlmaps. > but be aware it only works if the proxy admin has not restricted the > proxy to prevent CONNECT method to ports other than 443. Unless the SSH server is running on an acceptable port, of course...
Re: SOCKS proxy
On Fri, 13 Feb 2009, Tony Berth wrote: if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony Sorry, my bad, meant to type ~C , not -C , quite a bit of difference when you're trying to setup theuse of a local command. diana
Re: SOCKS proxy
Hmm, I can't grok you problem description, since it's ambiguous. there are serveral devices here: A. ssh client B. ssh server C. http(s) proxy server D. http(s) proxy client (web browser) I thought you mean A+D were one device, C was an interim device, and B was the remote device. Do you instead mean A+C are the same device ? or that B+C are the same device ? B+C on the same device seems to make the most sense, I guess. - eg. you want the tunnel your http sessions over your ssh sessions, and use a proxy server (e.g. squid) on your ssh server device. in which case a line like this in the relevant line in your client's "~/.ssh/config" would do it: LocalForward 8080 127.0.0.1:8080 and then set your web browser to use a proxy at 127.0.0.1:8080 /Pete On 13 Feb 2009, at 13:45, Tony Berth wrote: > Hi Pete, > > by "http proxy" you mean your proxy sitting in your machine where > you do the ssh to? > > In my case I want to include the proxy which allows Internet access > sitting on the clients terminal and not in the remore machine. > > Thanks > > Tony > > On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers > wrote: > Hi, > > > If your just trying to do an SSH connect via a http proxy, then I do > something like this: > > [p...@air] ~> cat ~/.ssh/pconn.sh > #!/bin/bash > # pconn.sh > > LF=$'\015' > > CMD="CONNECT $1:$2 HTTP/1.0" > echo "yyy${CMD}yyy" >&2 > > (echo "$CMD$LF" > echo > cat ) | > nc proxy_server_ip_address 8080 | ( > while read L && [ ! -z "${L%$LF}" ]; do echo "xxx${L%$LF}xxx" >&2; > done > cat ) > > > > [p...@air] ~> cat ~/.ssh/config > # > # > Host my-server-via-proxy > Hostname my-server.com > ProxyCommand ~/.ssh/pconn.sh %h %p > TCPKeepAlive yes > ServerAliveInterval 30 > # > # > > > > and then just > [p...@air] ~> ssh my-server-via-proxy > to connect > > > but be aware it only works if the proxy admin has not restricted the > proxy to prevent CONNECT method to ports other than 443. > > /Pete > > > > > > On 13 Feb 2009, at 12:34, Tony Berth wrote: > > On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert > wrote: > > On Wed, 11 Feb 2009, Tony Berth wrote: > > Hi Diana, > > this is a 'dumb' proxy and allows http/https traffic only. So ports > 80 and > 443! > > What I'm after is the ssh command I have to issue in order to open a > connection from 'a1' to 'a3'! If I read correctly, in case I would > have > used > putty on 'a1' I should do the following: > > > http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls > > I was wondering if ssh flag '-L' is doing the same job. > > By 'httptunnel' you mean the following: > > http://www.jumperz.net/index.php?i=2&a=0&b=0 > > Thanks > > Tony > > > httptunnel nows refers to more than one software project to tunnel tcp > traffic via an http proxy. > > take a look at SSH(1) -C > and SSH_CONFIG(5) LocalCommand > > > if I'm reading correctly, ssh -C requests compression of the data and > ssh_config LocalCommand specifies a command AFTER I was able to make > the > connection! > > Sorry, but I don't understand how this 2 things are related to my > problem! > > The proxy is blocking me before any connection can be stablished. I > want to > include the data of that proxy in my ssh command in order to make the > connection but how can I achieve that? > > Thanks for your help > > Tony
Re: SOCKS proxy
