tunnelling web traffic through ssh

unregistered · 2008-05-10 03:05:02

for tunnelling web traffic through ssh, it says here
http://wiki.freaks-unidos.net/weblog...fox-ssh-tunnel
that i have to set only the SOCKS Host text field in the edit>preferences>advanced>network>connection>settings
to localhost and the port i used for ssh but what about the other fields like http,ftp,gopher,and ssl proxy, shouldn't i need to set those too? if not why and what are those fields for anyway?

btw, is it possible to view streaming video like youtube.com while using a proxy? if so, then how would i go about it?

jordi · 2008-05-10 16:46:17

ssh -D 4444 (or any other port number) youruser@yourserver

see the manual:

-D [bind_address:] port
Specifies a local ''dynamic'' application-level port forwarding. This works by
allocating a socket to listen to port on the local side, optionally bound to
the specified bind_address. Whenever a connection is made to this port, the
connection is forwarded over the secure channel, and the application protocol
is then used to determine where to connect to from the remote machine. Cur‐
rently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a
SOCKS server. Only root can forward privileged ports. Dynamic port forward‐
ings can also be specified in the configuration file.

streaming videos like youtube.com will be possible... surfing the web will be the same as without socks proxy...

I suggest to use a addon like FoxyProxy if you use socks proxy's a lot.

unregistered · 2008-05-11 03:13:13

jordi wrote:

ssh -D 4444 (or any other port number) youruser@yourserver
see the manual:
-D [bind_address:] port
Specifies a local ''dynamic'' application-level port forwarding. This works by
allocating a socket to listen to port on the local side, optionally bound to
the specified bind_address. Whenever a connection is made to this port, the
connection is forwarded over the secure channel, and the application protocol
is then used to determine where to connect to from the remote machine. Cur‐
rently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a
SOCKS server. Only root can forward privileged ports. Dynamic port forward‐
ings can also be specified in the configuration file.
streaming videos like youtube.com will be possible... surfing the web will be the same as without socks proxy...
I suggest to use a addon like FoxyProxy if you use socks proxy's a lot.

1) I already know the ssh part, im talking about the configuration in firefox, sorry if i didn't make this clear.

for tunnelling web traffic through ssh, it says here
http://wiki.freaks-unidos.net/weblog...fox-ssh-tunnel
that i have to set only the SOCKS Host text field in the edit>preferences>advanced>network>connection>settings
to localhost and the port i used for ssh but what about the other fields like http,ftp,gopher,and ssl proxy, shouldn't i need to set those too? if not why and what are those fields for anyway?

2) and another thing about streaming videos, why is it that some proxies i have used before don't allow streaming traffic through?

ok it says here for vpn
http://searchsecurity.techtarget.com/sDefi...213324,00.html#

An additional level of security involves encrypting not only the data, but also the originating and receiving network addresses.

3) so how would the routers know where to route the data if its encrypted? and how would i go about implementing that?

4) btw, is ssh tunnelling an implementation of vpn?

5) another question i have would be that for ssh tunnelling, it works at the transport layer onwards so only applications which are designed to use the port would go through the tunnel and be encrypted right, other apps would not go through the tunnel. On the contrary, IPsec works on the network layer so all information above the network layer whether they use UDP or TCP or whatever ports for TCP would go through the tunnel and be encrypted. Are the above statements correct?

Last edited by unregistered (2008-05-11 08:39:19)

TigerBenedict · 2008-05-12 00:47:34

To configure socks proxy in firefox, type about:config in the address bar, and--once there--search for "socks." You'll see all the socks options, just like in the Windows version. Set your proxy host to localhost, your port to 4444, remote dns lookup if you want, and voila.

pyther · 2008-05-12 10:28:22

You don't need to set http, ftp, etc... because the socks proxy part takes care of it all.
So if you set the socks proxy to localhost and whatever port your set using ssh or putty, you should be good to go.

HyperBaton · 2008-05-13 19:18:02

And if you want to forward traffic from applications that do not support a proxy, you can use tsocks.

unregistered · 2008-05-14 09:41:14

ok, what about my other questions about networking

jordi · 2008-05-14 20:15:10

3) so how would the routers know where to route the data if its encrypted? and how would i go about implementing that?

They are adding an additional header.

2) and another thing about streaming videos, why is it that some proxies i have used before don't allow streaming traffic through?

Just a guess, but I think that is some kind of traffic shaping, so that the proxy remains usable for more users.

4) btw, is ssh tunnelling an implementation of vpn?

Not really, OpenVPN or IPsec would be. With ssh you don't have a additional virtual network interface. If you used VPN you wouldn't need to configure any proxies or use tsocks at all.

5) another question i have would be that for ssh tunnelling, it works at the transport layer onwards so only applications which are designed to use the port would go through the tunnel and be encrypted right, other apps would not go through the tunnel. On the contrary, IPsec works on the network layer so all information above the network layer whether they use UDP or TCP or whatever ports for TCP would go through the tunnel and be encrypted. Are the above statements correct?

Almost. Every application which supports socks proxy can be told to use the ssh-tunnel. (or with tsocks, even those who don't support socks).
And yes, since IPsec is pretty low-level the applications won't notice that they go through a tunnel.

unregistered · 2008-05-15 02:45:03

thanks for the answers

Arch Linux

#1 2008-05-10 03:05:02

tunnelling web traffic through ssh

#2 2008-05-10 16:46:17

Re: tunnelling web traffic through ssh

#3 2008-05-11 03:13:13

Re: tunnelling web traffic through ssh

#4 2008-05-12 00:47:34

Re: tunnelling web traffic through ssh

#5 2008-05-12 10:28:22

Re: tunnelling web traffic through ssh

#6 2008-05-13 19:18:02

Re: tunnelling web traffic through ssh

#7 2008-05-14 09:41:14

Re: tunnelling web traffic through ssh

#8 2008-05-14 20:15:10

Re: tunnelling web traffic through ssh

#9 2008-05-15 02:45:03

Re: tunnelling web traffic through ssh

Board footer