Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
tunneling through proxy
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Duplicate Threads
View previous topic :: View next topic  
Author Message
blacklisted
n00b
n00b


Joined: 23 May 2006
Posts: 65

PostPosted: Mon Jun 12, 2006 8:39 pm    Post subject: tunneling through proxy Reply with quote

The problem is that in my univ we hv access to internet through a squid webcached proxy which requires authentication, also we have nat here .
The problem is that every1 of us has same ip with respect to the internet outside our lan due to NAT (which cause a lot of problems in sites like rapidshare.
Also some of the ports are blocked by the proxy server . One of the proxy servers here actually has a HTTP:CONNECT facility for some ports( i dont know exactly what that means) . I will give u some information about it from one of our computer center sites:

Proxy and Vsnlproxy don't allow connect -HTTP CONNECT- to arbitrary ports, but Ernetproxy allows us to do so for ports greater than 1080 (infact I haven't checked throughly ..).

So what's big deal ? Dear-o-Dear, using this connect feature of ernetproxy you can connect to internet and use these services :

1. Connect to Yahoo! using Gaim.


1. Telnet to outside servers.
2. May be do FTP as well -for UPLOADING-.
3. I have never used, but most probably all the Kazaa, etc. P2P client require connect on some arbitrary port.

Some HTTP Headers will tell you hell lot of things. So I am giving out there. This is when I chained through a proxy to get a telnet access to my shell account.

CONNECT 12.231.187.185:6588 HTTP/1.0 Proxy-Authorization: Basic cXXXXXXXXXXXXXXX= Proxy-Connection: Keep-Alive Pragma: no-cache

And inside it::

CONNECT 75.44.123.123:23 HTTP/1.0 Proxy-Connection: Keep-Alive

So is there a way i can bypass the proxy server , its really important for me , plz some1 help me out.
Intricacies :: Why chain through a proxy ? Because ernet or vsnlproxy don't allow a CONNECT at port's below 1080 and ssh, ftp, telnet all are less than 1080. Note that, 12.231.187.185 is a proxy server which allows connect at 23.

Gaim also used connect to scs.yahoo.com at 5050, so it didn't work with vsnlproxy and probably also with proxy, but worked with ernetproxy.
Back to top
View user's profile Send private message
thepustule
Apprentice
Apprentice


Joined: 22 Feb 2004
Posts: 210
Location: Toronto, Canada

PostPosted: Mon Jun 12, 2006 8:57 pm    Post subject: Reply with quote

Well, technically there's probably no way to bypass that proxy, unless you want to pay for DSL on your phone line and stop using the university's network. That may not even be possible anyway.

If you can manage to get a machine outside the university network somewhere, you could connect to it using OpenVPN over TCP. With this method, OpenVPN will even do https-proxy connections - and even on port 443 if you wish. Once you have that up and running, you can send ANY traffic through the OpenVPN tunnel.
Back to top
View user's profile Send private message
blacklisted
n00b
n00b


Joined: 23 May 2006
Posts: 65

PostPosted: Mon Jun 12, 2006 9:10 pm    Post subject: Reply with quote

thanks for ur reply , well i have a pc at home , so how do i setup VPN as u just said?
Back to top
View user's profile Send private message
thepustule
Apprentice
Apprentice


Joined: 22 Feb 2004
Posts: 210
Location: Toronto, Canada

PostPosted: Mon Jun 12, 2006 9:41 pm    Post subject: Reply with quote

Wheee!

That's a big question. I would suggest you go to http://www.openvpn.net and read through the docs in detail, doing some practice setups. They have some really nice examples in there which should get you started.

I have tried almost every VPN technology out there that i could find, and OpenVPN is BY FAR the best one. It's well worth the effort to learn it.
Back to top
View user's profile Send private message
guero61
l33t
l33t


Joined: 14 Oct 2002
Posts: 811
Location: Behind you

PostPosted: Mon Jun 12, 2006 10:55 pm    Post subject: Reply with quote

You've already asked this question three times in various forms.

https://forums.gentoo.org/viewtopic-t-469423-highlight-.html
https://forums.gentoo.org/viewtopic-t-470197-highlight-.html
https://forums.gentoo.org/viewtopic-t-470840-highlight-.html

Why do you continue to try to get us to help you circumvent security and network control measures at your college?

[edit]
took off the one about DNS entries. Even so.
[/edit]
Back to top
View user's profile Send private message
Gergan Penkov
Veteran
Veteran


Joined: 17 Jul 2004
Posts: 1464
Location: das kleinste Kuhdorf Deutschlands :)

PostPosted: Mon Jun 12, 2006 11:05 pm    Post subject: Reply with quote

well circumventing uni's security is not always too bad, I was on such idiotic tight-firewalled internet, and wasn't able to rsync or use svn because of it :), till I found proxychains :) (in fact tor could do this as well)
_________________
"I knew when an angel whispered into my ear,
You gotta get him away, yeah
Hey little bitch!
Be glad you finally walked away or you may have not lived another day."
Godsmack
Back to top
View user's profile Send private message
guero61
l33t
l33t


Joined: 14 Oct 2002
Posts: 811
Location: Behind you

PostPosted: Mon Jun 12, 2006 11:11 pm    Post subject: Reply with quote

Gergan Penkov wrote:
well circumventing uni's security is not always too bad
Until he gets escorted off-campus.

Gergan Penkov wrote:
and wasn't able to rsync or use svn because of it

Still doesn't mean it's right. There's always emerge-webrsync and the http interfaces to SVN. It doesn't matter if your uni. security staff doesn't have a policy alteration request process, they've got it closed for one reason or another.

I only say this because I've seen several people walked off-campus, both in college and in a professional capacity. If reported, your probability for acquiring an IT or security job pretty much goes out of the window.
Back to top
View user's profile Send private message
thepustule
Apprentice
Apprentice


Joined: 22 Feb 2004
Posts: 210
Location: Toronto, Canada

PostPosted: Tue Jun 13, 2006 2:58 am    Post subject: Reply with quote

I wouldn't worry about it. Tunnelling various types of traffic through an http-only proxy is an interesting technical challenge, which will probably take 6 or 7 all-nighters with the OpenVPN docs and a lot of networking and routing self-study.

I figure if the person involved is asking "how do u do that?" on this forum, there's about a 90% chance he won't have the attention span or patience to figure it out anyways, and if he is in that other 10% who does - well then we have another up-and-coming network guru, which is a good thing anyways. I'd hire him myself in that case.
Back to top
View user's profile Send private message
kallamej
Administrator
Administrator


Joined: 27 Jun 2003
Posts: 4830
Location: Gothenburg, Sweden

PostPosted: Tue Jun 13, 2006 7:37 am    Post subject: Reply with quote

One thread on the same topic is enough. See links above.

Moved from Networking & Security to Duplicate Threads.
_________________
Please read our FAQ Forum, it answers many of your questions.
irc: #gentoo-forums on irc.freenode.net
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Duplicate Threads All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum