singh763173 Posted December 1, 2011 Share Posted December 1, 2011 Hi all! So, I setup a open ssh server today and I am able to tunnel my network activity through it using putty (windows). But what I was wondering was, how can I send ALL my network activity through the tunnel? Im assuming that the local network still handles DNS requests? Is it possible to tunnel the DNS requests also? Thanks for your help Quote Link to comment Share on other sites More sharing options...
kuro Posted December 1, 2011 Share Posted December 1, 2011 If you want to tunnel all traffic through ssh you can setup a ssh based vpn. Quick instructions for doing so are in the ssh man page and you can probably find more on google. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 1, 2011 Share Posted December 1, 2011 You could use Dynamic socks, for tunneling your traffic through SSH. Here is a tutorial, http://dimitar.me/dynamic-port-forwarding-with-socks-over-ssh/ Quote Link to comment Share on other sites More sharing options...
singh763173 Posted December 1, 2011 Author Share Posted December 1, 2011 thanks guys infiltrator, that is what i am currently doing - i have setup a dynamic port on the tunnels section of putty and then use socks proxy localhost:port on my machine. but correct me if im wrong, does that leave DNS requests locally? or is that also resolved by the host end? kuro - reading up on vpn over ssh now, thanks! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 1, 2011 Share Posted December 1, 2011 thanks guys infiltrator, that is what i am currently doing - i have setup a dynamic port on the tunnels section of putty and then use socks proxy localhost:port on my machine. but correct me if im wrong, does that leave DNS requests locally? or is that also resolved by the host end? kuro - reading up on vpn over ssh now, thanks! Yes, it will still be performing local DNS lookups, I know with Firefox you can set it to do DNS lookups remotely rather than locally. Quote Link to comment Share on other sites More sharing options...
singh763173 Posted December 1, 2011 Author Share Posted December 1, 2011 You know what - I love this forum :) I ran a quick search for Firefox Remote DNS and found that in the firefox config - network.proxy.socks_remote_dns can be changed to true. You wouldnt happen to know how it works by any chance? From what i can see, it sends the request to the same socks proxy that handles the http requests? so if network traffic is going through localhost:port dns will also..? Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 1, 2011 Share Posted December 1, 2011 You wouldnt happen to know how it works by any chance? From what i can see, it sends the request to the same socks proxy that handles the http requests? so if network traffic is going through localhost:port dns will also..? From what I've been reading, the application in this case "Firefox", when enabled to use network.proxy.socks_remote_dns is forced not to do any local dns lookups and instructed to use the remote dns instead. Here is an article, I found. https://calomel.org/firefox_ssh_proxy.html Quote Link to comment Share on other sites More sharing options...
singh763173 Posted December 1, 2011 Author Share Posted December 1, 2011 reading it now. Thanks for your help! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted December 2, 2011 Share Posted December 2, 2011 reading it now. Thanks for your help! By the way, you should watch season 10 episode 12. Darren talks about how to default your local connections, if you were using a VPN or SSH connection. Quote Link to comment Share on other sites More sharing options...
grant_g Posted December 2, 2011 Share Posted December 2, 2011 If it's any help, I use StrongVPN. I got it because 1. I can go around my school's firewall (which restricts EVERYTHING). 2. No MITMing me :) Tunneling to my computer was ok, but I found StrongVPN to be much faster. Also, it's setup so all traffic runs through it by the click of one button. I do this even on my phone. Maybe there are other good VPNs (even better/cheaper), but for how often I'm on unsecured networks, its worth it for me. my 2 cents Quote Link to comment Share on other sites More sharing options...
singh763173 Posted December 2, 2011 Author Share Posted December 2, 2011 Just looked at StrongVPN, I'd rather not pay for VPN when I can setup a free VPN server at home lol. SSH tunneling works better for me - purely because of the fact that no software installation is required - putty and firefox both being portable. But an option none the less! Quote Link to comment Share on other sites More sharing options...
digip Posted December 2, 2011 Share Posted December 2, 2011 if the programs don't allow SOCKS proxy, I think there is something similar to privoxy that will forward all your traffic through the tunnel. Privoxy might even be able to do it, but not sure. I know there is another tool that does this, but I can't remember the name, and I think its only a windows based program. In linux, you can probably do some sort of port forwarding via iptables or such to get around it. Quote Link to comment Share on other sites More sharing options...
manouche Posted December 5, 2011 Share Posted December 5, 2011 if the programs don't allow SOCKS proxy, I think there is something similar to privoxy that will forward all your traffic through the tunnel. Privoxy might even be able to do it, but not sure. I know there is another tool that does this, but I can't remember the name, and I think its only a windows based program. In linux, you can probably do some sort of port forwarding via iptables or such to get around it. You might be thinking of FreeCap I use a portable version on my windows USB drive partition to launch other portable progs such as Filezilla or thunderbird so that they use the socks proxy of either an SSH or SSL tunnel I have established from the thumb drive. That plus gateway and proxy discovering tools have enabled me to tunnel any programs that dont use mutiple simmultaneous ports (such as old Netmeeting or unmodified skype)out of the most restrictive of environments. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.