Tunneled IP Addresses? - SSH

This is a discussion on Tunneled IP Addresses? - SSH ; I use ssh tunnels (via putty) to successfully browse my remote web servers. First I connect via ssh. Then I configure an ssh tunnel by specifying that all requests to a particular remote host be sent to '127.0.0.1' - the ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Tunneled IP Addresses?

  1. Tunneled IP Addresses?

    I use ssh tunnels (via putty) to successfully browse my remote web
    servers. First I connect via ssh. Then I configure an ssh tunnel by
    specifying that all requests to a particular remote host be sent to
    '127.0.0.1' - the ssh application then takes over any HTTP requests to
    that address and forwards them out the tunnel. I had to add
    'remotehost' to my w2k hosts table, identifying it on the line for
    127.0.0.1.

    Works fine when I browse to the remote host via its hostname.

    However, some of the pages on the remote server refer to additional
    pages (on the same server), but specify its IP Address rather than
    hostname. My PC attempts to load these private addresses directly,
    rather than sending them through the tunnel. This fails because the PC
    uses its default route to go to that IP rather than via the tunnel,
    hence I fail to get these pages loaded.

    I was hoping I could simply add a route to the private network via
    127.0.0.1. For example:

    route add 10.1.0.0 mask 255.255.0.0 127.0.0.1 metric 1

    However W2K complains "The route addition failed: The parameter is
    incorrect."

    Is there any way to create this type of route?


  2. Re: Tunneled IP Addresses?

    tsreyb@yahoo.com writes:
    >I use ssh tunnels (via putty) to successfully browse my remote web
    >servers. First I connect via ssh. Then I configure an ssh tunnel by
    >specifying that all requests to a particular remote host be sent to
    >'127.0.0.1' - the ssh application then takes over any HTTP requests to
    >that address and forwards them out the tunnel.


    To avoid confusion, I wouldn't put it like that. Rather than SSH "taking
    over" 127.0.0.1 at the IP level, it just starts listening on 127.0.0.1
    port 80; it's more like you've started a web server on your local
    computer, which you then trick your web browser into believing is a
    particular remote host by fiddling your hosts table.

    >However, some of the pages on the remote server refer to additional
    >pages (on the same server), but specify its IP Address rather than
    >hostname. [...]
    >
    >I was hoping I could simply add a route to the private network via
    >127.0.0.1. For example:
    >
    > route add 10.1.0.0 mask 255.255.0.0 127.0.0.1 metric 1


    Rather than trying to persuade your IP stack to do this, I'd do it at a
    higher level -- set up PuTTY to use a "dynamic tunnel", which starts up
    a SOCKS proxy listening on the local machine, and then configure the web
    browser to use that SOCKS proxy. Requests for _any_ hostname or IP
    address made by the web browser will then go over the tunnel.

  3. Re: Tunneled IP Addresses?


    more info from a recent thread:

    http://groups.google.com/group/comp....6a36d1a355ee0?

    --
    Richard Silverman
    res@qoxp.net


  4. Re: Tunneled IP Addresses?

    I put this in a previous post but it may help you.

    What I've found useful, at least in the windows world, is proxycap
    (http://proxylabs.netwu.com/) or sockscap
    (http://www.socks.nec.com/Download/So...load/index.asp). Sockscap
    is free (for non-commercial, and you need to register), but time limited
    (about a year) whereas proxycap costs a few dollars.
    What they both do is grab packets coming from any specified application
    which would otherwise be destined for the internet (e.g. your
    browser/mailclient etc.) and route them to a defined proxy. The useage
    with putty/openssh is to route them to localhost port 1080 (you choose),
    where putty encrypts/portforwards them to your remote SSH server, where
    they are unwrapped and carry on their way to the internet. Using Putty's
    'D' (dyanamic) port forward option (on port 1080, as set above) allows
    any IP that the application is sending stuff to, to be port forwarded.
    In other words the whole setup acts as a proxy web server at the remote,
    SSH server, IP. This has the effect of anonymising the original IP; web
    pages see only the IP of the SSH server, and allows you to tunnel
    through proxy server firewalls, using the proxy features in Putty. Also
    any traffic (personal mail, forbidden web-sites) is encrypted as it
    travels through your local network, right up to your personal machine,
    so your local IT admin/chinese firewall admin, can't read it.

    Now most of you on this board probably knew this; I'm new at this, but
    hopefully it will help someone.

    Richard E. Silverman wrote:
    > more info from a recent thread:
    >
    > http://groups.google.com/group/comp....6a36d1a355ee0?
    >


+ Reply to Thread