Hi Pete, by "http proxy" you mean your proxy sitting in your machine where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers wrote: > Hi, > > > If your just trying to do an SSH connect via a http proxy, then I do > something like this: > > [p...@air] ~> cat ~/.ssh/pconn.sh > #!/bin/bash > # pconn.sh > > LF=$'\015' > > CMD="CONNECT $1:$2 HTTP/1.0" > echo "yyy${CMD}yyy" >&2 > > (echo "$CMD$LF" > echo > cat ) | > nc proxy_server_ip_address 8080 | ( > while read L && [ ! -z "${L%$LF}" ]; do echo "xxx${L%$LF}xxx" >&2; done > cat ) > > > > [p...@air] ~> cat ~/.ssh/config > # > # > Host my-server-via-proxy > Hostname my-server.com > ProxyCommand ~/.ssh/pconn.sh %h %p > TCPKeepAlive yes > ServerAliveInterval 30 > # > # > > > > and then just > [p...@air] ~> ssh my-server-via-proxy > to connect > > > but be aware it only works if the proxy admin has not restricted the proxy > to prevent CONNECT method to ports other than 443. > > /Pete > > > > > > On 13 Feb 2009, at 12:34, Tony Berth wrote: > > On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert >> wrote: >> >> On Wed, 11 Feb 2009, Tony Berth wrote: >>> >>> Hi Diana, >>> this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2&a=0&b=0 Thanks Tony >>> httptunnel nows refers to more than one software project to tunnel tcp >>> traffic via an http proxy. >>> >>> take a look at SSH(1) -C >>> and SSH_CONFIG(5) LocalCommand >>> >>> >>> if I'm reading correctly, ssh -C requests compression of the data and >> ssh_config LocalCommand specifies a command AFTER I was able to make the >> connection! >> >> Sorry, but I don't understand how this 2 things are related to my problem! >> >> The proxy is blocking me before any connection can be stablished. I want >> to >> include the data of that proxy in my ssh command in order to make the >> connection but how can I achieve that? >> >> Thanks for your help >> >> Tony
Re: SOCKS proxy
Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~> cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD="CONNECT $1:$2 HTTP/1.0" echo "yyy${CMD}yyy" >&2 (echo "$CMD$LF" echo cat ) | nc proxy_server_ip_address 8080 | ( while read L && [ ! -z "${L%$LF}" ]; do echo "xxx${L%$LF}xxx" >&2; done cat ) [p...@air] ~> cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~> ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2&a=0&b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert wrote: > On Wed, 11 Feb 2009, Tony Berth wrote: > > Hi Diana, >> >> this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and >> 443! >> >> What I'm after is the ssh command I have to issue in order to open a >> connection from 'a1' to 'a3'! If I read correctly, in case I would have >> used >> putty on 'a1' I should do the following: >> >> >> http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls >> >> I was wondering if ssh flag '-L' is doing the same job. >> >> By 'httptunnel' you mean the following: >> >> http://www.jumperz.net/index.php?i=2&a=0&b=0 >> >> Thanks >> >> Tony >> > > httptunnel nows refers to more than one software project to tunnel tcp > traffic via an http proxy. > > take a look at SSH(1) -C > and SSH_CONFIG(5) LocalCommand > > if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2&a=0&b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand
Re: SOCKS proxy
On Wed, Feb 11, 2009 at 3:57 PM, Diana Eichert wrote: > On Wed, 11 Feb 2009, Tony Berth wrote: > > >>> I just realised that my graph wasn't readable so I'll try here to >> re-draw >> it: >> >> - >> client [a1] >> - >> | >> | >> - >> Firewall >> Proxy:port >> [a2] >> >>| >>| >> (internet) >>| >>| >> - >> remote server >> with static IP >> [a3] >> >> >> Hope that this one will help to draw some attention from the list. >> >> Thanks >> >> Tony >> >> >> --- >> >> Hi Diana, >> >> The 'a2' is rather a logical entity. Actually there are 2 machines. One >> blocking all direct traffic to the Internet and the other is a proxy which >> address is included in the 'a1's' browser in order to be able to access >> the >> Internet! >> >> Hope I did answer your question! >> >> Thanks Tony >> > > Tony > > First, I put on my corporate network security hat on. If you're trying to > get around corporate policies you're setting yourself up for other problem > if they catch you. We find you doing this where I work and ... . > > Second my helpful reply. :-) > > Ok, so you don't know the specifics of the proxy. The reason I ask is if > it's a MITM proxy, ala Bluecoat, the proxy actually looks at the session > contents. If the packets don't look like proper allowed traffic it gets > blocked. > > If it's a dumb proxy you might be able to get through using something like > httptunnel. Stating "access the Internet" doesn't explain what kind of > traffic is allowed, however my assumption ( I hate to assume ) is they > only want to allow http / https traffic, with perhaps ftp traffic too. > > diana > Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2&a=0&b=0 Thanks Tony
