Deprecated: Function set_magic_quotes_runtime() is deprecated in /membri/cyberstorm/phpBB3/common.php on line 106

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 472

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /membri/cyberstorm/phpBB3/includes/bbcode.php on line 112
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3390: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3392: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3393: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3394: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:472)
Neptune354 • View topic - ..SSH tunneling..(Encrypt your web browsing)...........




Neptune354


SORRY GUYS; DUE TO A BIG AMOUNT OF SPAM I HAVE BLOCKED ALL THE FORUM ACTIVITY :-/
It is currently 30 Nov 2022, 15:16

All times are UTC + 1 hour [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 13 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: ..SSH tunneling..(Encrypt your web browsing)...........
PostPosted: 20 Feb 2008, 20:33 
Offline
 Profile

Joined: 22 Jan 2008, 21:17
Posts: 15
Hi All

I’m trying to create a HTTP proxy using SSH tunnelling…. i.e gets
around my companies firewall (which allows SSH on port 22).

Neptune354g v0.2
Remote administration works – tested

However I can’t get SSH to work, I’m using putty as the client,
from reading through various mails it seems that this may not
work from the remote side. Local connection works find.

1. Can someone please confirm this?

2. Some post suggest running a script and modifying IP tables.
Can some put me in the right direction how to do this?

3. I’ve booked out the source, as I want to lean embedded linux,
which I shall attempt to compile under VMware via ubuntu.
Question how do I book out version 0.1?

Please note I’m windows user so I have a big learning curve….

Any help is greatly appreciated

Rickster24


Top
 

 Post subject: Re: ..SSH tunneling..(Encrypt your web browsing)...........
PostPosted: 27 Feb 2008, 12:54 
Offline
Site Admin
 Profile

Joined: 04 Jun 2007, 17:55
Posts: 67
hi, by default SSH does not accept connection from WAN, you should add a pair of iptables lines to the online script, I already written it somewhere, just look around here on my site.

Quote:
3. I’ve booked out the source, as I want to lean embedded linux,
which I shall attempt to compile under VMware via ubuntu.
Question how do I book out version 0.1?


what do u mean with book out? Source code is on SVN, it's all written on my site. Honestly i dont remember with SVN revision correspond to v0.1 but why not just check out the HEAD (v0.2) ?

Ubuntu + VMWare is OK, it may just be a bit slow in compiling. I wrote a guide about compiling sources, it's on my site. You just need to get the right toolchain and install some devel packages on ubi.


Top
 

 Post subject: Re: ..SSH tunneling..(Encrypt your web browsing)...........
PostPosted: 05 Mar 2008, 23:11 
Offline
 Profile

Joined: 22 Jan 2008, 21:17
Posts: 15
Thanks for the reply Cyberstorm - Apologies for my delay……

what do u mean with book out? Source code is on SVN, it's all written on my site. Honestly i dont remember with SVN revision correspond to v0.1 but why not just check out the HEAD (v0.2) ?

I mean check out (I’ve not used SVN)…..only because I wanted to see the changes made from 0.1 to 0.2 - learning exercise

I’ve now checked out the head (v0.2)……….

Compiling – thanks for your guide (Help)
http://cyberstorm.altervista.org/wag354g/guides/howto_build_en.txt

I’ve installed all the packages as specified, registered the tools etc… attempted to compile……….fixed the make file as specified in the guide i.e.

if [ "$${CONFIG_MODULES}" = "y" ] ; then \
In both cases, two lines beyond, there is this:
fi ) \

Cange it in:

fi ; \

When compiling WAG354G-EU-v1_01_11-00……………………………………………

The first error I get which I can not resolve is

nflate.c:1307: warning: implicit declaration of function `cm_hwDecodeLZMA'
inflate.c:1288: warning: unused variable `inflate_slide_window'
inflate.c: At top level:
gzip.h:10: warning: `output_data' defined but not used
gzip.h:11: warning: `output_ptr' defined but not used
gzip.h:19: warning: `window' defined but not used
gzip.h:20: warning: `inptr' defined but not used
gzip.h:21: warning: `outcnt' defined but not used
gzip.h:33: warning: `input_data' defined but not used
mips_fp_le-objcopy -S -O binary /home/rick/Desktop/router/LinksysV11/WAG354G-EU-v1_01_11-00/src/linux/linux-2.4.17_mvl21/vmlinux zimage
if [ -e ../../../../../../../../gtnsp/tools/bin/7zip ]; then \
../../../../../../../../gtnsp/tools/bin/7zip zimage zimage.7z; \
else \
if [ -e ../../../../../tools/7zip ]; then \
../../../../../tools/7zip zimage zimage.7z; \
else \
7zip zimage zimage.7z; \
fi; \
fi
../../../../../tools/7zip: error while loading shared libraries: libstdc++-libc6.2-2.so.3: cannot open shared object file: No such file or directory
make[2]: *** [zimage.7z] Error 127
make[2]: Leaving directory `/home/rick/Desktop/router/LinksysV11/WAG354G-EU-v1_01_11-00/src/linux/linux-2.4.17_mvl21/arch/mips/mips-boards/ti_avalanche/inflater'
make[1]: *** [ram_zimage] Error 2


