Re: SOCKS proxy vs. HTTP proxy!
2009/2/16 Tony Berth tonybe...@googlemail.com: Dear List, what is the functional difference between a SOCKS implemented proxy and a HTTP one? Thanks Tony http://en.wikipedia.org/wiki/SOCKS#Comparison_between_SOCKS_and_HTTP_proxies regards, --ropers
Re: SOCKS proxy
Thanks a lot for your help. I was missing that '-o' ssh option. Cheers Tony On Mon, Feb 16, 2009 at 11:30 PM, Pete Vickers p...@systemnet.no wrote: As I put in my initial email, the key is the -o option ProxyCommand http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config and search for it, there is even a similar example included. /Pete On 16 Feb 2009, at 17:28, Tony Berth wrote: The order is the following: A(ssh client) - C(http proxy server) - Internet - B(ssh server with static IP) Now A can't access the Internet. I can only run a browser on that machine which includes the details from C and only then I can surf/have access to the Internet only on ports 80 and 443! As a result ssh from A to B doesn't work. If I use putty on A and define the details of C in the putty proxy dialog box, I can open a ssh session to B. So the question is, how does this action of putty gets translated into an ssh command? Which flag should I use from the ssh command line in order to achieve the same result? Thanks Tony On Fri, Feb 13, 2009 at 2:05 PM, Pete Vickers p...@systemnet.no wrote: Hmm, I can't grok you problem description, since it's ambiguous. there are serveral devices here: A. ssh client B. ssh server C. http(s) proxy server D. http(s) proxy client (web browser) I thought you mean A+D were one device, C was an interim device, and B was the remote device. Do you instead mean A+C are the same device ? or that B+C are the same device ? B+C on the same device seems to make the most sense, I guess. - eg. you want the tunnel your http sessions over your ssh sessions, and use a proxy server (e.g. squid) on your ssh server device. in which case a line like this in the relevant line in your client's ~/.ssh/config would do it: LocalForward 8080 127.0.0.1:8080 and then set your web browser to use a proxy at 127.0.0.1:8080 /Pete On 13 Feb 2009, at 13:45, Tony Berth wrote: Hi Pete, by http proxy you mean your proxy sitting in your machine where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers p...@systemnet.no wrote: Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) [p...@air] ~ cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~ ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
The order is the following: A(ssh client) - C(http proxy server) - Internet - B(ssh server with static IP) Now A can't access the Internet. I can only run a browser on that machine which includes the details from C and only then I can surf/have access to the Internet only on ports 80 and 443! As a result ssh from A to B doesn't work. If I use putty on A and define the details of C in the putty proxy dialog box, I can open a ssh session to B. So the question is, how does this action of putty gets translated into an ssh command? Which flag should I use from the ssh command line in order to achieve the same result? Thanks Tony On Fri, Feb 13, 2009 at 2:05 PM, Pete Vickers p...@systemnet.no wrote: Hmm, I can't grok you problem description, since it's ambiguous. there are serveral devices here: A. ssh client B. ssh server C. http(s) proxy server D. http(s) proxy client (web browser) I thought you mean A+D were one device, C was an interim device, and B was the remote device. Do you instead mean A+C are the same device ? or that B+C are the same device ? B+C on the same device seems to make the most sense, I guess. - eg. you want the tunnel your http sessions over your ssh sessions, and use a proxy server (e.g. squid) on your ssh server device. in which case a line like this in the relevant line in your client's ~/.ssh/config would do it: LocalForward 8080 127.0.0.1:8080 and then set your web browser to use a proxy at 127.0.0.1:8080 /Pete On 13 Feb 2009, at 13:45, Tony Berth wrote: Hi Pete, by http proxy you mean your proxy sitting in your machine where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers p...@systemnet.no wrote: Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) [p...@air] ~ cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~ ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
