Aha! Finally, someone asked...
first visit :
http://www.nocrew.org/software/httptunnel.htmland read a bit about what the GNU HTTP Tunnel is.
Get the files:
for linux
http://www.macgyver.org/software/httptunnel/and for windows
http://eduardo.cobian.free.fr/gnuht/Win32/Gnu_Http_Tunnel_3_3.zip(I assume you're running windows in your office, behind your Corp LAN).
next, read Dan Brown's HTTP port changing howto :
http://www.familybrown.org/howtos/listen-port-howto.html(the idea being that you're going to make it easy to change the port that your main webserver listens on - but don't actually change it yet, that's what the shell scripts below are for.)
after that, you can create files called :
tunnel-start - which contains:
#!/bin/sh
/sbin/e-smith/config setprop httpd-e-smith HttpPort 8080
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
/sbin/service httpd restart
hts --max-connection-age 20000 -F {your.esmith.domain}:22 80
ps aux | grep hts
grep 8080 /etc/httpd/conf/httpd.conf
(that's 6 lines of text, in case this text input box wraps it - and replace {your.esmith.domain} with your esmith server's domain name)
tunnel-stop - which contains:
/sbin/e-smith/config setprop httpd-e-smith HttpPort 80
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
killall hts
/sbin/service httpd restart
ps aux | grep hts
grep 8080 /etc/httpd/conf/httpd.conf
(6 lines again)
save these two files somewhere nice (personally, I have made a "bin" folder in my home directory where I dump all such scripty bits).
There's essentially three parts to digging the tunnel to your esmith box from the restrictive corporate LAN.
1. Initiate the tunnel server on your esmith box:
sudo tunnel-start
2. Initiate the tunnel client on your windows box:
IF you are running a Proxy on your lan :
htc -P {LAN.PROXY.IP}:{LAN_PROXY_PORT} -F 22 {your.esmith.domain}:80
(that's all on one line - substitute your LAN's proxy address and it's proxy port as appropriate)
IF NO PROXY :
htc -F 22 {your.esmith.domain}:80
3. You have essentially opened up a tunnel to the SSH server on your esmith box via your corporate proxy - neat! Now you have to connect to it. Install an SSH client on your windows box : choose -
http://www.ece.nwu.edu/~mack23/ssh-clients.html(personally, I prefer to have cygwin's version, get it from:
http://sources.redhat.com/cygwin/ )
the address you will be connecting to with your SSH client is
localhost
This will take you via the tunnel to your esmith box.
Now, ssh on it's own may not be all your after, but that's the beauty of SSH! you can redirect all kinds of ports through the tunnel, by adding redirects to your SSH config file! e.g.
#~/.ssh/config
--
### forward to e-smith server-manager
LocalForward 980 localhost:980
### forward to e-smith secure server-manager
LocalForward 981 localhost:981
### forward to e-smith websites (port 8080)
LocalForward 8080 localhost:8080
### forward to e-smith secure websites (port 443)
LocalForward 443 localhost:443
### forward to e-smith IMAP
LocalForward 143 localhost:143
### forward to e-smith LDAP
LocalForward 389 localhost:389
### forward to e-smith FTP
LocalForward 21 localhost:21
all you have to do is (once you have your tunnel in place and you've logged in via SSH) point the various applications (browsers, mail clients, ftp clients etc) to localhost rather than directly at your e-smith box. The connections go through the tunnel, and you are in business. Ah, what fun...
and when you return to your e-smith box, you can stop the http tunnel and put your websites back on to their normal port 80 by running :
sudo tunnel-stop
I suppose you could set these scripts to run in cron to automatically create the tunnel on your esmith box during the time you are at your corporate office... I haven't figured that out as yet.
All the best,
G
9 Replies
1717 Views