Question: SSH / Reverse SSH Tunelling .. a way to bypass firewalls??

[bombshop 0]

I have been reading about ssh tunneling for a while now but i cannot get it work.
i have a shell account at my school (say me@myschool.edu) and i can use a web browser there (links). I am using putty as the SSH client. At my schools library i cannot use torrent programs or eMule as the firewall blocks the ports of them.
The question is: are there any ways to bypass the firewall through my shell account and use the service as i wish?

Here are some things i have tried:
set port 3333 as dynamic and tried forwarding the port to https://www.google.de/?gfe_rd=cr&ei=BwkjVKfAD8uH8QfckIGgCQ&gws_rd=ssl then i made the connection to my shell acount and then in the adress bar of firefox i typed LOCALHOST:3333/ , it did not work
As i used dynamic putty acts as a Socks4/4a/5 proxy so i take a chance to set firefox connect via proxy at localhost:3333 but it did not work either.

Any tutorials, HOWTO's or suggestions and also questions are welcome

[lajoshal 0]

This is the structure of the network from the viewpoint of library :

[library] ---> [gateway] ---> [ internet ]

When the school's computer and the library's computer is on the same intranet the picture is :

[library] ---> [gateway] ---> [ internet ]
[scool] --/

In this case both in the school and in the library the same gateway or firewall blocks the access.
You don't have chance to extend your abilities without a third location.

Let's say that the school's computer is not in the same network as the library's computer and also the school's firewall allows you to access everithing you want and blocked in library.
In this case the picture is the following:

[library] --> [gateway] ---> [internet] <----> [school]

Let's say that you run X server at library or by cygwin or by linux. (X server is used to display the screen and handle keyboard/mouse events.) In this case you can use ssh to run software on a remote computer and show you the software's display at your X server. So let's say you ssh to school and run azureus. This torrent client will run on the school's computer however your X server will show you the software's gui (user interface). The network will carry those informations which are necessary to display the gui and interact with the software. So you will se the software on your librari's computer however it will run in school's computer. The running software will use the file system of the scool's computer. You can download the newest linux image file to the scool's computer's hard disk. When download complete you can copy the files to the library's computer with sftp or ftp. Maybe the library's firewall blocks the access to library-computer from internet. In this case you use sftp from library and connect to school.

Let's see an another example:

[library] --> [gateway] ---> [internet] <----> [school's router] -> [school]

In this case you can't access the school computer directly. You must access the school's router first by ssh-login to it and from the router you can access the school computer. You can use ssh tunneling to skip a step and access the school's computer directly.

Look at the 2nd picture at http://forums.xisto.com/no_longer_exists/
mypc is the computer at library and gate is school's router (work = scool).



Just ask if there is something that needs more explanation.

Edited January 3, 2007 by lajoshal (see edit history)

[bombshop 0]

Ok here is my situation more detailed.I have installed links in my school shell account. also i can use ssh, telnet ftp from my account in my school[Home]-->[school]-->[Google:80] is possible using PuTTY so i want to tunnel my connection to google through the connection set up to my school using PuTTY.I set my connection up so that a dynamic port is added (for instance 3333) and the SSH session is up and runningnetstat -na does the trick and my local port 3333 is on LISTENING status.The question is, I am supposed to open the google front page with this tunnel but when i try it says DONE and shows me nothing. I suppose there is a problem with that tunnel but can not kinda figure it out.For tunelling the ssh connection is it necessary for the server i log in and the site i try to reach to be on the same subnet??It makes sense to be able to tunnel my connection to any ip using the connection set up to my account but it is not always about making sense

[lajoshal 0]

This ssh tunneling is new for me also. I'm sorry for mistakes.java script:emoticon('', 'smid_2')


I will wrtite based on http://archive.oreilly.com/pub/a/wireless/2001/02/23/wep.html

With ssh tunneling you can access a service in an encrypted way, which is already accessibile.
And you must have an ssh account on the remote site. And you must have root privileges on localhost.

For tunelling the ssh connection is it necessary for the server i log in and the site i try to reach to be on the same subnet??

It can be on any subnet. If you use only "host" instead of "host.schooldomain.com" then you must run within the same subnet. You can use ip addresses also.

The question is, I am supposed to open the google front page with this tunnel but when i try it says DONE and shows me nothing. I suppose there is a problem with that tunnel but can not kinda figure it out.

Do you have an ssh account on google:80? I think answer is not. So this is why it doesn't work.
What happens when you connect to school:80 by your local port 3333 as you mentioned? Probably you see the school's home page. The difference between connecting to local port 3333 with your browser and connecting directly to school:80 is that communication between the computers are ssh-encrypted.

Let's say you want to browse the net and your firewall enables only ssh connection.
You will use ssh tunneling to access the service on your computer's local port.
For example your school have a proxy server at proxy.school.com and accepts request at port 9500.
If you have ssh access to proxy.school.com then you tunnel to the proxy:
ssh -N -l username -L 3333:proxy.school.com:9500 proxy.school.com
After typing correct password let this shell running.
After it set up browser to use proxy at localhost:3333.
And browse the net as your firewall wouldn't block this.
And if you don't have ssh access to proxy.school.com you can install one at school.com. However maybe you will break the rules of your school. First read the whitepapers what are allowed and what are not.

But you want to use torrents... And maybe at school there is a firewall also...