ssh tunnel with port forwarding

There are different port forwarding options - local, remote and dynamic.

Please refer to the following link for details - https://help.ubuntu.com/community/SSH/O … Forwarding">https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding

Sounds like a SOCKS proxy ("dynamic forwarding") is what you want. This looks like a pretty good guide using PuTTY on Windows: http://www.adamfowlerit.com/2013/01/05/ … cks-proxy/">http://www.adamfowlerit.com/2013/01/05/using-firefox-with-a-putty-ssh-tunnel-as-a-socks-proxy/

Keep in mind that you'll need to configure your web browser to use the SOCKS proxy (covered in the link above), then change the browser configuration back when you want to stop using the proxy. If you can't reach anywhere in your browser, then probably your SSH connection is closed and you'll need to either open it again or tell your browser to stop using the SOCKS proxy.

Thank you for looking at this.

I setup a 15.10 server, updated, installed emacs, added a local user, put the user in the admin group (emacs /etc/group and changed the default same-as-user-name group to admin), edited /etc/ssh/sshd_config, adding "Port 443" (directly under "Port 22") and AllowTcpForwarding yes (above "X11Forwarding yes"), restarted sshd (sytemctl restart ssh), and successfully logged in to the localhost on both ports.

Puttysetup:

host: user@host

port: 443

Connection->Proxy:

Proxy type: http

Proxy hostname: (proxy ip)

Connection->SSH->Tunnels:

Source port: 9870

Destination: (blank)

Dynamic

Auto

Click Add

Forwarded ports: D9870

FWIW, Windows->Colours:

Default Foreground:

Red: 225

Green: 225

Blue: 0

(yellow foreground on black background is so easy to read. :) )

Saved session and logged in. Works on both 443 and 22. Right now connected via 443. So, i have a terminal over SSH that works fine. That is, i can issue commands as usual.

So far so good.

FireFox setup:

Tools->Options->Advanced->Network->Settings…

Manual proxy configuration:

SOCKS Host: 127.0.0.1

Port: 9870

No Proxy for:

localhost, 127.0.0.1

Try loading example.com:

>

Server not found

Firefox can't find the server at http://www.example.com.

Check the address for typing errors such as ww.example.com instead of http://www.example.com

If you are unable to load any pages, check your computer's network connection.

If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

>

Change the setting back to: Auto-detect proxy settings for the network

And example.com loads as usual.

I appreciate the help so far. Got me to try things from scratch and i now can SSH to the server. But how do i get FF to use it too?

@chacham1:

Connection->Proxy:

Proxy type: http

Proxy hostname: (proxy ip)

This is incorrect, and may be causing the problem. It instructs PuTTY to establish the ssh connection over an HTTP proxy. It does not cause PuTTY to act as an HTTP proxy. I suggest resetting it back to the default.

@chacham1:

Connection->SSH->Tunnels:

Source port: 9870

Destination: (blank)

Dynamic

Auto

Click Add

Forwarded ports: D9870

This looks correct. Since you seem to be able to connect to your Linode via ssh, there may be a local firewall on your Windows machine preventing FireFox from connecting to port 9870. The other problem may be that your Linode does not have access to a particular web site. You can check this by running wget -S -O /dev/null address in the terminal which should return a response of HTTP/1.1 200 OK.

Thank you, i'm going to look into this.

The HTTP proxy setting is to go through the local HTTP proxy. Every outgoing connection requires it. I don't believe i could connect to the Linode otherwise. Which means, iiuc, i need to tunnel through the proxy.

Ah, OK, I missed that part in your original post. If you're able to interact with your Linode over the PuTTY terminal, then look at the two items I mentioned: whether your Linode can reach the destination web site, and whether your local Windows machine has anything preventing Firefox from reaching port 9870 locally (perhaps another program is already using the port?).

@Vance:

Ah, OK, I missed that part in your original post. If you're able to interact with your Linode over the PuTTY terminal, then look at the two items I mentioned: whether your Linode can reach the destination web site, and whether your local Windows machine has anything preventing Firefox from reaching port 9870 locally (perhaps another program is already using the port?).

IOW, is it plugged in? Those are so obvious i never bothered to check them. :) Thank you. I'm hopefully going to check these on Monday and report back.

Windows firewall is off. On the server, wget example.com pulled the html file down. (Checked with less.)

I removed "AllowTcpForwarding yes" as it's the default and therefore redundant.

I also setup a second FF instance (a la firefox -p –no-remote) so i can test without messing up this instance.)

I'm not sure what else to check. Can i test if ff is sending data to putty? Like getting a log from putty or something? How about testing if the server is receiving the forwarded data? Like by running ssh manually (on the server, waiting for the forwarded data) and logging that? I'm just thinking what can be done to test where the failure is, and trying desperately to avert attention from myself. :)

Edit: Try running PuTTY with the -v option in a cmd window before trying the below; it will probably be more helpful. If it behaves like regular ssh, adding extra -v's gets you more detail.

–---

Hmm, this is truly weird. On the client machine, you can configure PuTTY to log all traffic with the "SSH packets" logging level. Set up Firefox to use the SOCKS proxy and try to visit an unencrypted HTTP site. The PuTTY log should at least show the initial DNS lookup attempt.

Note that the log will grow very quickly and will contain private information. You should have the extra logging enabled only when you are actually testing.

Unfortunately, I don't think increasing LogLevel on the server side will provide anything useful. It's really the client where all this happens.

The -v doesn't seem to do anything. Anyway….

Executed: "C:\Program Files (x86)\Putty\putty.exe" -load (saved session) -v -pw (password) -sshlog ssh.log

logged out immediately. Renamed ssh,log to ssh1.log.

Executed same command. hit ctrl-r in the other FF session which was trying to get to example.com, and logged out.

(fwiw, renamed ssh.log to ssh2.log)

Compared the two logs (by placing them on top of each other in notepad and hitting alt-tab many times), no difference on the bottom. In fact, starting with:

Event Log: Opened main channel

Event Log: Local port 9870 SOCKS dynamic forwarding

there seems to be no difference at all all the way to the bottom.

Tried a third time, after changing about:config's network.proxy.socksremotedns to true. No difference. So, something seems wrong.

I hope i'm not doing something really stupid. Here's 2 screenshots in 1, showing off settings:

Sorry, at this point I can't think of any further ways to diagnose things. Maybe try a live Linux distro and see if you can get that to work? That might rule out (or point to) the HTTP proxy you're forced to go through.

[Apparently, i unwatched the topic.]

Thank you for all the help. Not sure what is going on.