As I put in my initial email, the key is the -o option ProxyCommand http://www.openbsd.org/cgi-bin/man.cgi?query=ssh_config and search for it, there is even a similar example included. /Pete On 16 Feb 2009, at 17:28, Tony Berth wrote: The order is the following: A(ssh client) - C(http proxy server) - Internet - B(ssh server with static IP) Now A can't access the Internet. I can only run a browser on that machine which includes the details from C and only then I can surf/have access to the Internet only on ports 80 and 443! As a result ssh from A to B doesn't work. If I use putty on A and define the details of C in the putty proxy dialog box, I can open a ssh session to B. So the question is, how does this action of putty gets translated into an ssh command? Which flag should I use from the ssh command line in order to achieve the same result? Thanks Tony On Fri, Feb 13, 2009 at 2:05 PM, Pete Vickers p...@systemnet.no wrote: Hmm, I can't grok you problem description, since it's ambiguous. there are serveral devices here: A. ssh client B. ssh server C. http(s) proxy server D. http(s) proxy client (web browser) I thought you mean A+D were one device, C was an interim device, and B was the remote device. Do you instead mean A+C are the same device ? or that B+C are the same device ? B+C on the same device seems to make the most sense, I guess. - eg. you want the tunnel your http sessions over your ssh sessions, and use a proxy server (e.g. squid) on your ssh server device. in which case a line like this in the relevant line in your client's ~/.ssh/config would do it: LocalForward 8080 127.0.0.1:8080 and then set your web browser to use a proxy at 127.0.0.1:8080 /Pete On 13 Feb 2009, at 13:45, Tony Berth wrote: Hi Pete, by http proxy you mean your proxy sitting in your machine where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers p...@systemnet.no wrote: Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) [p...@air] ~ cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~ ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) [p...@air] ~ cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~ ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
Hi Pete, by http proxy you mean your proxy sitting in your machine where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers p...@systemnet.no wrote: Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) [p...@air] ~ cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~ ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
Hmm, I can't grok you problem description, since it's ambiguous. there are serveral devices here: A. ssh client B. ssh server C. http(s) proxy server D. http(s) proxy client (web browser) I thought you mean A+D were one device, C was an interim device, and B was the remote device. Do you instead mean A+C are the same device ? or that B+C are the same device ? B+C on the same device seems to make the most sense, I guess. - eg. you want the tunnel your http sessions over your ssh sessions, and use a proxy server (e.g. squid) on your ssh server device. in which case a line like this in the relevant line in your client's ~/.ssh/config would do it: LocalForward 8080 127.0.0.1:8080 and then set your web browser to use a proxy at 127.0.0.1:8080 /Pete On 13 Feb 2009, at 13:45, Tony Berth wrote: Hi Pete, by http proxy you mean your proxy sitting in your machine where you do the ssh to? In my case I want to include the proxy which allows Internet access sitting on the clients terminal and not in the remore machine. Thanks Tony On Fri, Feb 13, 2009 at 1:31 PM, Pete Vickers p...@systemnet.no wrote: Hi, If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) [p...@air] ~ cat ~/.ssh/config # # Host my-server-via-proxy Hostname my-server.com ProxyCommand ~/.ssh/pconn.sh %h %p TCPKeepAlive yes ServerAliveInterval 30 # # and then just [p...@air] ~ ssh my-server-via-proxy to connect but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. /Pete On 13 Feb 2009, at 12:34, Tony Berth wrote: On Wed, Feb 11, 2009 at 9:16 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony
Re: SOCKS proxy
On Fri, 13 Feb 2009, Tony Berth wrote: if I'm reading correctly, ssh -C requests compression of the data and ssh_config LocalCommand specifies a command AFTER I was able to make the connection! Sorry, but I don't understand how this 2 things are related to my problem! The proxy is blocking me before any connection can be stablished. I want to include the data of that proxy in my ssh command in order to make the connection but how can I achieve that? Thanks for your help Tony Sorry, my bad, meant to type ~C , not -C , quite a bit of difference when you're trying to setup theuse of a local command. diana
Re: SOCKS proxy
On 2009-02-13, Pete Vickers p...@systemnet.no wrote: If your just trying to do an SSH connect via a http proxy, then I do something like this: [p...@air] ~ cat ~/.ssh/pconn.sh #!/bin/bash # pconn.sh LF=$'\015' CMD=CONNECT $1:$2 HTTP/1.0 echo yyy${CMD}yyy 2 (echo $CMD$LF echo cat ) | nc proxy_server_ip_address 8080 | ( while read L [ ! -z ${L%$LF} ]; do echo xxx${L%$LF}xxx 2; done cat ) Related; people behind MS proxies that need auth might want to look at ports/www/ntlmaps. but be aware it only works if the proxy admin has not restricted the proxy to prevent CONNECT method to ports other than 443. Unless the SSH server is running on an acceptable port, of course...
