IMC!


Contents


Photos

 







Browsing around...
News  News Links  Links Blog  Blog Italiano  Español 
Surfing in internet through an SSH Tunnel

Introduction
In this guide I'll show the practical steps to set up an Internet Tunnel by using the SSH protocol to surf the web. There are different reasons for doing this:
  1. Privacy: the website that you'll visit won't receive a visualization request from your IP public address, but from the SSH server one.
  2. Security: the path from the computer where you're surfing up to the SSH server will be encrypted. If, for example, your pc is inside a LAN with many other users, the other users might want to sniff your traffic. In this case, you can create a secure SSH connection from your pc up to an SSH server outside the LAN, and from there surf freely the web.
  3. Avoid barriers: with this method you can access internet websites or services running on ports different than the traditional 80, such as an eMule webserver or the uTorrent WebGui, avoiding firewalls or NAT problems: you will always use the port 22 for all the connections (or, alternatively, another available port - even the port 80, but this should be the last solution).
The proposed solution: some theory
The set up proposed in this article requires a computer connected to internet with an OpenSSH server running. You can read Install and use an SSH server on Windows to install OpenSSH.
In this article the pc were you're surfing from is the client, and the computer with the SSH server is the server. Given that there's at least one port open on the firewall, this is what you'll do:
  1. your browser will connect to an SSH client running on your PC.
  2. The SSH client will forward all the traffic through only one port (usually the port 22) to the SSH server, which will be running on the server computer.
  3. The SSH server will forward the received traffic to the desired website, and vice versa.
Some ports typically open are the number 21 (FTP), 22 (SSH), 23 (Telnet), 8080 (router administration), 443 (HTTPS), 110 (POP3), 25 (SMTP).
If on the server no webserver (like Apache) is running, you even might thing about using the port 80, even if this should be the las option, since it can create problems.


Step 1: Installation ans usage of an SSH terminal session
You first must setup an SSH connection between the client and the server. Have a look to Install and use an SSH server on Windows for this phase.


Step 2: SSH tunnel usage with a browser
Now you have two slightly different possibilities:


Solution A: use of a SOCKS transparent proxy
In this case, you'll use a transparent SOCKS v5 proxy, which is implemented by OpenSSH. Unless you don't need special settings, OpenSSH starts and configures this proxy correctly and automatically. The path from your client to your webserver where the website you want to visualize is located will be:

Browser--> SSH Client --> SSH Server --> SOCKS --> webserver

With this solution, you'll have these features:
  1. Permanent modification of browser connection settings: without the SSH server it won't be possible to navigate anymore. You have to modify again the browser settings to surf the web.
  2. A totally transparent proxy: you'll be able to navigate without noticing the presence of the proxy.
The realization steps are:
  1. In Putty, select Connection, SSH, Tunnels. Insert these values:

    Source port: a random port not used by the client. For example, 1234. This will be the port which Putty will make available to the browser on the client PC.

    Destination: leave empty. Through the SOCKS 5 proxy OpenSSH will take care of redirecting the requests for the website.

    Select also Dynamic.
  2. Start the Putty session.
Firefox setup:
  1. Open Firefox
  2. Go to the Tools, Options, Network, Connection, Settings.
  3. Choose "Manually configure the proxy".
    Select the option SOCKS v5

    HOST Socks: write the loopback address 127.0.0.1 (since Putty makes available on your client the ports forwarded by the server) and the port you chose (for example, 1234).

    No proxy for: localhost, 127.0.0.1

  4. Now you can surf through a secure SSH connection.


Solution B: using only the SSH remote server
In this case you'll avoid to use the SOCKS proxy. The SSH server will act as a kind of proxy, but with some limitations. The path, from the client to the webserver with the interested website will be:

Browser --> SSH Client --> SSH Server --> webserver

With this solution you'll have these features:
  1. No permanent modification of the browser connection: without the SSH server you'll be anyway able to surf the web.
  2. Realization of a partial proxy: you'll be able to visualize only the page set in Putty (see the procedure to understand), but the links present on this page will be reached directly from the web browser, and not through the SSH server.
It's a quick solution to visualize a single page on the fly, without changing the browser settings. For example, it can be useful to check the eMule Webserver from school or office.

This is the procedure:
  1. In Putty, select Connection, SSH, Tunnels. Insert these values:

    Source port: a random port not used on the client. For example, 1234. This port will be the one that Putty will make available to the browser on the client.

    Destination: The address and the port, seen from the OpenSSH server, of the website you want to visualize. For example "google.com:80" for a traditional website.

    Select also the option Local.
  2. Start the Putty session.
Firefox settings:
  1. Open Firefox
  2. Write as address "127.0.0.0:1234" (since Putty made available the port 80 of the webserver on the local client).
  3. Happy surfing!






Comments

No comment present!

Write a comment

You can write here a comment to the article you've just read. Smiles, links and images are not allowed. The maximum comment length is 4000 characters. Please be polite, all the offensive messages will be deleted.

Your comment (lascia bianco!):
Uses (max 25 characters, required)
Web site (max 255 characters, optional)
e-Mail (max 255 characters, optional, will not be published) Your opinion (lascia bianco!):
Comment (max 4000 characters, required):





Valid HTML 4.01 Transitional
E-Mail - 33.57 ms

Valid HTML 4.01 Transitional