Deprecated: Function set_magic_quotes_runtime() is deprecated in /membri/cyberstorm/phpBB3/common.php on line 106

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3390: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3392: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3393: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3394: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
Neptune354 :: View topic - ..SSH tunneling..(Encrypt your web browsing)...........
Neptune354
http://cyberstorm.altervista.org/phpBB3/

..SSH tunneling..(Encrypt your web browsing)...........
http://cyberstorm.altervista.org/phpBB3/viewtopic.php?f=8&t=46
Page 1 of 2

Author:  rickster24 [ 20 Feb 2008, 20:33 ]
Post subject:  ..SSH tunneling..(Encrypt your web browsing)...........

Hi All

I’m trying to create a HTTP proxy using SSH tunnelling…. i.e gets
around my companies firewall (which allows SSH on port 22).

Neptune354g v0.2
Remote administration works – tested

However I can’t get SSH to work, I’m using putty as the client,
from reading through various mails it seems that this may not
work from the remote side. Local connection works find.

1. Can someone please confirm this?

2. Some post suggest running a script and modifying IP tables.
Can some put me in the right direction how to do this?

3. I’ve booked out the source, as I want to lean embedded linux,
which I shall attempt to compile under VMware via ubuntu.
Question how do I book out version 0.1?

Please note I’m windows user so I have a big learning curve….

Any help is greatly appreciated

Rickster24

Author:  cyberstorm [ 27 Feb 2008, 12:54 ]
Post subject:  Re: ..SSH tunneling..(Encrypt your web browsing)...........

hi, by default SSH does not accept connection from WAN, you should add a pair of iptables lines to the online script, I already written it somewhere, just look around here on my site.

Quote:
3. I’ve booked out the source, as I want to lean embedded linux,
which I shall attempt to compile under VMware via ubuntu.
Question how do I book out version 0.1?


what do u mean with book out? Source code is on SVN, it's all written on my site. Honestly i dont remember with SVN revision correspond to v0.1 but why not just check out the HEAD (v0.2) ?

Ubuntu + VMWare is OK, it may just be a bit slow in compiling. I wrote a guide about compiling sources, it's on my site. You just need to get the right toolchain and install some devel packages on ubi.

Author:  rickster24 [ 05 Mar 2008, 23:11 ]
Post subject:  Re: ..SSH tunneling..(Encrypt your web browsing)...........

Thanks for the reply Cyberstorm - Apologies for my delay……

what do u mean with book out? Source code is on SVN, it's all written on my site. Honestly i dont remember with SVN revision correspond to v0.1 but why not just check out the HEAD (v0.2) ?

I mean check out (I’ve not used SVN)…..only because I wanted to see the changes made from 0.1 to 0.2 - learning exercise

I’ve now checked out the head (v0.2)……….

Compiling – thanks for your guide (Help)
http://cyberstorm.altervista.org/wag354g/guides/howto_build_en.txt

I’ve installed all the packages as specified, registered the tools etc… attempted to compile……….fixed the make file as specified in the guide i.e.

if [ "$${CONFIG_MODULES}" = "y" ] ; then \
In both cases, two lines beyond, there is this:
fi ) \

Cange it in:

fi ; \

When compiling WAG354G-EU-v1_01_11-00……………………………………………

The first error I get which I can not resolve is

nflate.c:1307: warning: implicit declaration of function `cm_hwDecodeLZMA'
inflate.c:1288: warning: unused variable `inflate_slide_window'
inflate.c: At top level:
gzip.h:10: warning: `output_data' defined but not used
gzip.h:11: warning: `output_ptr' defined but not used
gzip.h:19: warning: `window' defined but not used
gzip.h:20: warning: `inptr' defined but not used
gzip.h:21: warning: `outcnt' defined but not used
gzip.h:33: warning: `input_data' defined but not used
mips_fp_le-objcopy -S -O binary /home/rick/Desktop/router/LinksysV11/WAG354G-EU-v1_01_11-00/src/linux/linux-2.4.17_mvl21/vmlinux zimage
if [ -e ../../../../../../../../gtnsp/tools/bin/7zip ]; then \
../../../../../../../../gtnsp/tools/bin/7zip zimage zimage.7z; \
else \
if [ -e ../../../../../tools/7zip ]; then \
../../../../../tools/7zip zimage zimage.7z; \
else \
7zip zimage zimage.7z; \
fi; \
fi
../../../../../tools/7zip: error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No such file or directory
make[2]: *** [zimage.7z] Error 127
make[2]: Leaving directory `/home/rick/Desktop/router/LinksysV11/WAG354G-EU-v1_01_11-00/src/linux/linux-2.4.17_mvl21/arch/mips/mips-boards/ti_avalanche/inflater'
make[1]: *** [ram_zimage] Error 2


