[gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Mick]

[-- Attachment #1: Type: text/plain, Size: 714 bytes --]

Hi All,

Apologies for the off-topic post but I thought to ask here because there have 
been a couple of threads in the past where embedded Linux OS' for hardware 
routers were discussed and that may offer a solution to my problem.

I would like to be able to tunnel through ssh to my home router (netgear 
DG834) from random public wifi access points, for the purpose of connecting 
through my own ISP to the internet for internet browsing and email.

I do not want to run a PC behind the router.  Instead, I am looking for an 
enhanced hardware router type of solution.  Would you perhaps know of either 
a COTS product, or a Linux embedded approach to fulfil this requirement?
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Uwe Thiem]

On 05 January 2007 14:22, Mick wrote:
> Hi All,
>
> Apologies for the off-topic post but I thought to ask here because there
> have been a couple of threads in the past where embedded Linux OS' for
> hardware routers were discussed and that may offer a solution to my
> problem.
>
> I would like to be able to tunnel through ssh to my home router (netgear
> DG834) from random public wifi access points, for the purpose of connecting
> through my own ISP to the internet for internet browsing and email.

What do you mean by tunnelling? Do you want an IP layer tunnelled through ssh? 
Bad idea! I means TCP over TCP which is bound to fail when the outer and 
inner TCP timeouts get out of sync.

Uwe

-- 
A fast and easy generator of fractals for KDE:
http://www.SysEx.com.na/iwy-1.0.tar.bz2
Proof of concept of a TSP solver for KDE:
http://www.SysEx.com.na/epat-0.1.tar.bz2
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Uwe Thiem wrote:
> What do you mean by tunnelling? Do you want an IP layer tunnelled through ssh? 
> Bad idea! I means TCP over TCP which is bound to fail when the outer and 
> inner TCP timeouts get out of sync.

More about that here:

"Why TCP over TCP is a Bad Idea"
http://sites.inka.de/sites/bigred/devel/tcp-tcp.html

- --
Arturo "Buanzo" Busleiman - Consultor Independiente en Seguridad Informatica
¿No sabés a dónde ir a comer o tomar algo? Visitá www.vivamoslavida.com.ar
LISTA DE CASAMIENTO: Cualquier Fravega a nombre de Busleiman (37520).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFnl3yAlpOsGhXcE0RAkajAJ90jlI+bZVDTKv3S3jMrjXW/YN0jwCfexID
xzEtpVQfcssq6FHCd8uNPWA=
=E1fU
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Mick]

[-- Attachment #1: Type: text/plain, Size: 591 bytes --]

On Friday 05 January 2007 14:17, Arturo 'Buanzo' Busleiman wrote:
> Uwe Thiem wrote:
> > What do you mean by tunnelling? Do you want an IP layer tunnelled through
> > ssh? Bad idea! I means TCP over TCP which is bound to fail when the outer
> > and inner TCP timeouts get out of sync.
>
> More about that here:
>
> "Why TCP over TCP is a Bad Idea"
> http://sites.inka.de/sites/bigred/devel/tcp-tcp.html

Hmm, that explains why running VCN through ssh gets a bit ropy at times?  So, 
is port forwarding for browsing and emails through ssh a bad idea then?

-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Etaoin Shrdlu]

On Friday 5 January 2007 16:53, Mick wrote:

> > More about that here:
> >
> > "Why TCP over TCP is a Bad Idea"
> > http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
>
> Hmm, that explains why running VCN through ssh gets a bit ropy at
> times? 

Do you mean VNC?

> So, is port forwarding for browsing and emails through ssh a 
> bad idea then?

