On 16 October 2010 00:38, Jim Price d1vers...@hotmail.com wrote:
On 15/10/10 23:26, Daniel Case wrote:
Hi guys, I have a little project to do so that i can access my email and
some other websites from college, it has a web filter so blocks such things
which is annoying in 2 hour long 'free' periods. If I didn't have a web
server running this would be quite simple, but sadly things are never as
simple as they can be. I can use puTTy from college so would like to use X11
forwarding with SSH.
I have tried a direct connection but it timed out, I then learnt that the
only port 80 connections can get out. What I am therefore trying to do is
set up the web server so that any requests it receives on port 80 from a
certain IP gets forwarded to port 22 and i should then be able to log in
through SSH with X11 forwarding and bring up firefox. I have heard this is
possible with Iptables?
This is technically against my college IT ToS, but my computing tutors have
said they will turn a blind eye if I manage to do it.
Is your web server at home behind a router? If so, I would find out if
they have left any other ports open. Port 8080 would be a good bet, as a
number of real web sites use that as an alternative to port 80. You can
find one to test that out by Googling for website on port 8080
(without the quotes there is one on the first hit). Port 443 is the
default port for HTTPS, which you could use if your web server doesn't
do any HTTPS - easy to check if that is open by trying
https://www.google.com.
All you then need to do is set up the port forwarding on your router to
take incoming requests on port 8080 (or 443) and forward them to port 22
on your server you want to ssh to, then you can ssh into your home box
by adding :8080 (or :443) to the IP address or name of your home
connection. You need to make sure you secure your ssh access if you are
going to make it available via the internet too - just a username and
password is a bit weak even though you are on a non-standard port.
Setting the ssh server up so that connections from the internet require
a key with a passphrase should be enough.
Also, rather than trying to run Firefox using X11 forwarding, it would
be a lot faster to just use the ssh connection as a socks proxy. That
way you aren't sending screen update information back from your home
server, just web browsing data.
It is also possible I haven't understood exactly what you are trying to
do, of course. It is getting a bit late here.
Something I found today, while trying to find a reference to the
OpenVPN switch I was going to suggest, is this:
http://www.rutschle.net/tech/sslh.shtml
Basically, if you've got an SSL server running in your webserver, you
can make it share the port with an SSH instance... instant proxy
circumvention! TADA! :D
Of course, then all you've got to do, is to force your SSH client to
talk via your proxy, but I know Putty will do that.
HOWEVER (and please, pay special attention to this)
As a network security engineer, I can only suggest that there is
probably some very good reason that you're not supposed to circumvent
your proxy, and that I can strongly recommend a representative from
your class, form, year or similar term for your educational body,
discuss in technical detail with the person who set this rule about
why the rule was created and what exactly they are trying to achieve
with it. I would assume this is so that you can't bring malware inside
the school, or permit access in, via vulnerabilities with the various
applications you may or may not want to use, however, it may be part
of the terms of service that the school have agreed with their ISP
(usually council mandated or even managed, and thus, non-negotiable),
and your actions may cause your whole school to be disconnected from
the school backbone. Wouldn't you be unpopular if you did that?
All the best
--
Jon The Nice Guy Spriggs
--
ubuntu-uk@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk
https://wiki.ubuntu.com/UKTeam/