When compiling Neptune354gv0.2……………………………………………

make[2]: Leaving directory `/home/rick/Desktop/router/v0.2checkOut/trunk/router/zebra'
Making clean in doc
make[2]: Entering directory `/home/rick/Desktop/router/v0.2checkOut/trunk/router/zebra/doc'
cd .. && automake --foreign --include-deps doc/Makefile
configure.in:10: your implementation of AM_INIT_AUTOMAKE comes from an
configure.in:10: old Automake version. You should recreate aclocal.m4
configure.in:10: with aclocal and run automake again.
make[2]: *** [Makefile.in] Error 63
make[2]: Leaving directory `/home/rick/Desktop/router/v0.2checkOut/trunk/router/zebra/doc'
make[1]: *** [clean-recursive] Error 1
make[1]: Leaving directory `/home/rick/Desktop/router/v0.2checkOut/trunk/router/zebra'
make: *** [zebra-clean] Error 2
rick@rick-desktop:~/Desktop/router/v0.2checkOut/trunk$ B


Not sure they are related..............???


hi, by default SSH does not accept connection from WAN, you should add a pair of iptables lines to the online script, I already written it somewhere, just look around here on my site.


Thanks I found it and shall try it………..
http://192.168.1.1/Port_Services.asp - would this hidden page do the same, or is it just a waste of time (!!!!! does not work -- Ignore this line !!!!!!)

Any help greatly appreciated

Thanks Rick

Author:  rickster24 [ 10 Mar 2008, 21:39 ]
Post subject:  Re: ..SSH tunneling..(Encrypt your web browsing)...........

For others....iptable info can be found here....

http://groups.google.it/group/neptune35 ... gst&rnum=3
viewtopic.php?f=8&t=9
http://cyberstorm.altervista.org/?p=31

I've performed the following from one of the guides above .........
change router-ip and ssh-port and wan-router-ip to your values.
Last rule may be optional, try and let me know if it works

iptables -A INPUT -p tcp -m tcp -d router-ip --dport ssh-port -j limaccept
iptables -A INPUT -p tcp -m tcp -d router-ip --dport ssh-port -j ACCEPT
iptables -A PREROUTING -p tcp -m tcp -d wan-router-ip --dport ssh-port -j DNAT --to-destination router-ip:ssh-port


For my setup this is as follows....
Code:
iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j limaccept
iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j ACCEPT
iptables -A PREROUTING -p tcp -m tcp -d XX.XX.XX.XX --dport 22 -j DNAT --to-destination 192.168.1.1:22

Where XX.XX.XX.XX is my routers external ipaddress

The last line gives the following error..........
iptables: No chain/target/match by that name
The author believes the last rule may be optional? I can only test tomorrow and I'll update as necessary

Any ideas?
Is there any other way of getting the wan-router-ip instead of typing it in

Author:  rickster24 [ 14 Mar 2008, 20:27 ]
Post subject:  Re: ..SSH tunneling..(Encrypt your web browsing)...........

It works really well (just one issue to solve) then I'll write a small guide

Author:  cyberstorm [ 16 Mar 2008, 10:23 ]
Post subject:  Re: ..SSH tunneling..(Encrypt your web browsing)...........

great! If you are able to send me a patch I will add it as an option to the firmware

Author:  rickster24 [ 18 Mar 2008, 21:43 ]
Post subject:  Re: ..SSH tunneling..(Encrypt your web browsing)...........

All - Just a quick update...

