Re: ssh as proxy?

[Eric Bambach <eric@cisu.net>]

On Tuesday 15 February 2005 09:47 pm, you wrote:
> On Tue, 15 Feb 2005, Eric Bambach wrote:
> > Yep, you're 95% of the way there.
> > Instead of the -L option try the -D option. This works to circumvent IRC
> > restrictions for me in school ;)
> > Im not too well read on ssh forwarding so I dont know the technical
> > difference between them, but it seems -D will get you by just fine at
> > least for web.
> >
> > Open console, type ssh -l username -D6667 mysshserver.com
> >
> > Then ssh will act as a socks4/socks5 proxy. Set up application
> > appropriately and it will go!
>
> Thanks for the feedback. I'm looking for ways to test this out, and in
> order to do so I need to be able to close all ports on the test machine
> except 443. Is there some comand(s) I can issue that would do this? This
> would be on a workstation, Debianish machine without any sort of firewall
> running. Short of a command(s), what would be the simplest way to
> accomplish this port blocking for testing purposes? Is there a system-wide
> config I could edit?

Im not familiar with debian though usually you use iptables rules to close off 
your machine. Remember to do this locally! You will lose ssh connections if 
you play with  iptables remotely and without caution ;)

If you are blocking ALL outbound traffic see below. If you are blocking 
traffic coming in, change output to input and dport to sport. Man iptables 
will give you lots of info and there are MANY guides out there to get you 
started with firewalling. In either case, closing all but one port will 
require only two rules.

#Something like this...havent written iptables rules in a while
#Set the default policy to REJECT all outgoing connections
iptables -P output REJECT
#Add a rule to allow outgoing port 443 traffic
iptables -A output -p ip --dport 443 -j ACCEPT

HTH! 
> Thanks, James
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs

-- 
----------------------------------------
--EB

> All is fine except that I can reliably "oops" it simply by trying to read
> from /proc/apm (e.g. cat /proc/apm).
> oops output and ksymoops-2.3.4 output is attached.
> Is there anything else I can contribute?

The latitude and longtitude of the bios writers current position, and
a ballistic missile.

                --Alan Cox LKML-December 08,2000 

----------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs