Results 1 to 3 of 3

Thread: How to setup SSH tunnel using the WL500

  1. #1
    Join Date
    May 2004
    Location
    France...
    Posts
    159

    Cool How to setup SSH tunnel using the WL500

    I recently begun a new job. Although the job is interesting, i was disappointed by the companie's Internet policy. Everything is tracked down and logged. Since i do not want them to see everything i might do online. It was not the matter of surfing to some porn site while at work, no, the point was that i want some privacy. I do not want my employer to see my activity on the wl500 forums .
    So i begun to seek for a solution. On i've found is tunneling over SSH. After some serches on the web and on this forum, i collected all the info i need to get this done.

    In this how to i assume that you know how to telnet to your WL500 and that you are somehow familiar to the concept o tunneling and to some basics of Linux systems. I also assume that you are running Oleg's firmware.

    By the way, tunneling is a way to overcome some of your corporate's Internet policies, do all of this stuff at your own risk. Do not blame if something bad happens to you or to your belonging.

    The information in this howto is already available on the forum, but cluttered in several topics, so i collected it together and made this howto. I made my possible to make this article accessible to mewbies.


    Firt what we need is to have a SSH daemon running in our WL500. For convenience i include how to get this done here. Original was found in hezik's howto

    Code:
    mkdir -p /usr/local/etc/dropbear
    dropbearkey -t dss -f /usr/local/etc/dropbear/dropbear_dss_host_key
    dropbearkey -t rsa -f /usr/local/etc/dropbear/dropbear_rsa_host_key
    mkdir -p /usr/local/sbin/
    echo "#!/bin/sh" >> /usr/local/sbin/post-boot
    chmod +x /usr/local/sbin/post-boot
    echo "dropbear" >> /usr/local/sbin/post-boot
    dropbear
    The above code will generate the keys reauired to encrypt the connection and also create a post-boot script that will start dropbear after each boot.


    At this point you should be able to connect to your wl500 using putty.


    We now need to enable access to ssh from wan side. I found usefulf information in kiewer's howto. Again i include this here for convenience.

    Create a post firewal script if you do not have one. The post-firewall script must reside in /usr/local/sbin/. You can use vi to create/edit your post-firewall script. Help on using vi can be found here.
    We will redirect connection on port 443 to port 22. The reason to this is that most corporate proxys will think that the data going through is regular https trafic and therefore grant you full access.

    Put this in your post-firewall script, but do not forget to change 192.168.1.1 to match your wl500's LAN ip :
    Code:
    iptables -D INPUT -j DROP
    iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j ACCEPT
    iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 443 -j DNAT --to-destination 192.168.1.1:22
    iptables -A INPUT -j DROP
    If you newly created the script do not forget to add the following line at the top of it :
    Code:
    #!/bin/sh
    After that we save our stuff so that we do not need to start over after reboot.

    Code:
    flashfs save
    flashfs commit
    flashfs enable

    Now it is time to reboot your device and go to your workplace's computer and set up Putty.
    Start Putty and go to tunnels
    Add port 3000 (or whatever you like). To do this, type 3000 in the "source port" zone, leave destination blank, check the "dynamic" box and the "Auto" box and click "Add".


    Then go to Proxy and setup the proxy setting acoording to your corporate proxy.


    Now go to session, enter the WAN address of your wl500 and set 443 as connect port.


    Click open, and login using your wl500 idenfiers.

    Now your tunnel is up and running. You can now tunnel almost any application that support SOCKS proxys.
    Setup your application to use SOCKS proxy 127.0.0.1 on port 3000.
    Last edited by max2950; 28-12-2006 at 09:08.
    The Struggle Continues...
    Asus WL500g #1 with fw 1.9.2.7-7f running as main home gateway, with Philipps PWC730k
    Asus WL500g #2 with fw 1.9.2.7-7f running as Wireless Client, running palantir 2.6 with SPCA5xx camera on 128MB generic USB key

  2. #2
    Join Date
    May 2004
    Location
    France...
    Posts
    159

    Cool VNC works too !

    I just experimented a little and succeeded in having VNC go through the tunnel !

    Here is how :
    In the "Tunnels" panel, type 5900 in "source port".
    In the "Destination" field type the LAN ip of the machine you wish to access with vnc followed by the port.
    Assume you machine's IP is 192.168.1.36, then type 192.168.1.36:5900 into "destination".
    Check the "local" box, and the "auto" box and click add.

    Now open the VNC client, enter 127.0.0.1 as the host address and you should be able to connect !
    The Struggle Continues...
    Asus WL500g #1 with fw 1.9.2.7-7f running as main home gateway, with Philipps PWC730k
    Asus WL500g #2 with fw 1.9.2.7-7f running as Wireless Client, running palantir 2.6 with SPCA5xx camera on 128MB generic USB key

  3. #3
    Join Date
    May 2004
    Location
    France...
    Posts
    159
    Yesterday in changed my BeWan ADSL2+ for the one provided by my ISP. The ISP provided modem (FreeBox) takes care of all the PPP job, so that i only need to setup the WL500 to connect using "automatic ip".

    Unfortunately, the above configuration did not work anymore and i had to change my post-boot and post-firewall scripts. I'm a big newbie when it comes to IPTables, so any suggestions are welcome.

    Here is my post-boot file
    Code:
    #!/bin/sh
    dropbear -p 22 -p 443
    Whe simply tell dropbeart to listen on port 22 and 443.
    In the post-firewall script we will open the firewall on port 443
    Code:
    #!/bin/sh
    iptables -D INPUT -j DROP
    iptables -I INPUT 2 -p tcp --syn --dport 443 -j ACCEPT
    Now it is working again. It seems that the firewall behaves differetly in PPPoE and in Automatic IP.....
    The Struggle Continues...
    Asus WL500g #1 with fw 1.9.2.7-7f running as main home gateway, with Philipps PWC730k
    Asus WL500g #2 with fw 1.9.2.7-7f running as Wireless Client, running palantir 2.6 with SPCA5xx camera on 128MB generic USB key

Similar Threads

  1. Replies: 3
    Last Post: 01-11-2014, 14:16
  2. dropbear ssh tunnel?
    By redingo in forum WL-500g Q&A
    Replies: 3
    Last Post: 16-03-2006, 12:02
  3. ssh to WL500g
    By jrogado in forum WL-500g Q&A
    Replies: 1
    Last Post: 25-02-2006, 11:02
  4. how to setup the router as acces point
    By arnold in forum WL-500g Q&A
    Replies: 0
    Last Post: 22-02-2006, 14:34
  5. SSH Tunnel to tunnel HTTP
    By fuzzi1234 in forum WL-500g Q&A
    Replies: 8
    Last Post: 08-08-2005, 08:35

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •