If you have a full implementation of SSH on said web server, just use: ssh -D 3128 [EMAIL PROTECTED]
Then set your browser to use the SOCKS proxy built into the SSH server. That is, go to your proxy settings for your browser, and under SOCKS proxy, put localhost:3128 (or whatever port you chose when you connected). You can then surf *any* site from the web server itself by simply typing the name. If you want to see something on the local server that you are ssh'ed into, you use http://localhost/. Note that the SOCKS proxy can be used for many fun things other than browsing... like tunneling IM, avoiding content filters and other corporate / restrictive appliances, tunneled ftp & irc, etcetera. Note that your connection is encrypted to the head end, then it's up to the specific protocol to protect you. That is, you're encrypted all the way to the SSH server, but if you use a clear text protocol such as HTTP it will be clear text beyond the SSH server (obviously). We use this feature for exposing only an SSH gateway to the bad nasty outside (which is actually inside our network), then we tunnel everything through SSH to access things behind our firewall. Note that this feature isn't available in all implementations of SSH, such as Cisco's SSH server on their firewalls. Most full implementations of SSH should have it though. bforbes wrote: > > The known_hosts problem can be eliminated with the option > -o NoHostAuthenticationForLocalhost=yes > > -- View this message in context: http://www.nabble.com/Tunneling-through-unfriendly-firewalls-tf2830640.html#a8000008 Sent from the SSH (Secure Shell) mailing list archive at Nabble.com.
