Topic: private proxy

[jodahall]

Hi Guys....

I know you don't recommend this but I think i need to set up a private open proxy, can this be done in sme 7 ??

here is what i'm faced with....if you have a different suggestion let me know.

where i am they have shut down everything so tight that i cannot get anything done.  they have shut down almost all the ports, telnet, ssh, 8080, and everything else....the only ports that are open are 21 and 80 (probably some others but i cannot find them).

so i cannot use im, ssh, many..many websites are content blocked all that stuff.

I originally thought about setting up a ssh tunnel, but with port 22 being blocked that didn't work.  I still require ftp so i don't want to put ssh on 21, and i do require 80.

so after all that blabbing here is what i need in short form...

from my work (external network) i want to access some blocked websites, i also want to be able to ssh to my sme box and still ftp to it as well.
port 21, 80 are open
port 22, 3128, 8080....and everything else is closed


what can i do ??

[bpivk]

I know you don't recommend this but I think i need to set up a private open proxy

This is not a good idea. As a mater of fact it's a bad idea.
People (hackers & company) scan for open proxyes all the time so they can atack other computers.
And if they do that they not only use your bandwith but they leave your IP on other computers that they hacked or othervise atacked. It's like seling your fingerprint on ebay. You never know who has it. It can be you or it can be your friendly next door hacker.

You should talk to admin of the computer you're using and let them open a few ports for you they should understand and open them (if you're not still in high school and just wish to watch "inapropriate" websites ).

[jodahall]

This is not a good idea. As a mater of fact it's a bad idea.
People (hackers & company) scan for open proxyes all the time so they can atack other computers.
And if they do that they not only use your bandwith but they leave your IP on other computers that they hacked or othervise atacked. It's like seling your fingerprint on ebay. You never know who has it. It can be you or it can be your friendly next door hacker.

You should talk to admin of the computer you're using and let them open a few ports for you they should understand and open them (if you're not still in high school and just wish to watch "inapropriate" websites ).

I've done a bit of reading about the open proxy, and it won't truly be a open proxy, as you can configure it to allow access from only one ip address.  I know it's still a risk and it's not what i totally what i want to accomplish.

I think what i may do is pay my isp for a 2nd ip address and setup a second sme server so that I can do a ssh tunnel to port 80 or 21.

that will solve my ssh problem....and i guess there is a way to proxy from there, i just don't know how....this whole proxy thing has always confused me.

the thing is i can't read up on too much, because most of the sites with the information are blocked !!!!

and no i'm not in highschool looking for nuddie pictures, and my administrator will not open any more ports, even if i ask very politely...lol

[bpivk]

I've done a bit of reading about the open proxy, and it won't truly be a open proxy

Well my post was more in the line of full open proxy.

Umm where are you from that you have such a high security port policy.
Sorry for my curiosity.

And another question...
Why do you need ssh so bad? Can't you wait untill you get home and then use the internet. Are are you from china or something (i have read that some countryes have a strong censorship).

[haymann]

What about using the OpenVPN Bridge contrib by VIP-ire? I have been using it for some time, and just installed this on a new server of mine today, and continue to be very impressed with it's configuration options. One of the options is to allow the connected "guests" to use the server as a gateway if they are connected. I have never tried it, but sounds like it might work for you. Also it looks to me like you can specify any port that your would like, I have never tried 21 or 80 myself...
HTH,
Ryan

[bpivk]

I'm still not sure.... What ports are open at your SME box? Have both computers (the one you're trying to connect from and SME) blocked ports or only one of them?

And can't you just change ISP?

And use shields up or some other portscan webpage and check for open ports and report here so we at least know what ports are open at both boxes.

[jodahall]

Well my post was more in the line of full open proxy.

Umm where are you from that you have such a high security port policy.
Sorry for my curiosity.

And another question...
Why do you need ssh so bad? Can't you wait untill you get home and then use the internet. Are are you from china or something (i have read that some countryes have a strong censorship).

i work for a big corporate conglomerate in canada that is so....for a lack of better terms....whacked with their security policies.

I have two reasons, one the wife and kids are home and every once in a while the satellite goes down (which is a linux box), i have to go in and restart a particular daemon....it's way....way.....way to painful to walk the wife through it....that's the reason i need ssh.

now the blocked webpages are actually work related....which doesn't mean anything to the admin here.....they have left ebay and youtube open, but they have blocked sourceforge and a number of perl scripting sites (i write a bunch of scripts in perl and like to see examples to learn things).

so instead of going through the corporate bullcrap and waiting for 6 months till it goes to the ceo and he says no i though i would do this instead.


so ya, i don't really have to have the ssh, but it makes the wife happy, and when she's happy, i'm less miserable

[jodahall]

I'm still not sure.... What ports are open at your SME box? Have both computers (the one you're trying to connect from and SME) blocked ports or only one of them?

And can't you just change ISP?

And use shields up or some other portscan webpage and check for open ports and report here so we at least know what ports are open at both boxes.

it's not my isp it's my work, i'm behind a firewall that only allows 21 and 80 essentially.  i could change my ssh at home to listen on one of those ports but i have a ftp and webserver that i want to keep running....

i can setup a new box on a different ip and have the ssh running on port 80 there, and that's what i may end up doing.  i guess once i do that i will be able to tunnel to that box and then surf through that box and get to the sites i can't now......I think

[bpivk]

i have to go in and restart a particular daemon....it's way....way.....way to painful to walk the wife through it....that's the reason i need ssh.

Why don't you just write a cron job? That way the server could restart the daemon and you wouldn't have to.


Back to topic...
If you only have two open ports at work you'll have to find one more (free) open port to use ssh or vpn.

i can setup a new box on a different ip and have the ssh running on port 80 there, and that's what i may end up doing. i guess once i do that i will be able to tunnel to that box and then surf through that box and get to the sites i can't now......I think

Yes that could work.

it makes the wife happy, and when she's happy, i'm less miserable

We're on the same boat here.

[WA-Naemr]

I have an idea to bounce off you, for the unfiltered browsing from work, a web based proxy should do the trick, as a hacker cant use it for anything but looking at websites. such proxies can be cgi or php, and sit in an ibay, or a subdirectory of one, such as your primary
the one i use can be downloaded from http://www.hotscripts.com/Detailed/35942.html

and as for the ssh, again, i offer a web based solution, and just like the web proxy allows you to access any box the SME server can see,
this one i found, but have not yet tested,
http://sourceforge.net/projects/phpeshell/

Hope this helps out.

[kruhm]

"i could change my ssh at home to listen on one of those ports but i have a ftp and webserver that i want to keep running...."

This is the route you want to go. Portscan for other open ports. Since you haven't done this, your options are limited right now (i can't imagine FTP is absolutely necessary) (also i chuckle that they block ports out of security, but still allow ftp). Then change ssh (or rdp) at the home end to listen off at it.

try port 5190
most enterprises will keep this open for their execs.

cavet empor -this is most likely against workplace policy. tread lightly out of self preservation.