2012/02/27

SSH tunnel + socks proxy 穿透防火牆

情境
1. 無論是想從家裡連回公司的serve去做事


2. 或是想從公司逃離MIS的掌控 (有些公司會禁止使用MSN或是禁止上facebook)

SSH tunnel + socks proxy都可以幫你解決



建立Tunnel
Unix系統,使用command line
$ ssh -D localhost:3128 username@hostname.com
沒錯,就是加了-D的參數
-D [bind_address:]port Specifies a local ``dynamic'' application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the con- figuration file.
連線建立起來以後,localhost:3128就是一個socks proxy server


應用程式設定
IE設定:網際網路選項->連線->區域網路設定->進階->Socks


MSN設定:選項->連線->進階設定->SOCKS


之後應用程式所有的連線都會透過tunnel傳到遠端主機上再出去 :)


後續
做這些動作的前提是你要有辦法建立這條ssh tunnel,如果公司連ssh都檔掉的話,那就沒轍摟。
有些公司無法直接從家裡連線過去,搭配ssh反向連線(reverse tunnel)一樣可以突破。


沒有留言:

張貼留言