No, because with ssh port forwarding you just forward the data coming       
from/going to the application (eg, mailreader) without stacking 
additional protocols (as in, for example, ppp or ip over ssh), for which 
you need some way of forwarding IP-or-lower-level data between 
interfaces (for example, using tun/tap).
Some programs (like openvpn) overcome the issue by using tcp-over-udp by 
default.
And, anyway, tcp over tcp is a bad idea, but that does not necessarily 
mean that it won't work. It will most likely fail when the transport 
link is slow or error prone.
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Mick]

[-- Attachment #1: Type: text/plain, Size: 1815 bytes --]

On Friday 05 January 2007 17:00, Etaoin Shrdlu wrote:
> On Friday 5 January 2007 16:53, Mick wrote:
> > > More about that here:
> > >
> > > "Why TCP over TCP is a Bad Idea"
> > > http://sites.inka.de/sites/bigred/devel/tcp-tcp.html
> >
> > Hmm, that explains why running VCN through ssh gets a bit ropy at
> > times?
>
> Do you mean VNC?

Yes, if only I could type properly!  ;-)

> > So, is port forwarding for browsing and emails through ssh a
> > bad idea then?
>
> No, because with ssh port forwarding you just forward the data coming
> from/going to the application (eg, mailreader) without stacking
> additional protocols (as in, for example, ppp or ip over ssh), for which
> you need some way of forwarding IP-or-lower-level data between
> interfaces (for example, using tun/tap).
> Some programs (like openvpn) overcome the issue by using tcp-over-udp by
> default.

OK.  I don't think I need to run a full VPN.  I just want to securely connect 
to my router at home while I am out & about using public wifi hot spots and 
thereby to be able to connect to the internet using my ISP for browsing & 
email.  The only ports I should need to forward via ssh to the router/server 
are those serving http/https for browsing and 110/995/143/25/587 for email.

If the above assumptions are correct then what sort of a hardware router would 
I need?  (Either a straight off the shelf product, or one with modified 
firmware).

Friends and colleagues often ask me how to achieve this, but all I 
can think is running a PC on the LAN as a server for this purpose - isn't this 
effectively a SOCKS5 server or am I getting mixed up here?

No idea how to achieve the same functionality using the embedded OS of a 
hardware router.

Thank you for your help.
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Etaoin Shrdlu]

On Friday 5 January 2007 21:25, Mick wrote:

> OK.  I don't think I need to run a full VPN.  I just want to securely
> connect to my router at home while I am out & about using public wifi
> hot spots and thereby to be able to connect to the internet using my
> ISP for browsing & email.  The only ports I should need to forward via
> ssh to the router/server are those serving http/https for browsing and
> 110/995/143/25/587 for email.

If I understand correctly then, you need ssh (and a public IP address) 
running on the router.
For reading and sending email the setup is straightforward: just forward 
each of the ports you mentioned above to the appropriate server (via the 
router), set up your email program accordingly, and you're done. This 
way, your email data will go from your computer (wherever you are) to 
your router via the ssh tunnel, and from there (using your ISP 
connectivity) to the desired servers.

For browsing the internet, the setup is just a little bit more complex. 
At least, you need a http proxy running on the router (like squid), then 
do port forwarding for ports 80, 443, etc. and set up your browser 
accordingly to use the proxy. This way, your http requests are sent to 
the proxy via the ssh tunnel, and from there go to the their intended 
destinations using your ISP connectivity.

> If the above assumptions are correct then what sort of a hardware
> router would I need?  (Either a straight off the shelf product, or one
> with modified firmware).
>[cut]
> No idea how to achieve the same functionality using the embedded OS of
> a hardware router.

Never used it myself, but take a look at the openwrt project.
>From what I understand, it seems that it lets you put linux into the 
firmware of many popular routers, and manage it using a web interface.
Since it's linux, you obviously get all its benefits, including ssh. 
Anyway, I just read the openwrt docs very quickly, so it's entirely 
possible that I'm misunderstanding things here, and hopefully someone 
more experienced than me will give you more reliable info.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[kashani]

Etaoin Shrdlu wrote:

> For browsing the internet, the setup is just a little bit more complex. 
> At least, you need a http proxy running on the router (like squid), then 
> do port forwarding for ports 80, 443, etc. and set up your browser 
> accordingly to use the proxy. This way, your http requests are sent to 
> the proxy via the ssh tunnel, and from there go to the their intended 
> destinations using your ISP connectivity.

