[TriLUG] Stump the Chumps! ssh tunneling

Tanner Lovelace lovelace at trilug.org
Thu Jun 5 21:19:05 EDT 2003 

Tarus Balog wrote:
> Gang:
> 
> Okay, time for Stump the Chumps.
> 
> Disclaimer: the following scenario discusses trying to get around a 
> network access roadblock. This was done on a network I had full 
> permission to use (I was in a bank right next to the AS/400 with all the 
> money) so it in no way is requesting help for an illegal activity.
> 
> I was at a customer site installing Linux on what used to be Novell 
> server. The network manager was on vacation, so I was pretty much left 
> with a page of instructions and someone who could point out the machine 
> in a lineup.
> 
> I installed the O/S and then went to use apt-for-rpm from freshrpms.net. 
> Unfortunately, HTTP on port 80 was set up to be redirected to a Novell 
> Border Manager box, who's client promptly wet the bed with Mozilla.
> 
> Now, ftp, ssh and other protocols were open, so I was able to get out on 
> the internet. For example, if I wanted to see the main CNN page I could 
> run:
> 
> ssh -L 80:cnn.com:80 sortova.com
> 
> and then point the browser to "localhost" and it worked.
> 
> However, apt for rpm accessed the freshrpms.net site which used a 
> redirect (not the right term - more like an alias - but you get the 
> meaning). Since this redirect was seen by the browser as a move from 
> "localhost" to another site, it would attempt to access port 80 on that 
> site and promptly be caught by the Border Manager.
> 
> Quiz time: using the tools at hand, is there a way to tunnel *all* http 
> traffic through the ssh tunnel?
> 

This should be possible using some combination of iptables and
ssh.  I'm not sure what the commands would be, though.
Anyone else have an idea?

Tanner
--
Tanner Lovelace |  lovelace(at)trilug.org  | http://www.trilug.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
Have we sent the "Don't shoot, we're pathetic" transmission yet?
                                  Commander John Crichton (Farscape)

More information about the TriLUG mailing list