Site-wide Tags:  Linux(17) | CommandLine(12) | Ubuntu(10) | RemoteAccess(7) | Tools(7) | Vim(7) | LiftWeb(5) | SBT(5) | SoftwareDev(5) | Mac(5) | Scripts(4) | WebDev(4) | Diagrams(4) | Lifty(3) | NetworkDrives(3) | Processwire(3) | Security(3) | Fog(3) | VCS(3) | BestPractices(3) | RaspberryPi(2) | WebDesign(2) | Encryption(2) | Windows(2) | SSH(2) | WinCommandPrompt(2) | GitHubRepos(2) | Emacs(2) | PHP(2) | IDE(2) | ErrorMsgs(2) | JVM(2) | Hardware(2) | Bash(2) | Networks(2) | Graphviz(2) | Cloning | Cygwin | Graphics | Java | SystemRecovery | lessc | Maven | Python | PXE | Samba | LXDE | PackageManagement | LifeHacks | LESS |

This site has been archived and will no longer be updated.
You can find my new profile at neilpahl.com. My new blog is at 808.ninja.

Entry 3: Access Remote Intranet (Web Resources or GUIs) via SSH Tunnel

Topic: OpenVPN on Ubuntu Server Behind Firewall   

Tags:  SSH   RemoteAccess   Tools   

Created on Tue, 24 Jul 2012.

Alot of the time I need to join via VPN just so that I can reach the web resources which are only offered on the remote LAN. In this case, seting up a complete VPN infrastructure can be overkill and more efffort than I would like.

So, instead I create an ssh tunnel and route my web traffic to the remote LAN. With just a simple ssh tunnel, and a little configuration to Firefox, I no longer have to add to the complexity of my server on that network. I believe that a simpler setup can reduce vulnerabilities down the line as there is less software you need to keep applying security patches for.

First I need to bind a port to the ssh tunnel. I'm going to use port 1080 since its the one used for the SOCKS proxy in firefox that allows us to use the remote dns. Other uses may require a different port to be bound.

In Linux, just add the -D option to your regular ssh command:

ssh -D 1080 username@remoteiporaddress.com -p 22

the -D is to bind port 1080. the -p is not needed as port 22 is default (my server is behind a firewall so I had to previously setup a reverse tunnel through a relaying agent and therefore usually I use a port other than 22).


In Windows,

I use PuTTy. Enter the usual (Domain name, Username, port) to access the remote server via ssh. To create the tunnel for port 1080, add the configurations to:

Connection > SSH > Tunnels

Under "Add new forwarded port:" put:

source port: 1080
and select the "Dynamic" radio box.
click "Add"

Once the ssh connection is made, the tunnel will be there too. Now, the only trick to this is seting up firefox to use SOCKs proxy with remote dns...

I'm using firefox 14, inthe url bar enter About:config, and click teh button saying you'll be careful (because you will). Now, search for something along the lines of socks_remote_dns and double click the result to make it true.

Now, go to Edit > Preferences

Advanced > Network > Connection > Settings

select the "manual proxy configuration" radio button and fill in:

SOCKS Host: locahost    Port: 1080

And then, you should be able to find web guis which are onthe remote network. I find it particularly usefull for changing the router settings of a router that uses a web interface. for example if I go to their address like "192.168.1.1"

Also, in order to not allways mess with my firefox settings, I use a portable version of firefox which I can stick on a thumb drive. That combined with a portable version of putty can give me the ability to acces that network from anywhere.



PLEASE let me know if I'm doing something wrong, or if you have any suggestions or requests~

blog comments powered by Disqus

All Entries Within This Topic:

Subscribe to this topic:

Browse Topics: