[lug] traceroute on forwarded ports plus socks vs port forward
karl horlen
horlenkarl at yahoo.com
Wed Jul 6 15:46:42 MDT 2011
b/c the firewall only allows ssh access to the server in question. vpn access is limited to another corporate server with a global config for all clients
--- On Wed, 7/6/11, Dan Ferris <dan at usrsbin.com> wrote:
From: Dan Ferris <dan at usrsbin.com>
Subject: Re: [lug] traceroute on forwarded ports plus socks vs port forward
To: "Boulder (Colorado) Linux Users Group -- General Mailing List" <lug at lug.boulder.co.us>
Date: Wednesday, July 6, 2011, 1:48 PM
So why can't you just run OpenVPN on the remote server instead of
SSH? I don't see why your local VPN server has anything to do with
this.
I've done exactly what you are trying to do and SSH tunneling is
slow, nasty, and dies a lot. Especially if you get even the
smallest amount of packet loss.
Dan
On 7/6/2011 1:49 PM, karl horlen wrote:
unfortunately the VPN server we use uses a global config
for all clients and they don't want internet traffic being
routed through it
--- On Wed, 7/6/11, Dan Ferris <dan at usrsbin.com>
wrote:
From: Dan Ferris <dan at usrsbin.com>
Subject: Re: [lug] traceroute on forwarded ports plus
socks vs port forward
To: "Boulder (Colorado) Linux Users Group -- General
Mailing List" <lug at lug.boulder.co.us>
Date: Wednesday, July 6, 2011, 12:42 PM
OpenVPN is your friend in these types of situations.
You can use an OpenVPN server to push routes for
things around. It's also a lot more reliable that
using things like SSH tunnels.
Dan
On 7/6/2011 10:48 AM, karl horlen wrote:
i'm
trying to route local port 80 / 443 locally
to an external server so i can browse
through it.
is there a way to confirm that i am indeed
using those ports? when i run a tracert
(the client is windows and i'm running
tracert from cmd aka dos prompt), the hops
still route through my dsl provider. i
presume that is the correct behavior since
traceroute probably works on a different
port other than 80 or 443.
so other than using a packet sniffer, is
there a command i can run to prove when i
load an url in a browser that i'm actually
routing through my remote server via ssh
tunnel and not through the hops associated
with my dsl provider.
finally, i'm forwarding two local ports, 80
and 443 and am assuming that on a windows
box the browser should just find and use
these ports. i've seen recommendations for
using a socks proxy to achieve the same
result. i'm trying to understand the
difference. from what i gather, a socks
proxy will do the same thing but you only
have to set one forwarding which is the
socks ip address instead of two (80 and 443)
in port forwarding method. but you also
have to configure the app, in this case the
browser to use the proxy, an additional
step. then the browser / app simply
forwards all requests on any and all ports
fed to it to the socks proxy port. is this
correct?
i guess i'm not sure what the benefits are
to using one method vs the other. since ssh
(windows putty) allows you to configure
multiple port forwards in one definition,
once you set it up, you just have to kick
off the connection so it saves you the
hassle of enabling disabling socks proxy in
your browser config.
so why would i want to use a socks proxy? i
can't think of any
thanks
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-----Inline Attachment Follows-----
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: irc.hackingsociety.org port=6667
channel=#hackingsociety
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-----Inline Attachment Follows-----
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20110706/cbd27f16/attachment.html>
More information about the LUG
mailing list