An SSH Tunnel can be used to get around a firewall, encrypt data, and to bypass common filters. They can also give you access to your internal network when you are outside of it. Theoretically, our internet connection will go through tunnel using SSH. At the other end, the remote host (the host we did SSH to) we do port forwarding. This method is valid when you have account in remote server and firewall in our network allow SSH connection to pass.
In this article we will discuss how to set up a tunnel between a Linux machine and/or Windows 8 and a FreeBSD machine. For this, I use:
- Linux, Slackware64 14.0, as a client / remote computer
- Windows 8, as a client / remote computer
- FreeBSD 8.3 amd64, as a server / connecting computer
- Tinyproxy on FreeBSD
Enabling the SSH Daemon
If you enabled SSH when you installed FreeBSD you already on your way to getting one set up. If you aren’t able to SSH to your machine make sure that it is enabled in rc.conf
You can start it with
To check that SSH is running you can attempt to SSH into your own machine.
If you are asked to accept the key or are asked for a password then its working.
Like any FreeBSD package, Tinyproxy can be installed from the ports. To do so, invoke this commands:
cd /usr/ports/www/tinyproxy make install distclean
Once the install completes you will need to rename the config file and edit it.
Its a good idea to change the port to something other than 8888. In this tutorial we will use 1351 for the tinyproxy port. The rest of the settings will work as they are, 127.0.0.1 is allowed access by default, and since we will be tunneling to this machine thats the only one we need.
It may also be a good idea to change the log path to something besides /var/logs/tinyproxy.log if you have a small /var partition. The log contains a list of all urls you access through it and this can easily fill up your partition if you use it daily. You may also want to make sure that data is safe if there are other users on the machine.
Before you can start tinyproxy you need to add the following to your /etc/rc.conf file
Then start it using its start up script
Installing SSH Tunnel on Windows
SSH Tunnel is actually the name of the program we will be using for out ssh tunnel. You can download SSH Tunnel here.
Choose Config from the Edit menu and enter in the tunnel information. Fill it out similiar to the following with your own information.
The tunnel creates a port on the Windows machine that comes out on the FreeBSD machine. This is why the listen port is your localhost. On the other end you give the internal IP of the BSD box and the port you set tinyproxy to.
Once you save the tunnel it will appear on the drop down menu from the home screen. Choose it and hit connect.
If you are able to connect successfully the light will turn green. If you are not able to connect try connecting with a different SSH client to make sure that you are able to connect at all. If the FreeBSD machine is behind a firewall or router you will need to forward port 22.
Creating the Tunnel on Linux
To create a new tunnel, open up terminal and create connection using ssh client. The things we must consider is: address of our remote host (our FreeBSD machine), the local port we want to redirect, and the port on the remote machine (1351).
For example: our machine is identified as freebsd.celestial-being.net with tinyproxy on port 1351. We want to redirect port 1050 to freebsd.celestial-being.net:1351. Then the command we need is:
ssh -f user:[email protected] -L 1050:freebsd.celestial-being.net:1351 -N
The -f switch tells ssh to go to the background just before it executes commands. This is followed by the username, password, and server you are logging into. The -L 1050:freebsd.celestial-being.net:1351 is in the form of -L local-port:host:remote-port. Finally the -N instructs OpenSSH to not execute a command on the remote system.
Testing the Tunnel
Open a command prompt in Windows 8 (Run and then cmd). If you run Linux, open the terminal. Whether you open command prompt or Linux terminal, type the following
telnet localhost 1050
1050 is the port we used above in the tunnel settings, if you choose a different port use that. If you get an error that you are unable to connect then either the tunnel settings or the tinyproxy config is incorrect. Otherwise you are ready to start using the tunnel.
Configuring the Browser
In Firefox go to Tools > Options and then choose connection settings from the general tab. Select manual proxy configuration and enter localhost and 1050 for the port. This will point your browser to go through the tunnel and tinyproxy on the other end for everything.
Tunneling Other Traffic
Tinyproxy limits what can go through to traffic on port 80 and 443 by default for web traffic. If you would like to tunnel other traffic such as your instant messengers you will either need to add those ports to the tinyproxy.conf file or you can comment out the following lines
#ConnectPort 443 #ConnectPort 563
Once they are commented out and you restart tinyproxy everything will be allowed through the proxy. This is a risk, so if you don’t need this option just stick to the defaults or allow the ports individually.
Using Putty instead of SSH Tunnel for Windows
If you do not have admin rights on your machine you can use Putty instead to set up the tunnel.