Posted: 8/31/2005 5:20:37 PM EDT
|
What is a relatively "quick n easy" remote proxy in a box? Something similar to www.proxify.com App that gives you a "sub-browser" from within your browser, without any need to install software on the machine used? (including Java, but if that is all there is, let me know about it...) Picture a large office. Main office "outlet" doesn't allow access to certain sites, one of which being a VPN w/https login which is needed, but may be used anywhere without software installed. Kinda like the people here who want to surf ARF from work. Same situation, very very slightly "tweaked" reason. TIA |
Only ports 53, 80, and 443 outoing allowed. Those services are needed, so I can' hijack one of them, plus, cannot install/run non std software (putty, SecureCRT, etc) but could get away with a java SSH Client w/forwarding perhaps... 
|
I'm not sure this will fit your needs and I am assuming you are using a Linux box at home that you want to remotely access for browsing purposes. I have a similar situation at my work except the standard SSH port 22 is open. In my case I use FreeNX which is similar to Remote Desktop but much more bandwidth effecient like Citrix to acess my home boxes. From their browsing from my home computer is trivial. FreeNX uses SSH as the protocol encrypting traffic. You need to install the server side on your Linux based home computer and configure it accordingly. There are Linux and Windows clients and I strongly recommend the NoMachine client. If port 22 is blocked at your office simply setup SSH on your home box for one of the ports opened on the firewall and adjust your FreeNX client accordingly. |
|
What this is for is remote admin of a network using wwwsamba to get to quickbooks However, to run ARF, it would just be a matter of plopping it in another directory (on several servers) with HTTPS, stripping meta tags, running through a rotating anonymizer service that no stateful inspection firewall would catch.  I have the groundwork all laid out, it looks like I am down to tweaking phproxy or similar to do the actual "Work" (sub-browser window) |
|
|
Use port 443, that is secure data for web traffic. You should encrypt your telnet, ssh, whatever and use that port. That way your bored network admin doesn't see something out of the ordinary as fast. Sniffers and such will eventually be your downfall. Use only when necessary. The other good things is you can remote access your files from anywhere in the world with a connection if you know what you are doing. I use a Linux Box with ssh to access my home network and connect to my Windows 2003 server to access the files. I also use it for accessing the web with my home ISP. As I said above, depending on the length of logs kept, eventually a pattern will emerge of you going to the ip of your home machine. If you cant change your home ip on a semi-normal basis, your bored netowork admin is going to track down what program on his network is talking normally to this one ip. USE AT YOUR OWN RISK I'll have to find the link that I used to set it up. do a search on ssh, fish, openshh, and learn, but, you could lose YOUR JOB if you do this. John |
|
Here is a link to help explain it and give you ideas on how to do it. Good Luck. Again, this COULD COST YOU YOUR JOB www.buzzsurf.com/surfatwork/ You will need a seperate computer at home, either linux or windows. I use a linux box. You will need to set port forwarding on your router. I do not recomend using the surf at work websites. again, the links will appear in the logs and will eventually lead to the site being blocked and traced to your computer being used to access it. If all of the above is too much. I recomend hopster.com and choose the $4.00 a month plan. John |
This isn't for surfing from work, it is for somebody else to access a private net from a secure workplace. (Kinda the same, but she isn't in risk of being fired for this, she's an accountant). Once it is up and going, I could put it on other servers I have and just point it to ARF instead, so it wouldn't be on any "known proxy" lists.
|
|
Use stunnel to SSH into Squid. You can use any one of those three ports you mentioned by using a dedicated PC running the stunnel client. So you would have something like this: Regular PC surfing the web ----> Stunnel client PC configured to forward 3128 via 443 to an IP outside of the firewall ----> <----- firewall/Public Internet -----> Linksys NAT router, have 443 forwarded into the IP of the stunnel server ---> Stunnel Server configured to receive packets on 443 and send them out via 3128/IP of Squid Proxy -> Squid Proxy server. Away you go. You can use the same scheme for your bean counting lady friend. It is called tunnelling in the network world. Stunnel creates the tunnel and also encrypts. I've used it for R&D folks to exchange files with vendors. Also use it for remote desktop for some of our server support personnel. The key is the restrictions that your firewall places on who can originate. You can find stunnel at stunnel.org Finally, be aware of your company's standard of business conduct and what that entails for network security. This could be considered as bypassing corporate network security policies which could put you at risk of termination. |