Linux Blog

Linux Tunneling Techniques

Filed under: Linux Software — TheLinuxBlog.com at 4:59 am on Wednesday, November 10, 2010


Video completely unrelated.
Ever tunneled or used tunneling for mobile Internet? Perhaps you have needed to otherwise tunnel to bypass a restrictive firewall or for a secure channel on an insecure wireless network. It seems that everyone knows how to tunnel using the ssh socks support and how to use Firefox’s about:config screen to set it to use a socks and remote DNS. While this is great for occasional web browsing it only takes you so far.

tsocks is a great application to let you tunnel other programs over socks. Its easy to install on most distributions and allows you to use many command line applications. I’ve used it on a number of occasions successfully and while it does its job its not the the best solution. This is because it was last updated in 2002 and doesn’t perform DNS lookups. I found myself using it to SSH to an IP address (memorized, or looked up through another SSH session) and using applications on the remote server.

proxychains is a bit of a better tunneling solution, it works the similarly to tsocks but It also resolves DNS and can chain multiple proxies. I’ve used it on numerous occasions with great success. ssh, lynx, lftp, irssi and a whole bunch of others work without any problems. Another plus is it has also been updated in the last 5 years (but not by much.)

One application I haven’t yet had the pleasure of trying on the desktop is 3proxy. I have used it on the iPhone but ended up using the ssh socks method more often. From its yum description and feature list, it sounds very promising and one definitely worth looking into.

Speaking from experience I know its kind of difficult to browse your distributions web repositories to find the files you need and install them (I had to do this since I didn’t have them) so I recommend you download these applications and save yourself some time before you need them on the road.

Use VNC through SSH

Filed under: Quick Linux Tutorials — TheLinuxBlog.com at 11:33 am on Thursday, November 20, 2008

Here is another quick tutorial;

Some times its nice to tunnel through SSH. Perhaps you have SSH running but the firewall does not allow anything but SSH in. You can tunnel VNC (or any other service) through SSH by doing the following:

On the machine local to you establish an SSH connection to the remote machine with “Local (-L)”¬† port forwarding. This may seem confusing and often confuses me, where [-p PORT] is optional

 ssh -L 5901:localhost:5900 username@HOST [-p PORT];

Once I have the connection established I can now use vncviewer to connect to my local host with the port specified

vncviewer  localhost:5901

Thats all there is to it, have fun!

htaccess allow from

Filed under: General Linux — TheLinuxBlog.com at 10:32 am on Tuesday, September 9, 2008

htaccess allow from gives you the ability to allow (or deny) specific IP’s or domain names from a directory on your server. To do this the syntax is quite simple. Using VIM or nano open up the .htaccess file in the directory that you want to restrict access to. You need to add the following:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1 <ip></ip>

This allows access from your local host and the IP address you specify. Using .htaccess you can also allow by host name. This is useful if you wish to allow or deny a friend access to a directory. (note: it will also work if you have them in your hosts file)

Order Deny,Allow
Deny from all
Allow from LinuxBlog
Allow from .thelinuxblog.com

Using htaccess to allow from your LAN is also pretty easy. You use your CIDR address (ip/subnet) to do this try something like this (changing to match your LAN):

Order Deny,Allow
Deny from all
Allow from 192.168.1.1/24

I run into htaccess allow problems a lot, and hope that this will clear the air up for me. htaccess can be very handy if you do not want to keep turning your firewall on and off, but do not want your directories wide open. Just remember, if you want to stop everyone except those you choose to access your apache web directories, use htaccess allow from!