diggler Posted August 23, 2012 Share Posted August 23, 2012 (edited) Hi All, Scenario/Background: I'm on a boat. We use VSAT + two year old Cisco router. Router has been locked down. The only ports open are 80 (http), 443 (https), 25 (mail), 3389 (RDP). When travelling I used to be able to use OpenVPN (udp), PPTP VPN (tcp), or a socksified (-D) SSH connection to tunnel my traffic. That's no longer the case. I borked my VPS server trying to get around the above stated issue. It's left me in a bit of a pickle. I can use TOR to get to my VPS's CPANEL (control panel). I have to use a service like TOR, because the CPANEL is on a non-standard web port (5454). I can't reinstall the server though. To do that I need to VNC to the VPS. I use 'Chicken of the VNC' which doesn't support proxying, like a web browser. I've looked at a few options, like NoVNC, etc which are browser based HTML5 implementations of a VNC client but they rely on a companion server which my VPS is not running. Any ideas? (1A) Help! *I'm asking a friend to remotely reconfigure my server, and to run SSH on port 443 so I'll have SSH access and web proxying ability, but it has led me to even more questions. I hope that the firewall doesn't filter to the Layer 7 networking stack, otherwise I might need a better solution. What are some ways to accomplish this? (2A) Below is what I've found so far. Please help me add to the list of possibilites. Is there a software solution (Mac OS X or Ubuntu) that allows a user to specify which application uses the socksified SSH connection (ex ssh -D 8080 firstname.lastname@example.org) on the local machine? (3A) It woud be ideal if an application could force traffic over the SSH connection. Example, tell 'Chicken of the VNC', Adium, etc to route through SSH without having to set a proxy in their individual preferences (most don't even have the option/ability). Future Solutions 1B. #Ubuntu wiki says this might be a problem on some VPS's - https://help.ubuntu....y/IptablesHowTo #execute on remote server iptables -t nat -I PREROUTING -p tcp -m conntrack --ctstate NEW -s x.x.x.x -d y.y.y.y --dport 443 -j REDIRECT --to-port 22 or #execute on remote server iptables -t nat -I PREROUTING --src x.x.x.x --dst y.y.y.y -p tcp --dport 443 -j REDIRECT --to-ports 22 sudo iptables -t nat -L -n -v #execute on local machine in Terminal ssh -p 443 -D 8080 email@example.com 2B. http://www.thoughtcr...tware/firemole/ 3B. http://dag.wieers.co...http-tunneling/ *anyone know of a more current way to do this? (4A) software doesn't look like it's been updated since 2009 4B. sudo nano /etc/ssh/sshd_config change the line "Port 22" to "Port 443" to save --> hit ctrl+o, then ctrl+x sudo restart ssh *how does encrypted web traffic (https 443) still work if SSH is now using port 443 on the VPS? (5A) Edited August 23, 2012 by diggler Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.