When compiling Neptune354gv0.2……………………………………………

make[2]: Leaving directory `/home/rick/Desktop/router/v0.2checkOut/trunk/router/zebra'
Making clean in doc
make[2]: Entering directory `/home/rick/Desktop/router/v0.2checkOut/trunk/router/zebra/doc'
cd .. && automake --foreign --include-deps doc/Makefile
configure.in:10: your implementation of AM_INIT_AUTOMAKE comes from an
configure.in:10: old Automake version. You should recreate aclocal.m4
configure.in:10: with aclocal and run automake again.
make[2]: *** [Makefile.in] Error 63
make[2]: Leaving directory `/home/rick/Desktop/router/v0.2checkOut/trunk/router/zebra/doc'
make[1]: *** [clean-recursive] Error 1
make[1]: Leaving directory `/home/rick/Desktop/router/v0.2checkOut/trunk/router/zebra'
make: *** [zebra-clean] Error 2
rick@rick-desktop:~/Desktop/router/v0.2checkOut/trunk$ B


Not sure they are related..............???


hi, by default SSH does not accept connection from WAN, you should add a pair of iptables lines to the online script, I already written it somewhere, just look around here on my site.


Thanks I found it and shall try it………..
http://192.168.1.1/Port_Services.asp - would this hidden page do the same, or is it just a waste of time (!!!!! does not work -- Ignore this line !!!!!!)

Any help greatly appreciated

Thanks Rick


Top
 

 Post subject: Re: ..SSH tunneling..(Encrypt your web browsing)...........
PostPosted: 10 Mar 2008, 21:39 
Offline
 Profile

Joined: 22 Jan 2008, 21:17
Posts: 15
For others....iptable info can be found here....

http://groups.google.it/group/neptune35 ... gst&rnum=3
viewtopic.php?f=8&t=9
http://cyberstorm.altervista.org/?p=31

I've performed the following from one of the guides above .........
change router-ip and ssh-port and wan-router-ip to your values.
Last rule may be optional, try and let me know if it works

iptables -A INPUT -p tcp -m tcp -d router-ip --dport ssh-port -j limaccept
iptables -A INPUT -p tcp -m tcp -d router-ip --dport ssh-port -j ACCEPT
iptables -A PREROUTING -p tcp -m tcp -d wan-router-ip --dport ssh-port -j DNAT --to-destination router-ip:ssh-port


For my setup this is as follows....
Code:
iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j limaccept
iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j ACCEPT
iptables -A PREROUTING -p tcp -m tcp -d XX.XX.XX.XX --dport 22 -j DNAT --to-destination 192.168.1.1:22

Where XX.XX.XX.XX is my routers external ipaddress

The last line gives the following error..........
iptables: No chain/target/match by that name
The author believes the last rule may be optional? I can only test tomorrow and I'll update as necessary

Any ideas?
Is there any other way of getting the wan-router-ip instead of typing it in


Top
 

 Post subject: Re: ..SSH tunneling..(Encrypt your web browsing)...........
PostPosted: 14 Mar 2008, 20:27 
Offline
 Profile

Joined: 22 Jan 2008, 21:17
Posts: 15
It works really well (just one issue to solve) then I'll write a small guide


Top
 

 Post subject: Re: ..SSH tunneling..(Encrypt your web browsing)...........
PostPosted: 16 Mar 2008, 10:23 
Offline
Site Admin
 Profile

Joined: 04 Jun 2007, 17:55
Posts: 67
great! If you are able to send me a patch I will add it as an option to the firmware


Top
 

 Post subject: Re: ..SSH tunneling..(Encrypt your web browsing)...........
PostPosted: 18 Mar 2008, 21:43 
Offline
 Profile

Joined: 22 Jan 2008, 21:17
Posts: 15
All - Just a quick update...