Actually it is very simple to socks proxy your ssh connection and use 
that without any additional software.

ssh -D 1080 username@your.router.com

Then pop into your broswer config and set the socks proxy to be 
127.0.0.1:1080 and you're done.

kashani
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Mick]

[-- Attachment #1: Type: text/plain, Size: 1337 bytes --]

On Friday 05 January 2007 22:00, kashani wrote:
> Etaoin Shrdlu wrote:
> > For browsing the internet, the setup is just a little bit more complex.
> > At least, you need a http proxy running on the router (like squid), then
> > do port forwarding for ports 80, 443, etc. and set up your browser
> > accordingly to use the proxy. This way, your http requests are sent to
> > the proxy via the ssh tunnel, and from there go to the their intended
> > destinations using your ISP connectivity.
>
> Actually it is very simple to socks proxy your ssh connection and use
> that without any additional software.
>
> ssh -D 1080 username@your.router.com
>
> Then pop into your broswer config and set the socks proxy to be
> 127.0.0.1:1080 and you're done.

I just checked and it seems that the OEM firmware on the netgear drops all ssh 
attempts to connect.  :(

$ ssh 192.168.0.1      
ssh: connect to host 192.168.0.1 port 22: Connection refused

Same story when I use my internet IP address (it times out).  It seems that I 
will have to try openwrt.

Thank you all for your suggestions.

PS.  I noticed that the -D option can be specified as: "ssh -D 
[bind_address:]port".  Which bind_address should be used in the above example?  
I am not sure I understand how this is meant to be used.
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[kashani]

Mick wrote:
> I just checked and it seems that the OEM firmware on the netgear drops all ssh 
> attempts to connect.  :(
> 
> $ ssh 192.168.0.1      
> ssh: connect to host 192.168.0.1 port 22: Connection refused
> 
> Same story when I use my internet IP address (it times out).  It seems that I 
> will have to try openwrt.
> 
> Thank you all for your suggestions.
> 
> PS.  I noticed that the -D option can be specified as: "ssh -D 
> [bind_address:]port".  Which bind_address should be used in the above example?  
> I am not sure I understand how this is meant to be used.

My method works for any normal sshd server you can connect to that 
allows forwarding. OpenWRT should work for you as the socks proxy is 
created on the initiating user side, your local ssh client, that's why 
you set your browser to 127.0.0.1:port and then it forwards packets 
internal to the ssh tunnel without invoking anything on the server side. 
If you don't set an IP with -D then it uses localhost which is what 
you'd want in this case.

kashani
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Dan]

On Sat, 6 Jan 2007 00:07:00 +0000
Mick <michaelkintzios@gmail.com> wrote:

> I just checked and it seems that the OEM firmware on the netgear
> drops all ssh attempts to connect.  :(

Im sure your router's firmware isn't allowing ssh connections.  The
router itself does not offer ssh access to anyone.  What you would
probably want to do is to enable port forwarding on your router to a
linux system behind the router.  


>I do not want to run a PC behind the router.  Instead, I am looking for
>an enhanced hardware router type of solution.  Would you perhaps know
>of either a COTS product, or a Linux embedded approach to fulfil this
>requirement?

I am not sure what you mean by this, but I do hope you'll consider
using a normal commodity PC as your router.  Security is fabulous, CPU
usage for routing and such will hover at about 0%, it requires very
little memory (say, under 15 megs, and that's from experience -- the
actual number was 13 megs fyi) and gives you a handy place for dns,
email, dhcp, nis, ftp, http, and so on if you care to set up any
network services for yourself.  In a pinch (low on hardware) you could
easily set up your workstation to route for the network at,
effectively, no extra charge.  That way you can open the ports you want
at least.  I don't know how to embed it, it's totally done, but the
actual facility of this is unclear to me.  