Re: SOCKS proxy
> "Diana" == Diana Eichert writes: Diana> First, I put on my corporate network security hat on. If you're trying Diana> to get around corporate policies you're setting yourself up for other Diana> problem if they catch you. We find you doing this where I work and Diana> ... . And if you think bad things can't happen to good people, that's pretty much the story behind my conviction, described at http://www.lightlink.com/fors/. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 http://www.stonehenge.com/merlyn/> Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
Re: SOCKS proxy
On Wed, 11 Feb 2009, Tony Berth wrote: I just realised that my graph wasn't readable so I'll try here to re-draw it: - client [a1] - | | - Firewall Proxy:port [a2] | | (internet) | | - remote server with static IP [a3] Hope that this one will help to draw some attention from the list. Thanks Tony --- Hi Diana, The 'a2' is rather a logical entity. Actually there are 2 machines. One blocking all direct traffic to the Internet and the other is a proxy which address is included in the 'a1's' browser in order to be able to access the Internet! Hope I did answer your question! Thanks Tony Tony First, I put on my corporate network security hat on. If you're trying to get around corporate policies you're setting yourself up for other problem if they catch you. We find you doing this where I work and ... . Second my helpful reply. :-) Ok, so you don't know the specifics of the proxy. The reason I ask is if it's a MITM proxy, ala Bluecoat, the proxy actually looks at the session contents. If the packets don't look like proper allowed traffic it gets blocked. If it's a dumb proxy you might be able to get through using something like httptunnel. Stating "access the Internet" doesn't explain what kind of traffic is allowed, however my assumption ( I hate to assume ) is they only want to allow http / https traffic, with perhaps ftp traffic too. diana
Re: SOCKS proxy
On Wed, Feb 11, 2009 at 3:17 PM, Diana Eichert wrote: > do you know what a2 is? you say it a "Firewall with Proxy" > if it's a application layer gateway (alg) it actually acts as a MITM to > forward your connection. > > > On Tue, 10 Feb 2009, Tony Berth wrote: > > Dear List, >> >> I have following case: >> >>- >>|| >> -- | Firewall with Proxy:port [a2] >> | >> --- >> | client [a1] | - || >> --(internet)-| Public accessible server with static IP >> [a3] | >> -- >> 'a1' connects only via browser to the internet after defining the >> proxy:port >> of 'a2' >> >> Is it possible to create a SOCKS Proxy from 'a1' to 'a3'? >> If 'a1' wasn't blocked to the internet I would: ssh -p 443 -D 2000 >> @a3 but this command times out! >> is a way to 'tell' to make use of the proxy in 'a2' and redirect all the >> traffic? >> >> Thanks >> >> Tony >> > I just realised that my graph wasn't readable so I'll try here to re-draw it: - client [a1] - | | - Firewall Proxy:port [a2] | | (internet) | | - remote server with static IP [a3] Hope that this one will help to draw some attention from the list. Thanks Tony --- Hi Diana, The 'a2' is rather a logical entity. Actually there are 2 machines. One blocking all direct traffic to the Internet and the other is a proxy which address is included in the 'a1's' browser in order to be able to access the Internet! Hope I did answer your question! Thanks Tony
SOCKS proxy
Dear List, I have following case: - || -- | Firewall with Proxy:port [a2] | --- | client [a1] | - || --(internet)-| Public accessible server with static IP [a3] | -- 'a1' connects only via browser to the internet after defining the proxy:port of 'a2' Is it possible to create a SOCKS Proxy from 'a1' to 'a3'? If 'a1' wasn't blocked to the internet I would: ssh -p 443 -D 2000 @a3 but this command times out! is a way to 'tell' to make use of the proxy in 'a2' and redirect all the traffic? Thanks Tony