PDA

View Full Version : Set up a web proxy


tk102
08-09-2008, 02:13 PM
Some of you may find yourself having to work behind a draconian corporate firewall that has chosen to block some of your favorite sites. In terms of web filtering, my I.T. department recently switched from bad to horrible, blocking all LFNetwork sites except Lucasforums. Not good if I'm expected to be a sysadmin here.

After getting nowhere trying to petition the bureaucracy I turned to Google and found a great tutorial on setting up a home web proxy using OpenSSH, SpoonProxy, and PuTTY.

http://www.linquist.net/geek/proxy

Since my corporate firewall didn't even allow outgoing SSH connections on port 22, I had to tell PuTTY to use port 443 (SSL) and then set my router up to forward it back to 22.

The scheme is like this:

Firewall
||
|| Public Port 443 ------
+-------+ SSH on || forwarded to // \\
| work | Port 443 || +---------+Port 22 || ||
| PC | +----------++---+Home +---------+ | Internet |
| | | || |Router | | || ||
| | | || +---------+ | +-----\\ //
++-------+---+--------+ || | | ------
|PuTTY port forwarding| || +-+----+--+
|ports 80->8080 | |Home PC |
| 443->8081 | +---------+
+---------------------+ OpenSSH listening to port 22
|Firefox proxy set to | SpoonProxy translates back
|HTTP -> localhost:80 | 8080 -> 80
|SSL -> localhost:443 | 8081 -> 443
+---------------------+


I'm using Zone Alarm also on my home PC and have it set up to permit incoming connections to port 22 only if the IP is in my corporate IP range. My D-Link router didn't provide that level of filtering.

Anyway, it's working like a charm. The nice thing about SpoonProxy is that even though it's 'trialware' it provides 1-to-1 connections for free with no time limit.

Note: I don't have a static IP address at home so I will occasionally have to reset the IP that PuTTY is pointed to or sign up with something like http://no-ip.com

ChAiNz.2da
08-09-2008, 02:38 PM
Interesting stuff tk...as I too am under the iron thumb of the Proxy Czar at work :snear:

Do you think this would work even if your company uses a proxy .pac file?

tk102
08-09-2008, 03:47 PM
You should be able to set up PuTTY to work through the proxy setup. First you'll need to look at the contents of the proxy.pac file in a text editor to discover the name and port of your company's proxy server -- then you should be able to set PuTTY up to manually navigate the proxy.

Ex. : My old company used a proxy.pac located at http://proxy.mycompany.com/proxy.pac I downloaded that file and opened it in notepad. I found that it was redirecting my IP address range to http://proxyf.mycompany.com:81 for HTTP requests. By specifying that in the manual configuration of Firefox, I didn't have to use the proxy.pac anymore.

Below is the proxy section of PuTTY.
http://img514.imageshack.us/img514/8853/41955025pc6.gif

Astrotoy7
08-09-2008, 11:04 PM
we can get on LFN at work, but rarely have time to :p

Interesting that you started a proxy related thread tk. This is one area Im a bit less clear on... how can i fool the internets that I am in a particular country.

The reason why ? nbc, bbc etc have streaming content on their sites that can only be accessed if you are in a certain country... I know there are sites that you C+P urls into, but I want a service that runs in the background so I can apply it to my htpc

any tips, tricks or apps ?

mtfbwya

Ray Jones
08-10-2008, 05:39 PM
There are paid services offering this and more (anonymous browsing). Open or free alterternatives like the tor network often lack bandwidth so that's more like fail. Since you need a proxy outside of your house to "hide" your true connect to the web, there is nothing helpful you could run at home.

tk102
08-10-2008, 06:21 PM
There are paid services offering this and more (anonymous browsing). Open or free alterternatives like the tor network often lack bandwidth so that's more like fail. Since you need a proxy outside of your house to "hide" your true connect to the web, there is nothing helpful you could run at home.

Services like anonymizer are usually the very first sites that get blocked by corporations. The point described here is to work around web filtering, not to provide anonymous surfing.

Ray Jones
08-11-2008, 03:18 AM
Oh, I replied to Astro's post asking about geo spoofing for his *home* theater PC, tk. ;*

:o ~tk