>I would like to be able to tunnel through ssh to my home router
>(netgear DG834) from random public wifi access points, for the purpose
>of connecting through my own ISP to the internet for internet browsing
>and email.

are you sure you want the internet traffic to go through the wifi
provider's ISP, through the worldwide web (tracepath gives routes that
you may find surprising for traffic in the neighborhood will often go
accross the nation for me), back through your home ISP, and into your
home network, then back again through your home ISP and back into the
world to the computer whose website you are attempting to browse? That's
a pretty convoluted trip.  

for email, you could always set up a bonafide IMAP server... if you had
a linuxbox routing for you ; ).  The gray hair count on that project
wasn't too bad for me, and I love having my email in the closet down
the hallway instead of on my flaky WebMail providers' servers. 

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Boyd Stephen Smith Jr.]

[-- Attachment #1: Type: text/plain, Size: 2075 bytes --]

On Monday 08 January 2007 09:53, Dan <dan@spore.ath.cx> wrote about 'Re: 
[gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy':
> I am not sure what you mean by this, but I do hope you'll consider
> using a normal commodity PC as your router.

He's already got a home router.  Some Netgear model (see below).

If the only thing your network is accessing the Internet, then a PC can 
work as a router effectively.  However, if you want to take advantage of 
gigabit speeds (or more than a dozen 100mbit ports) you'll definitely want 
a dedicated solution -- the PCI bus just can't keep up.  Maybe there's a 
solution in PCIe or PCI-X, since they do increase bandwidth, but I've yet 
to see a standard PC configured to handle that much bandwidth.

> are you sure you want the internet traffic to go through the wifi
> provider's ISP, through the worldwide web (tracepath gives routes that
> you may find surprising for traffic in the neighborhood will often go
> accross the nation for me), back through your home ISP, and into your
> home network, then back again through your home ISP and back into the
> world to the computer whose website you are attempting to browse? That's
> a pretty convoluted trip.

Well, by making that trip he does prevent attempts to sniff his data by the 
wifi provider (or when using non-secure wifi, anyone within range of his 
transmission).  It sounds like he's setting up a ssh tunnel from a trusted 
system (his laptop) to another trusted system (his router) so his 
(plaintext) data can't be intercepted.  (It could be intercepted as 
ciphertext but there's no good attacks against as ssh tunnel.)

Note that SSL/TLS traffic doesn't gain any security by going though the 
tunnel and unencrypted traffic can still be sniffed on it's way between 
the trusted router and the server.

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Dan]

On Mon, 8 Jan 2007 11:29:52 -0600
"Boyd Stephen Smith Jr." <bss03@volumehost.net> wrote:

> if you want to take advantage of 
> gigabit speeds (or more than a dozen 100mbit ports) you'll definitely
> want a dedicated solution -- the PCI bus just can't keep up.  Maybe
> there's a solution in PCIe or PCI-X, since they do increase
> bandwidth, but I've yet to see a standard PC configured to handle
> that much bandwidth.

If you have the router between LAN segments at gigabit speeds, and need
to route more than 132MB/S worth of data transfer, sure, the PCI bus 
 isn't fast enough.  Why you'd need a router anywhere between
computers that need to swap this much information is byond me, but your
point is i guess sound. good luck finding a PC with 10 pci slots so
that you can achieve gigabit speeds on 100-tx hardware ;)  
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Boyd Stephen Smith Jr.]