Re: SOCKS proxy
On Wed, Feb 11, 2009 at 3:17 PM, Diana Eichert deich...@wrench.com wrote: do you know what a2 is? you say it a Firewall with Proxy if it's a application layer gateway (alg) it actually acts as a MITM to forward your connection. On Tue, 10 Feb 2009, Tony Berth wrote: Dear List, I have following case: - || -- | Firewall with Proxy:port [a2] | --- | client [a1] | - || --(internet)-| Public accessible server with static IP [a3] | -- 'a1' connects only via browser to the internet after defining the proxy:port of 'a2' Is it possible to create a SOCKS Proxy from 'a1' to 'a3'? If 'a1' wasn't blocked to the internet I would: ssh -p 443 -D 2000 userid@a3 but this command times out! is a way to 'tell' to make use of the proxy in 'a2' and redirect all the traffic? Thanks Tony I just realised that my graph wasn't readable so I'll try here to re-draw it: - client [a1] - | | - Firewall Proxy:port [a2] | | (internet) | | - remote server with static IP [a3] Hope that this one will help to draw some attention from the list. Thanks Tony --- Hi Diana, The 'a2' is rather a logical entity. Actually there are 2 machines. One blocking all direct traffic to the Internet and the other is a proxy which address is included in the 'a1's' browser in order to be able to access the Internet! Hope I did answer your question! Thanks Tony
Re: SOCKS proxy
On Wed, 11 Feb 2009, Tony Berth wrote: I just realised that my graph wasn't readable so I'll try here to re-draw it: - client [a1] - | | - Firewall Proxy:port [a2] | | (internet) | | - remote server with static IP [a3] Hope that this one will help to draw some attention from the list. Thanks Tony --- Hi Diana, The 'a2' is rather a logical entity. Actually there are 2 machines. One blocking all direct traffic to the Internet and the other is a proxy which address is included in the 'a1's' browser in order to be able to access the Internet! Hope I did answer your question! Thanks Tony Tony First, I put on my corporate network security hat on. If you're trying to get around corporate policies you're setting yourself up for other problem if they catch you. We find you doing this where I work and ... . Second my helpful reply. :-) Ok, so you don't know the specifics of the proxy. The reason I ask is if it's a MITM proxy, ala Bluecoat, the proxy actually looks at the session contents. If the packets don't look like proper allowed traffic it gets blocked. If it's a dumb proxy you might be able to get through using something like httptunnel. Stating access the Internet doesn't explain what kind of traffic is allowed, however my assumption ( I hate to assume ) is they only want to allow http / https traffic, with perhaps ftp traffic too. diana
Re: SOCKS proxy
Diana == Diana Eichert deich...@wrench.com writes: Diana First, I put on my corporate network security hat on. If you're trying Diana to get around corporate policies you're setting yourself up for other Diana problem if they catch you. We find you doing this where I work and Diana ... . And if you think bad things can't happen to good people, that's pretty much the story behind my conviction, described at http://www.lightlink.com/fors/. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 mer...@stonehenge.com URL:http://www.stonehenge.com/merlyn/ Smalltalk/Perl/Unix consulting, Technical writing, Comedy, etc. etc. See http://methodsandmessages.vox.com/ for Smalltalk and Seaside discussion
Re: SOCKS proxy
On Wed, Feb 11, 2009 at 3:57 PM, Diana Eichert deich...@wrench.com wrote: On Wed, 11 Feb 2009, Tony Berth wrote: I just realised that my graph wasn't readable so I'll try here to re-draw it: - client [a1] - | | - Firewall Proxy:port [a2] | | (internet) | | - remote server with static IP [a3] Hope that this one will help to draw some attention from the list. Thanks Tony --- Hi Diana, The 'a2' is rather a logical entity. Actually there are 2 machines. One blocking all direct traffic to the Internet and the other is a proxy which address is included in the 'a1's' browser in order to be able to access the Internet! Hope I did answer your question! Thanks Tony Tony First, I put on my corporate network security hat on. If you're trying to get around corporate policies you're setting yourself up for other problem if they catch you. We find you doing this where I work and ... . Second my helpful reply. :-) Ok, so you don't know the specifics of the proxy. The reason I ask is if it's a MITM proxy, ala Bluecoat, the proxy actually looks at the session contents. If the packets don't look like proper allowed traffic it gets blocked. If it's a dumb proxy you might be able to get through using something like httptunnel. Stating access the Internet doesn't explain what kind of traffic is allowed, however my assumption ( I hate to assume ) is they only want to allow http / https traffic, with perhaps ftp traffic too. diana Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony
Re: SOCKS proxy
On Wed, 11 Feb 2009, Tony Berth wrote: Hi Diana, this is a 'dumb' proxy and allows http/https traffic only. So ports 80 and 443! What I'm after is the ssh command I have to issue in order to open a connection from 'a1' to 'a3'! If I read correctly, in case I would have used putty on 'a1' I should do the following: http://meinit.nl/using-putty-and-an-http-proxy-to-ssh-anywhere-through-firewalls I was wondering if ssh flag '-L' is doing the same job. By 'httptunnel' you mean the following: http://www.jumperz.net/index.php?i=2a=0b=0 Thanks Tony httptunnel nows refers to more than one software project to tunnel tcp traffic via an http proxy. take a look at SSH(1) -C and SSH_CONFIG(5) LocalCommand