Jump to content

Networking noob looking for SSH tunneling help

nimchip

By nimchip
in Security

 Share

Recommended Posts

nimchip Newbie

nimchip

Posted
Posted

So I'm trying to set up a tunneling service through SSH from my laptop which is connected through my College's campus into my host computer which is my desktop at home.

I've successfully set up freeSSHd on my desktop and tested it while on the same network (i.e. on my router) and it works. So I tried to connect via my campus wireless and I got numerous "Connection timed out" errors. I couldn't solve this right away since i had to get home, but I suspect it is because my campus wireless is blocking ports (even though i tried 443).

I had a friend try it from his house and he gets "host does not exist" and "no route to host" errors. My router is properly configured to port forward 443 port connections to my pc.

I'm using plink on vista and ssh on win7. I've tried:

"plink -N -D 443 name@host"

"plink -N -D 443 name@host -P 443"

"plink -N -D 22 name@host -P 443"

"plink -N -D 443 name@host -P 22"

"plink -N -D 22 name@host -P 22"

Here's my router configuration:

capturemj.png

FreeSSHd config:

capture5m.png

capture4e.png

capture3hi.png

capture2w.png

A couple of questions also:

  • If my host home desktop is on cable (and thus Dynamic IP assigned to the router)... is there a way I could connect to the router without checking its IP every time?
  • Also, I am supposed to be using the router IP in order to connect to the host pc right?
  • Should I try different ports in case the campus wireless is blocking them?
  • How can I find out which ports are open on the wireless network?
  • Am I doing something totally wrong here? Any input is appreciated.

Thanks a lot!

Link to comment
Share on other sites
C-S-B Newbie

C-S-B

Posted
Posted

plink -N -D 443 name@host -P 443

This is the one you want(assuming host==address of your outward facing IP), this would give you a socks proxy on 127.0.0.1:443. Then you can surf the interwebs from your browser(given that you have set up your browser correctly.)

An easier solution would be to just run the SSH server on your DD-WRT router, that just requires a tick box and a password then you can access any internal services with port forwarding including freeSSHd on your desktop.

Also your external port doesn't have to be the same as your internal port you are forwarding to. So you could leave ssh running on 22 for internal connections and forward requests on 443 to 22.\

Your outward facing IP is going to change and that's where dyndns comes in handy.

http://www.dd-wrt.com/wiki/index.php/DDNS_..._inadyn_-_HOWTO

That link has all you need to know.

Link to comment
Share on other sites
nimchip Newbie

nimchip

Posted
  • Author
Posted
plink -N -D 443 name@host -P 443

This is the one you want(assuming host==address of your outward facing IP), this would give you a socks proxy on 127.0.0.1:443. Then you can surf the interwebs from your browser(given that you have set up your browser correctly.)

An easier solution would be to just run the SSH server on your DD-WRT router, that just requires a tick box and a password then you can access any internal services with port forwarding including freeSSHd on your desktop.

Also your external port doesn't have to be the same as your internal port you are forwarding to. So you could leave ssh running on 22 for internal connections and forward requests on 443 to 22.\

Your outward facing IP is going to change and that's where dyndns comes in handy.

http://www.dd-wrt.com/wiki/index.php/DDNS_..._inadyn_-_HOWTO

That link has all you need to know.

Ok i see what you mean. Ill look up the SSH on DD-WRT thing and let you know what i come up with. Thanks for the help.

Link to comment
Share on other sites
C-S-B Newbie

C-S-B

Posted
Posted

Yes that should work, but I would try on a connection that doesn't have a proxy server or massive firewall prohibiting your connections first.

Bare in mind that the tunnel you are creating needs you configure your browser/application to use a socks proxy for it to be any use.

Generally, proxy servers keep 443 open and don't interfere.

I'm tunneling this connection I'm on now through port 443 to an ssh server through a proxied connection.

P.S. use putty as your ssh client.

Link to comment
Share on other sites
nimchip Newbie

nimchip

Posted
  • Author
Posted

Ok so I can connect just fine from my campus, and set up firefox/ie to use socks proxy with 127.0.0.1 (localhost) and port 443... however I cannot access any website when I put these values in. I can access all unblocked websites without it, but none with it. Not sure what's going on but I think it has to do with the server settings? Any help here is appreciated

Link to comment
Share on other sites
manouche Newbie

manouche

Posted
Posted
Ok so I can connect just fine from my campus, and set up firefox/ie to use socks proxy with 127.0.0.1 (localhost) and port 443... however I cannot access any website when I put these values in. I can access all unblocked websites without it, but none with it. Not sure what's going on but I think it has to do with the server settings? Any help here is appreciated

You need to put a proxy agent on your machine at home ( e.g.ccproxy) This will take stuff from your socks port(1080) and spit it out of the relevent port to the interwebz.

Link to comment
Share on other sites
nimchip Newbie

nimchip

Posted
  • Author
Posted
You need to put a proxy agent on your machine at home ( e.g.ccproxy) This will take stuff from your socks port(1080) and spit it out of the relevent port to the interwebz.

Hmm I wasn't aware that I needed such software? I watched the show and all he did was set the SOCKS proxy through plink when he connected to the SSH server. Anyone else care to elaborate on this? I was under the impression that freeSSHd did tunneling on its own and that I didn't need anything else...

Link to comment
Share on other sites
Myk3 Newbie

Myk3

Posted
Posted

Why are you using an app on windows when dd-wrt will do it all for you???

http://jstrassburg.blogspot.com/2006/01/ho...sh-with-dd.html

http://www.geek-pages.com/articles/latest/...orkstation.html

There is no need to port forward or anything..

on the clients just run putty to connect and then change the firefox settings and you are good.. I do this every day to get around websense at work..

Link to comment
Share on other sites
nimchip Newbie

nimchip

Posted
  • Author
Posted
Why are you using an app on windows when dd-wrt will do it all for you???

http://jstrassburg.blogspot.com/2006/01/ho...sh-with-dd.html

http://www.geek-pages.com/articles/latest/...orkstation.html

There is no need to port forward or anything..

on the clients just run putty to connect and then change the firefox settings and you are good.. I do this every day to get around websense at work..

I guess I was doing it double since i already had the option enabled on my router... haha. I'll try that thanks.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...