# http tunneling

## pludodog

At work, all internet traffic is funneled through a proxy server.  What would be the easiest way to let my gentoo laptop browse the internet through my connection at home from work, preferably over ssh?

----------

## gmoney

htun (http://htun.runslinux.net/) is a good one but it takes a little bit of setting up.  It's not secure (encrypted) but it will work through firewalls that only allow outbound port 80.

----------

## digital diesel

HAHAHHA!!! i did this the other day.  I"ll tell you story when i'm done on what happened to me.

Ok first, you need to have sshd started on your gentoo box and besure to add it to your default run level.

```

root@localhost # /etc/init.d/sshd start

root@localhost # rc-update add sshd default

```

Next you want to emerge a program on your box at home called tinyproxy and configure it properly

```

root@localhost # emerge tinyproxy

root@localhost # vi /etc/tinyproxy.conf

root@localhost # tinyproxy

```

It's going to set the ports on the backend, say to something like 8888.  Then on your computer at work, download puTTY (for windows, see below for gentoo laptops).  It's a free ssh, rlogin, and telnet client.  There's an option on puTTY for tunneling and you want to set it to local.  So the source port is 8888 (or something of your choice) and the destination port is 8888 and then you want to set the destination host like: your.gentoobox.net

Then you want to do a ssh logon while you have the tunnel enabled by pressing open(make sure you have the ssh host to connect to set too, it can be your box as well).  Next go to your browser on your work computer and configure the proxy listen on port 8888 (or whatever you configured as your source port in puTTY).  Make sure that you allow localhost or 127.0.0.1 to go to the proxy as well. 

Finally to make sure that I have transversed the corporate proxy, I go to http://checkip.dyndns.org to check my ip and domain.  Oh yeah and lets say that your corporate slavery joint blocks port 22 (SSH).  You can set your gentoo box at home to send its traffic over port 443 (the SSL HTTP port).  And make sure you connect the the correct host while your at work (your.gentoobox.net:443)

For added fun, you can route every other internet traffic using the same theory as stated above.  Just add this program called "proxy" available from http://proxy.sourceforge.net/.  It's a port redirect with a very small foot print.

Since your laptop is GENTOO, you want to skip the puTTY bullshit.  You'll want to throw a command to connect to your box at home.  You want to look like this:

```

root@localhost # ssh -l root -L 8888:your.gentoobox.net:8888 some.shellaccount.com

```

SO I learned all this when my company saw that I set outlook to check my personal email server every 15mins.  THAT REALLY pissed them off, said I was stealing bandwidth and this was against their user policy.  SO the blocked my mail server, which also happened to be the company's ISP as well.  Well the dumbass hardware dept. ended up getting bitched at non stop from Management when they found out some of our mission critical communications were being blocked by themselves.  THe funny part is the only thing they did was stop themselves.  I had set outlook to check 127.0.0.1 on 110 while tunneling my mail server with the port redirect.  I thought it would be on the safe side to tunnel my web traffic too.

----------

## Caffeine

Hey thanks. I was wondering about setting this up too. It almost deservers a Documentation, Tips and Tricks entry I reckon. 

Now to emerge tinyproxy....

----------

## digital diesel

Hey thanks!!! That means a lot to me.  I suppose you are right too.  I'll do a rewrite and post that in the Tips and Tricks

----------

## Caffeine

It works a treat.  It's plenty fast enough for general use too, although I guess it depends on the speed of your home link. It's sure going to look suspicious in the proxy logs when my IP address virtually disappears.  :Smile: 

Now for the truly paranoid, how about dns look ups? I know they're not cached too long or reviewed, but requesting dns to home machine would be pretty cool ? Or not ? Maybe dnsmasq? Or is there an easier way...

----------

## digital diesel

If your web browswer at work is set to use the 127.0.0.1 as a proxy, wouldn't all the DNS requests go to your gentoo box at home?  I may not understand the actual protocol for how DNS lookups or resolution is done.  Is there something I'm mistaken about?

----------

## masseya

Also of interest:

```
bash$ emerge -s httptunnel

Searching...   

[ Results for search key : httptunnel ]

[ Applications found : 1 ]

 

*  net-misc/httptunnel

      Latest version available: 3.0.5

      Latest version installed: 3.0.5

      Size of downloaded files: 254 kB

      Homepage:    http://www.nocrew.org/software/httptunnel.html

      Description: httptunnel can create IP tunnels through firewalls/proxies using HTTP
```

----------

## timfreeman

here's the mondo one:

*  net-www/squid

      Latest version available: 2.5.3

      Size of downloaded files: 1,003 kB

      Homepage:    http://www.squid-cache.org/

      Description: A caching web proxy, with advanced features

----------

## massysett

I've seen some of these solutions for tunneling traffic through SSH before. It shouldn't look suspicious if SSH runs on port 443, since stuff on 443 is typically encrypted anyway.

My only question is: can one tell, just from looking at the packets, that they're SSH rather than SSL? Sure, you wouldn't be able to tell what's IN the packets, but the very PRESENCE of SSH would be suspicious.

----------

