max2950
30-11-2006, 22:21
I recently begun a new job. Although the job is interesting, i was disappointed by the companie's Internet policy. Everything is tracked down and logged. Since i do not want them to see everything i might do online. It was not the matter of surfing to some porn site while at work, no, the point was that i want some privacy. I do not want my employer to see my activity on the wl500 forums ;).
So i begun to seek for a solution. On i've found is tunneling over SSH. After some serches on the web and on this forum, i collected all the info i need to get this done.
In this how to i assume that you know how to telnet to your WL500 and that you are somehow familiar to the concept o tunneling and to some basics of Linux systems. I also assume that you are running Oleg's firmware.
By the way, tunneling is a way to overcome some of your corporate's Internet policies, do all of this stuff at your own risk. Do not blame if something bad happens to you or to your belonging.
The information in this howto is already available on the forum, but cluttered in several topics, so i collected it together and made this howto. I made my possible to make this article accessible to mewbies.
Firt what we need is to have a SSH daemon running in our WL500. For convenience i include how to get this done here. Original was found in hezik's howto (http://wl500g.info/showthread.php?t=1984)
mkdir -p /usr/local/etc/dropbear
dropbearkey -t dss -f /usr/local/etc/dropbear/dropbear_dss_host_key
dropbearkey -t rsa -f /usr/local/etc/dropbear/dropbear_rsa_host_key
mkdir -p /usr/local/sbin/
echo "#!/bin/sh" >> /usr/local/sbin/post-boot
chmod +x /usr/local/sbin/post-boot
echo "dropbear" >> /usr/local/sbin/post-boot
dropbear
The above code will generate the keys reauired to encrypt the connection and also create a post-boot script that will start dropbear after each boot.
At this point you should be able to connect to your wl500 using putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html).
We now need to enable access to ssh from wan side. I found usefulf information in kiewer's (http://wl500g.info/showthread.php?t=2074) howto. Again i include this here for convenience.
Create a post firewal script if you do not have one. The post-firewall script must reside in /usr/local/sbin/. You can use vi to create/edit your post-firewall script. Help on using vi can be found here (http://unixhelp.ed.ac.uk/vi/index.html).
We will redirect connection on port 443 to port 22. The reason to this is that most corporate proxys will think that the data going through is regular https trafic and therefore grant you full access.
Put this in your post-firewall script, but do not forget to change 192.168.1.1 to match your wl500's LAN ip :
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 443 -j DNAT --to-destination 192.168.1.1:22
iptables -A INPUT -j DROP
If you newly created the script do not forget to add the following line at the top of it :
#!/bin/sh
After that we save our stuff so that we do not need to start over after reboot.
flashfs save
flashfs commit
flashfs enable
Now it is time to reboot your device and go to your workplace's computer and set up Putty. (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
Start Putty and go to tunnels
Add port 3000 (or whatever you like). To do this, type 3000 in the "source port" zone, leave destination blank, check the "dynamic" box and the "Auto" box and click "Add".
http://www.planetemax.com/ext/forums/wl500/putty_tun.png
Then go to Proxy and setup the proxy setting acoording to your corporate proxy.
http://www.planetemax.com/ext/forums/wl500/putty_proxy.png
Now go to session, enter the WAN address of your wl500 and set 443 as connect port.
http://www.planetemax.com/ext/forums/wl500/putty_session.png
Click open, and login using your wl500 idenfiers.
Now your tunnel is up and running. You can now tunnel almost any application that support SOCKS proxys.
Setup your application to use SOCKS proxy 127.0.0.1 on port 3000.
So i begun to seek for a solution. On i've found is tunneling over SSH. After some serches on the web and on this forum, i collected all the info i need to get this done.
In this how to i assume that you know how to telnet to your WL500 and that you are somehow familiar to the concept o tunneling and to some basics of Linux systems. I also assume that you are running Oleg's firmware.
By the way, tunneling is a way to overcome some of your corporate's Internet policies, do all of this stuff at your own risk. Do not blame if something bad happens to you or to your belonging.
The information in this howto is already available on the forum, but cluttered in several topics, so i collected it together and made this howto. I made my possible to make this article accessible to mewbies.
Firt what we need is to have a SSH daemon running in our WL500. For convenience i include how to get this done here. Original was found in hezik's howto (http://wl500g.info/showthread.php?t=1984)
mkdir -p /usr/local/etc/dropbear
dropbearkey -t dss -f /usr/local/etc/dropbear/dropbear_dss_host_key
dropbearkey -t rsa -f /usr/local/etc/dropbear/dropbear_rsa_host_key
mkdir -p /usr/local/sbin/
echo "#!/bin/sh" >> /usr/local/sbin/post-boot
chmod +x /usr/local/sbin/post-boot
echo "dropbear" >> /usr/local/sbin/post-boot
dropbear
The above code will generate the keys reauired to encrypt the connection and also create a post-boot script that will start dropbear after each boot.
At this point you should be able to connect to your wl500 using putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html).
We now need to enable access to ssh from wan side. I found usefulf information in kiewer's (http://wl500g.info/showthread.php?t=2074) howto. Again i include this here for convenience.
Create a post firewal script if you do not have one. The post-firewall script must reside in /usr/local/sbin/. You can use vi to create/edit your post-firewall script. Help on using vi can be found here (http://unixhelp.ed.ac.uk/vi/index.html).
We will redirect connection on port 443 to port 22. The reason to this is that most corporate proxys will think that the data going through is regular https trafic and therefore grant you full access.
Put this in your post-firewall script, but do not forget to change 192.168.1.1 to match your wl500's LAN ip :
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp -m tcp -d 192.168.1.1 --dport 22 -j ACCEPT
iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 443 -j DNAT --to-destination 192.168.1.1:22
iptables -A INPUT -j DROP
If you newly created the script do not forget to add the following line at the top of it :
#!/bin/sh
After that we save our stuff so that we do not need to start over after reboot.
flashfs save
flashfs commit
flashfs enable
Now it is time to reboot your device and go to your workplace's computer and set up Putty. (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
Start Putty and go to tunnels
Add port 3000 (or whatever you like). To do this, type 3000 in the "source port" zone, leave destination blank, check the "dynamic" box and the "Auto" box and click "Add".
http://www.planetemax.com/ext/forums/wl500/putty_tun.png
Then go to Proxy and setup the proxy setting acoording to your corporate proxy.
http://www.planetemax.com/ext/forums/wl500/putty_proxy.png
Now go to session, enter the WAN address of your wl500 and set 443 as connect port.
http://www.planetemax.com/ext/forums/wl500/putty_session.png
Click open, and login using your wl500 idenfiers.
Now your tunnel is up and running. You can now tunnel almost any application that support SOCKS proxys.
Setup your application to use SOCKS proxy 127.0.0.1 on port 3000.