MoonPoint Support Logo

 

Shop Amazon Warehouse Deals - Deep Discounts on Open-box and Used ProductsAmazon Warehouse Deals



Advanced Search
November
Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
2024
Months
Jan Feb Mar
Apr May Jun
Jul Aug Sep
Oct NovDec


Tue, May 31, 2016 9:27 pm

Establishing a SOCKS proxy using an SSH client

You can establish a Socket Secure (SOCKS) server on a Secure Shell (SSH) server using the -D option to the ssh client command.

     -D [bind_address:]port
             Specifies a local “dynamic” application-level port forwarding.
             This works by allocating a socket to listen to port on the local
             side, optionally bound to the specified bind_address.  Whenever a
             connection is made to this port, the connection is forwarded over
             the secure channel, and the application protocol is then used to
             determine where to connect to from the remote machine.  Currently
             the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
             as a SOCKS server.  Only root can forward privileged ports.
             Dynamic port forwardings can also be specified in the configura-
             tion file.

             IPv6 addresses can be specified by enclosing the address in
             square brackets.  Only the superuser can forward privileged
             ports.  By default, the local port is bound in accordance with
             the GatewayPorts setting.  However, an explicit bind_address may
             be used to bind the connection to a specific address.  The
             bind_address of “localhost” indicates that the listening port be
             bound for local use only, while an empty address or ‘*’ indicates
             that the port should be available from all interfaces.

E.g., if I wished to create a SOCKS proxy server at the SSH server end from an SSH client using the registered port commonly used as the listening port for a SOCKS proxy, i.e., TCP port 1080, I could use the command below, assuming that I have a jdoe account on the SSH server at example.com.

$ ssh -D 1080 jdoe@example.com

[ More Info ]

[/network/proxy] permanent link

Sun, Feb 15, 2015 10:42 pm

Using PuTTY to set up a SOCKS Proxy Connection

A SOCKS proxy can be set up from a system using an encrypted tunnel established via an SSH connection to an SSH server, e.g., see Creating a Socks Proxy Server with SSH. On a Microsoft Windows system, the free PuTTY telnet and SSH client software can be used to set up such a connection. After configuring PuTTY to establish a SOCKS proxy via its connection to the SSH server, any browser that supports SOCKS proxies, such as Internet Explorer, Chrome, Firefox, etc., can be configured to route its traffic to web servers via the SOCKS proxy.

[ More Info ]

[/network/proxy] permanent link

Sat, Jan 17, 2015 11:39 pm

Proxy server configured to d2e24t2jgcnor2.webhostoid.com

I've used Vuze as a BitTorrent client on a number of systems previously without problems. However, when I installed it on a new system for my wife recently, I found that the bundled software that came with it, which I thought I had indicated I didn't want installed with Vuze, set itself up as a proxy server for HTTP and HTTPS traffic and installed a self-signed security certificate into the root certificates list on the system, effectively nullifying the protection offered by viewing sites with HTTPS rather than HTTP and potentially exposing any userids and passwords, credit card numbers, etc. to the view of the bundled GeniusBox software.

I first noticed that a serious security issue had occurred when I mistyped a site's URL and saw a webpage displayed referencing d2e24t2jgcnor2.webhostoid.com, instead of the expected site.

[ More Info ]

[/network/proxy] permanent link

Sun, Jan 11, 2015 5:55 pm

Checking the proxy server settings with Google Chrome on a Windows system

In Google Chrome on a Microsoft Windows system you can check or change the proxy server setttings by the following steps within the Chrome browser. Note: changing the proxy server settings by this means changes the system-wide proxy server settings, so the configuration changes you make will also apply to Internet Explorer.
  1. Click on the "Customize and Control Google Chrome" button at the top, right-hand side of the Google Chrome window. It is represented as a button with 3 short horizontal lines on it.
  2. Select Settings
  3. Click on the "Show advanced settings" link near the bottom of the window.
  4. Scroll down to the Network Settings section and click on the Change proxy settings button.
  5. That will open an Internet Properties window where you can click on the LAN settings button, which will open a Local Area Network (LAN) Settings window.
  6. Check the checkbox next to "Use a proxy server for your LAN (These settings will not apply to dial-up or VPN connections)."
  7. Click on the Advanced button, which will open a Proxy Settings window.
  8. Put in the IP address and port number for the proxy server in the "Proxy address to use" and "Port" fields. You will see four types of proxies listed: HTTP, Secure, FTP, and Socks. The line where you will place the IP address and port number will depend on which of those you are using.
  9. Click on OK and then OK again at the Local Area Network (LAN) Settings window, and again at the Internet Properties window.

Note: tested on Google Chrome 39.0 on a Microsoft Windows system.

[/network/proxy] permanent link

Wed, Jan 07, 2015 11:32 pm

Checking Microsoft Windows proxy server settings

Web browsers can be configured to use a proxy server for network connections, i.e., instead of directly connecting to websites, the connections are routed to a proxy server, which then establishes a connection to the website and routes the return traffic from the site back to the browser. This may be done for security reasons, e.g., the proxy server may be running antivirus software that checks all downloads from websites before passing files on to users' systems or the proxy server may be used to block access to websites deemed malicious, i.e., ones distributing malware, or ones that are deemed inappropriate for the workplace or by children, if the proxy server is located in a home rather than a business environment. A proxy server may also be used to hide the actual IP address of the system on which the browser is running for privacy reasons.

The proxy server settings for the system can be configured within Internet Explorer on a Microsoft Windows system. They can also be queried and set from a command line interface using the reg query or reg add commands.

[ More Info ]

[/network/proxy] permanent link

Tue, Nov 28, 2006 10:08 pm

Creating a Socks Proxy Server with SSH

If you would like to browse the web without revealing your actual IP address to the websites you visit, you can use SSH to set up a SOCKS proxy server.

Many web browsers, e.g. Internet Explorer, Mozilla, etc., can be configured to use a SOCKS proxy server. Other network applications which support the SOCKS protocol can also be configured to route their communications through a SOCKS proxy server.

By tunneling the SOCKS connections through an SSH connection, though, you can encrypt network traffic between the applications using SOCKS on your client system and the SOCKS proxy server so that others on the same network as your client system can not observe the traffic.

To set up a SOCKS server tunnel with SSH, issue the command ssh -ND n user@server where "n" is the port number you wish to use and "user@server" is a userid for your account on "server", which is an SSH server. For instance, ssh -ND 1080 jsmith@abcd.com would establish a SOCKS proxy server on TCP port 1080 on the SSH server abcd.com where you are logging in with the account jsmith. When you issue the command, you will be prompted for the password for the jsmith account. After you enter the password, you won't get a shell prompt from abcd.com, but you should then be able to configure your web browser to use the SOCKS proxy server running on abcd.com on port 1080. Port 1080 is the default port for the SOCKS protocol, but you can use any port (it will have to be a port above 1024, if you are not the root user). For instance ssh -ND 5555 jsmith@abcd.com would work just as well. You simply have to specify the selected port when configuring the applications that will use the SOCKS connection, such as your web browser. When the SOCKS proxy server is set up on abcd.com, only you will be able to use it through your tunneled SSH connection.

Configuring Browsers to Use SSH SOCKS Proxy Server

Internet Explorer 6.0
Firefox 2.0
Mozilla 1.7

If you want to verify that your web browser is now routing its communications through the SOCKS proxy server you can go to a website that will show the IP address websites are seeing for your system. For instance, www.showmyip.com will show your IP address. It should now show the IP address of abcd.com.

When you want to stop routing your browsers communications through the SOCKS proxy server, you can simply revert to the previous browser configuration.

Note: though your browser will now be receiving content from websites you visit through the SOCKS proxy server running on abcd.com and transmitting any input you provide to those websites through the SOCKS proxy server also, your client system, i.e. the system on which you ran the ssh -ND 1080 jsmith@abcd.com will still be looking up IP addresses for the websites you visit through the DNS servers specified on the client system when the SOCKS version 4 protocol is used. E.g., if you run the ssh command from mypc.mycompany.com, if you visit www.xyz.org, any content on the website www.xyz.org will be encrypted between the client system, mypc.mycompany.com and the SOCKS server, abcd.com, so no one else at mycompany.com will be able to observe the traffic using a sniffer. All that any network administrator will know is that you have a connection to abcd.com. However, mypc needs to translate the name www.xyz.org to its IP address. So mypc will need to query a local name server, e.g. mycompany.com name servers, to perform that translation. So someone sniffing traffic from/to mypc would see it perform a lookup of the IP address for www.xyz.org.