To add external SSH access the following line can be entered from the shell..
Code:
iptables -I INPUT -p tcp -m tcp --dport 22 -j limaccept

(22 or whatever port you have selected)

Note1. limaccept used as this shall cause a log entry in the firewall log
Note2. The last line of the INPUT section in the iptable is a catch all, any other inputs
are rejected. Therefore the -A (append) command shall never work. The -I (insert)
command adds the new rule at the beginning of the list.


i.e. after applying the command you get
use the command
Code:
iptables -L INPUT


Chain INPUT (policy ACCEPT)
target prot opt source destination
limaccept tcp -- anywhere anywhere tcp dpt:ssh
limaccept udp -- anywhere anywhere udp dpt:tftp
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
....etc


Top
 

 Post subject: Re: ..SSH tunneling..(Encrypt your web browsing)...........
PostPosted: 18 Mar 2008, 22:16 
Offline
 Profile

Joined: 22 Jan 2008, 21:17
Posts: 15
I've created this script file online.sh to run when ADSL connects (i.e.
selected to run from the Administration page) Contains debug info

Code:
[size=85]#!/bin/sh
#
# add external SSH access
#
#debug
echo "Script Started" 1>>/mnt/online.txt
echo $PATH 1>>/mnt/online.txt
#
# small delay to allow the interface to be enabled (does not work)
sleep 5

#debug - display current iptables
iptables -L INPUT 1>>/mnt/online.txt

iptables -I INPUT -p tcp -m tcp --dport 22 -j limaccept

#debug - display iptables after adding new rule
iptables -L INPUT 1>>/mnt/online.txt

# online2.sh &   tried creating a script to run in the background (does not work)

echo "Script Ended" 1>>/mnt/online.txt[/size]


This script creates online.txt file when it runs...........
(Notes - do not use this file its only for debug info)


When ADSL connects...it does enable/add the SSH rule but gets immediately
over written (a delay in this file makes no difference)
I've tried calling another script from this file to run in the background, but it does not work...
(The issue being the restriction placed on this call eval("sh","/mnt/online.sh"); I guess)

If any one knows a quick work around please let us know?

To cyberstorm, possibly the call run_online_sh() could go at the end of the function
start_wan_done(char *wan_ifname)?
I would test, but still have compile issues (which I have avoided)
(Only a change to the iptables is required (if we can get the script file working no change is required))

I hope this helps (I shall add a quick guide, how to set up putty and firefox for tunneling)

P.S. Other, I've never user SSH/tunneling before, but I was impressed when I could use the shell and surf the
web at the same time.


Top
 

 Post subject: Re: ..SSH tunneling..(Encrypt your web browsing)...........
PostPosted: 24 Mar 2008, 14:35 
Offline
 Profile

Joined: 24 Mar 2008, 14:18
Posts: 1
Hi,
I'm a bit stuck on wol and ssh forward.
The
Code:
ip neighbor add 192.168.1.254 lladdr ff:ff:ff:ff:ff:ff dev br0 nud permanent
bit works wonders for wol, but I simply cannot connect trough wan with ssh. On lan it works.
Have made a port forward rule through the gui 2233:2233 :
Code:
:~# iptables -L |grep 2233
ACCEPT     tcp  --  anywhere             192.168.1.254      tcp dpt:2233
I have no need to access the router from wan via ssh, wish to only forward ssh from wan to 192.168.1.254.
If there's something obvious I missed, feel free to point it out.
Firmware Version: Neptune354 v0.2
Base source code: 1.01.12

Edit: Seems like ssh through lan works to another box behind the router, so ip neighbor must be messing things up. Yes/No?
Oh well, need to get a second nic so wol and ssh can have their own. Will let you know as soon as shops open after easter.

Edit2: Well, it works. Had to bind IP's to mac's on both the lanptop and linksys dhcp static. Strangely both IP's show on the same mac in the ARP table though. Certainly on different mac's in ifconfig on the laptop.


Top
 

 Post subject: Re: ..SSH tunneling..(Encrypt your web browsing)...........
PostPosted: 01 May 2008, 21:29 
Offline
 Profile

Joined: 01 May 2008, 21:24
Posts: 2
hello everybody. Great work I have to say. Some questions by me.

1)Why can't i set the ssh server to listen on port 80???? 22 works fine. Is this a general problem or it's just mine?
2) iptables -I INPUT -p tcp -m tcp --dport 22 -j limaccept works great when executed from the shell but the next three lines
inside online.sh don't seem to work for me? Am I doing something wrong? It would be great if someone posted some detailed instruction
step by step. Where XX.XX.XX.XX i put my dyndns ip which point at the router. I believe that is valid. Isn't it?

iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j limaccept
iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j ACCEPT
iptables -A PREROUTING -p tcp -m tcp -d XX.XX.XX.XX --dport 22 -j DNAT --to-destination 192.168.1.1:22


Top
 

Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 13 posts ]  Go to page 1, 2  Next

All times are UTC + 1 hour [ DST ]



Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group  
Design By Poker Bandits