[-- Attachment #1: Type: text/plain, Size: 1548 bytes --]

On Monday 08 January 2007 11:43, Dan <dan@spore.ath.cx> wrote about 'Re: 
[gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy':
> "Boyd Stephen Smith Jr." <bss03@volumehost.net> wrote:
> > if you want to take advantage of
> > gigabit speeds (or more than a dozen 100mbit ports) you'll definitely
> > want a dedicated solution -- the PCI bus just can't keep up.  Maybe
> > there's a solution in PCIe or PCI-X, since they do increase
> > bandwidth, but I've yet to see a standard PC configured to handle
> > that much bandwidth.
>
> If you have the router between LAN segments at gigabit speeds, and need
> to route more than 132MB/S worth of data transfer

Like, moving my rather large collection of video from one computer to 
another? Or, simply watching HD video from your NAS on 2-3 frontends at 
the same time?  Actually, just about anything involving a NAS and any rael 
workload.

> good luck finding a PC with 10 pci slots so
> that you can achieve gigabit speeds on 100-tx hardware ;)

You needn't have 10 pci slots.  Many companies sell 4-port 10/100 ethernet 
cards (I have one that a number of years old in the next room).  I'm 
fairly sure higher numbers of ports are available, although they are rare.  
4-port 10/100/1000 ethernet cards (PCIe or PCI-X, IIRC) are also 
available.

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Etaoin Shrdlu]

On Friday 5 January 2007 23:00, kashani wrote:

> Actually it is very simple to socks proxy your ssh connection and use
> that without any additional software.
>
> ssh -D 1080 username@your.router.com
>
> Then pop into your broswer config and set the socks proxy to be
> 127.0.0.1:1080 and you're done.

Thanks, I never used SOCKS. I wanted to learn more about it anyway, so I 
guess this is the right time to do that!
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Boyd Stephen Smith Jr.]

[-- Attachment #1: Type: text/plain, Size: 1745 bytes --]

On Friday 05 January 2007 15:44, Etaoin Shrdlu <shrdlu@unlimitedmail.org> 
wrote about 'Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy':
> On Friday 5 January 2007 21:25, Mick wrote:
> > OK.  I don't think I need to run a full VPN.  I just want to securely
> > connect to my router at home while I am out & about using public wifi
> > hot spots and thereby to be able to connect to the internet using my
> > ISP for browsing & email.  The only ports I should need to forward via
> > ssh to the router/server are those serving http/https for browsing and
> > 110/995/143/25/587 for email.
>
> If I understand correctly then, you need ssh (and a public IP address)
> running on the router.
[snip: and then forward a ton of ports]

Or you could forward X over the ssh tunnel, and run your web browser on 
your router. >:)

Finally, if your email program and browser are SOCKS aware, you could 
simply set them up to use your ssh connection as a SOCKS proxy.  There's 
specific support for this in OpenSSH, so that you don't have to open ports 
individually, it can be done dynamically on-demand.

> Never used it myself, but take a look at the openwrt project.
> From what I understand, it seems that it lets you put linux into the
> firmware of many popular routers, and manage it using a web interface.

While there has been some work done on a web interface, it's not a priority 
for the core OpenWRT team.  For me, manging my router from a command 
prompt worked better anyway.

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Mick]

[-- Attachment #1: Type: text/plain, Size: 2055 bytes --]

On Saturday 06 January 2007 04:32, Boyd Stephen Smith Jr. wrote:
> On Friday 05 January 2007 15:44, Etaoin Shrdlu <shrdlu@unlimitedmail.org>
>
> wrote about 'Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy':
> > On Friday 5 January 2007 21:25, Mick wrote:
> > > OK.  I don't think I need to run a full VPN.  I just want to securely
> > > connect to my router at home while I am out & about using public wifi
> > > hot spots and thereby to be able to connect to the internet using my
> > > ISP for browsing & email.  The only ports I should need to forward via
> > > ssh to the router/server are those serving http/https for browsing and
> > > 110/995/143/25/587 for email.
> >
> > If I understand correctly then, you need ssh (and a public IP address)
> > running on the router.
>
> [snip: and then forward a ton of ports]
>
> Or you could forward X over the ssh tunnel, and run your web browser on
> your router. >:)

Thanks, I also thought of running FreeNX on the router, if only the router 
were capable of running apps.  It seems that openwrt is not (yet?) covering 
the netgear DG834.  The wireless version DG834G is shown as WIP on the 
openwrt website.  I'll keep an eye on it, or one day upgrade my router.