To add external SSH access the following line can be entered from the shell..
Code:
iptables -I INPUT -p tcp -m tcp --dport 22 -j limaccept

(22 or whatever port you have selected)

Note1. limaccept used as this shall cause a log entry in the firewall log
Note2. The last line of the INPUT section in the iptable is a catch all, any other inputs
are rejected. Therefore the -A (append) command shall never work. The -I (insert)
command adds the new rule at the beginning of the list.


i.e. after applying the command you get
use the command
Code:
iptables -L INPUT


Chain INPUT (policy ACCEPT)
target prot opt source destination
limaccept tcp -- anywhere anywhere tcp dpt:ssh
limaccept udp -- anywhere anywhere udp dpt:tftp
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
....etc

Author:  rickster24 [ 18 Mar 2008, 22:16 ]
Post subject:  Re: ..SSH tunneling..(Encrypt your web browsing)...........

I've created this script file online.sh to run when ADSL connects (i.e.
selected to run from the Administration page) Contains debug info

Code:
[size=85]#!/bin/sh
#
# add external SSH access
#
#debug
echo "Script Started" 1>>/mnt/online.txt
echo $PATH 1>>/mnt/online.txt
#
# small delay to allow the interface to be enabled (does not work)
sleep 5

#debug - display current iptables
iptables -L INPUT 1>>/mnt/online.txt

iptables -I INPUT -p tcp -m tcp --dport 22 -j limaccept

#debug - display iptables after adding new rule
iptables -L INPUT 1>>/mnt/online.txt

# online2.sh &   tried creating a script to run in the background (does not work)

echo "Script Ended" 1>>/mnt/online.txt[/size]


This script creates online.txt file when it runs...........
(Notes - do not use this file its only for debug info)


When ADSL connects...it does enable/add the SSH rule but gets immediately
over written (a delay in this file makes no difference)
I've tried calling another script from this file to run in the background, but it does not work...
(The issue being the restriction placed on this call eval("sh","/mnt/online.sh"); I guess)

If any one knows a quick work around please let us know?

To cyberstorm, possibly the call run_online_sh() could go at the end of the function
start_wan_done(char *wan_ifname)?
I would test, but still have compile issues (which I have avoided)
(Only a change to the iptables is required (if we can get the script file working no change is required))

I hope this helps (I shall add a quick guide, how to set up putty and firefox for tunneling)

P.S. Other, I've never user SSH/tunneling before, but I was impressed when I could use the shell and surf the
web at the same time.

Author:  makuyl [ 24 Mar 2008, 14:35 ]
Post subject:  Re: ..SSH tunneling..(Encrypt your web browsing)...........

Hi,
I'm a bit stuck on wol and ssh forward.
The
Code:
ip neighbor add 192.168.1.254 lladdr ff:ff:ff:ff:ff:ff dev br0 nud permanent
bit works wonders for wol, but I simply cannot connect trough wan with ssh. On lan it works.
Have made a port forward rule through the gui 2233:2233 :
Code:
:~# iptables -L |grep 2233
ACCEPT     tcp  --  anywhere             192.168.1.254      tcp dpt:2233
I have no need to access the router from wan via ssh, wish to only forward ssh from wan to 192.168.1.254.
If there's something obvious I missed, feel free to point it out.
Firmware Version: Neptune354 v0.2
Base source code: 1.01.12

Edit: Seems like ssh through lan works to another box behind the router, so ip neighbor must be messing things up. Yes/No?
Oh well, need to get a second nic so wol and ssh can have their own. Will let you know as soon as shops open after easter.

Edit2: Well, it works. Had to bind IP's to mac's on both the lanptop and linksys dhcp static. Strangely both IP's show on the same mac in the ARP table though. Certainly on different mac's in ifconfig on the laptop.

Author:  spooker [ 01 May 2008, 21:29 ]
Post subject:  Re: ..SSH tunneling..(Encrypt your web browsing)...........

hello everybody. Great work I have to say. Some questions by me.

1)Why can't i set the ssh server to listen on port 80???? 22 works fine. Is this a general problem or it's just mine?
2) iptables -I INPUT -p tcp -m tcp --dport 22 -j limaccept works great when executed from the shell but the next three lines
inside online.sh don't seem to work for me? Am I doing something wrong? It would be great if someone posted some detailed instruction
step by step. Where XX.XX.XX.XX i put my dyndns ip which point at the router. I believe that is valid. Isn't it?

iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j limaccept
iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j ACCEPT
iptables -A PREROUTING -p tcp -m tcp -d XX.XX.XX.XX --dport 22 -j DNAT --to-destination 192.168.1.1:22

Page 1 of 2 All times are UTC + 1 hour [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/