I've found this procedure works when the SSH server is running OpenSSH, even OpenSSH for Windows. It also worked when I tried connecting to a Sun Solaris 2.7 system running Sun_SSH_1.1.

References:

  1. SOCKS
    Wikipedia
  2. Tunnel Everything through SSH
    By Julius Plenz
    March 2, 2006

[/network/proxy] permanent link

Thu, Dec 01, 2005 12:04 am

Adding Firewall Rules to a Windows XP Professional System via the Command Line

I needed to test access to a website from another location. I had installed AnalogX's proxy server software, Proxy, on a Windows XP Professional Service Pack 2 system at another location and had also installed OpenSSH for Windows on the same system. But I hadn't configured Windows XP's firewall software on that system to allow me to access the HTTP or Socks proxy services on the system from a remote location. So I could connect to the system via SSH, start the proxy software from the command line interface, but I couldn't access the Socks proxy service, which I had configured to listen on port 56080 nor the HTTP proxy service, which I had configured to listen on port 56588 (see AnalogX Proxy for information on how to configure AnalogX's proxy software to listen on alternative ports).

Fortunately, you can modify the Windows XP firewall configuration from the command line. I entered the following command to add a firewall opening for TCP port 56080 (you will see an "OK" when the command is completed). After "portopening", you specify the protocol, i.e. "TCP", "UDP", or "All" for both, then the port number, then a name of your choosing. Unless you specify otherwise, the port will be opened so that any IP address can access it, i.e. anyone in the world who can access the system can access the port. So you might want to add the "scope" parameter to the command as well. You can issue the command netsh firewall set portopening to see all of the options.

C:\Documents and Settings\Administrator>netsh firewall set portopening TCP 56080 Proxy
Ok.

To specify that only certain IP addresses would be allowed access to the port, which is certainly desireable for any proxy services, you can use a command like the following instead. 


netsh firewall set portopening protocol = TCP port = 56080 name = Proxy mode = ENABLE
          scope = CUSTOM addresses =
	            157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet

If the immediately above example was used, then 157.60.0.1 could access the port as could three specific subnets, the last of which is the subnet for any systems on the LAN.

After opening the appropriate firewall rule, I then started the proxy program from the command line.

C:\Documents and Settings\Administrator>"\program files\proxy\proxy"

To verify that the system was actually listening on the port I expected I used the netstat and find commands. 


C:\Documents and Settings\Administrator>netstat -a | find "56080"
  TCP    HomeGarden:56080    HomeGarden:0        LISTENING

To verify the firewall rules have been updated appropriately as well, you can use the netsh firewall show portopening command. 


C:\Documents and Settings\Administrator>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
21599  TCP       Enable   SSH
56080  TCP       Enable   Proxy
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP
3389   TCP       Enable   Remote Desktop

When you want to disable the rule you can use the same command as the one you used to enable the firewall rule, but put "disable" at the end of it.

C:\Documents and Settings\Administrator>netsh firewall set portopening TCP 56080 Proxy disable
Ok.

You can verify the rule is no longer there with the "show portopening" option again. 

C:\Documents and Settings\Administrator>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
21599  TCP       Enable   SSH
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP
3389   TCP       Enable   Remote Desktop

[/network/proxy] permanent link

Sun, Jun 26, 2005 11:35 pm

Configuring AnalogX Proxy

If you need to configure a Windows system as a proxy server, you can use AnalogX Proxy, which is available for free.

AnalogX Proxy provides the following proxy services using the ports listed below: 

    HTTP    (web browsers)                  (port 6588)
    HTTPS   (secure web browsers)           (port 6588)
    SOCKS4  (TCP proxying)                  (port 1080)
    SOCKS4a (TCP proxying w/ DNS lookups)   (port 1080)
    SOCKS5  (only partial support, no UDP)  (port 1080)
    NNTP    (usenet newsgroups)             (port 119)
    POP3    (receiving email)               (port 110)
    SMTP    (sending email)                 (port 25)
    FTP     (file transfers)                (port 21)

It is possible to change the ports used by AnalogX Proxy for the various proxy services it supports.

[ More Info ]

[/network/proxy] permanent link

Valid HTML 4.01 Transitional

Privacy Policy   Contact

Blosxom logo