> Finally, if your email program and browser are SOCKS aware, you could
> simply set them up to use your ssh connection as a SOCKS proxy.  There's
> specific support for this in OpenSSH, so that you don't have to open ports
> individually, it can be done dynamically on-demand.

Cool!  I'll check it out. 

> > Never used it myself, but take a look at the openwrt project.
> > From what I understand, it seems that it lets you put linux into the
> > firmware of many popular routers, and manage it using a web interface.
>
> While there has been some work done on a web interface, it's not a priority
> for the core OpenWRT team.  For me, manging my router from a command
> prompt worked better anyway.

How do you set firewall rules using opewrt?  Through a script?
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Boyd Stephen Smith Jr.]

[-- Attachment #1: Type: text/plain, Size: 2699 bytes --]

On Saturday 06 January 2007 04:06, Mick <michaelkintzios@gmail.com> wrote 
about 'Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy':
> On Saturday 06 January 2007 04:32, Boyd Stephen Smith Jr. wrote:
> > On Friday 05 January 2007 15:44, Etaoin Shrdlu
> > <shrdlu@unlimitedmail.org>
> >
> > wrote about 'Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy':
> > > On Friday 5 January 2007 21:25, Mick wrote:
> > > > I just want to
> > > > securely connect to my router at home while I am out & about using
> > > > public wifi hot spots and thereby to be able to connect to the
> > > > internet using my ISP for browsing & email.  The only ports I
> > > > should need to forward via ssh to the router/server are those
> > > > serving http/https for browsing and 110/995/143/25/587 for email.
> > > If I understand correctly then, you need ssh (and a public IP
> > > address) running on the router.
> > Or you could forward X over the ssh tunnel, and run your web browser
> > on your router. >:)
> Thanks, I also thought of running FreeNX on the router, if only the
> router were capable of running apps.  It seems that openwrt is not
> (yet?) covering the netgear DG834.  The wireless version DG834G is shown
> as WIP on the openwrt website.  I'll keep an eye on it, or one day
> upgrade my router.

There may be another project out there that works with your router -- I 
know there was one specifically targeting D-Links for a while... search 
around.  You might also see if anyone has tested OpenWRT on your firmware, 
WIP might mean that it just takes some massaging (which could mean 
anything from a few minor config file changes, to a custom build of 
Kamikaze), but is still available an an option.

> > While there has been some work done on a web interface, it's not a
> > priority for the core OpenWRT team.  For me, manging my router from a
> > command prompt worked better anyway.
>
> How do you set firewall rules using opewrt?  Through a script?

Well, you can use the WIP web interface, or you can get a shell and edit 
the firewall rules.  It's standard linux, so you can use iptables directly 
for simple one-off changes that last until you reboot.  IIRC, there is 
also an /etc/init.d/20firewall script that reads iptables rules out 
of /etc/firewall or somesuch.  (Haven't messed with the OpenWRT since I 
moved in May.)  I believe shorewall is also available as an ipkg from the 
WRT developers.

-- 
"If there's one thing we've established over the years,
it's that the vast majority of our users don't have the slightest
clue what's best for them in terms of package stability."
-- Gentoo Developer Ciaran McCreesh

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] [OT] Router for ssh tunnel/SOCKS proxy

[Etaoin Shrdlu]

On Saturday 6 January 2007 05:32, Boyd Stephen Smith Jr. wrote:

> Finally, if your email program and browser are SOCKS aware, you could
> simply set them up to use your ssh connection as a SOCKS proxy. 
> There's specific support for this in OpenSSH, so that you don't have
> to open ports individually, it can be done dynamically on-demand.

Thanks. As I said in another reply, I'll have to look more deeply into 
SOCKS.
-- 
gentoo-user@gentoo.org mailing list