Hello Kitty

I am a network noob. There, we got that out of the way.

I would like to have a secure encrypted connection through the firewall
where I work (XP PC that uses a proxy server), to my home Ubuntu
desktop machine behind a firewalled router, so that I may browse
without prying eyes. I use Firefox as my browser. I have several
questions that I hope someone can give me some detailed answers.

recap:
SECURE, ENCRYPTED HTTP CONNECTION FROM 10.XXX.XXX.XXX (work) THROUGH
PROXY SERVER 109.XXX XXX XXX TO 192.XXX.XXX.XXX WHICH IS BEHIND FIREWALL @
6XX.XXX.XXX.XXX (home).

Questions:
Does it matter that I need to go through a proxy server to get out to
the Ubuntu server?

Does it matter that the Gateway at work, when scanned only shows one
UDP port open?

Does it matter that the proxy server at work, when scanned only shows
one UDP port open?

What do I need to have installed on the Ubuntu desktop to act as the
server, and how do I configure it?

What do I have to have installed on the work PC, and how do I configure
it?

What do I need to do with my firewalled router at home (ports, etc)?

Not asking much am I? How the heck do I do it?

Your responses would be greatly appreciated.
--
! Meow !

NoStop

Hello Kitty wrote:

> I am a network noob. There, we got that out of the way.
>
> I would like to have a secure encrypted connection through the firewall
> where I work (XP PC that uses a proxy server), to my home Ubuntu
> desktop machine behind a firewalled router, so that I may browse
> without prying eyes. I use Firefox as my browser. I have several
> questions that I hope someone can give me some detailed answers.
>
> recap:
> SECURE, ENCRYPTED HTTP CONNECTION FROM 10.XXX.XXX.XXX (work) THROUGH
> PROXY SERVER 109.XXX XXX XXX TO 192.XXX.XXX.XXX WHICH IS BEHIND FIREWALL @
> 6XX.XXX.XXX.XXX (home).
>
> Questions:
> Does it matter that I need to go through a proxy server to get out to
> the Ubuntu server?
>
> Does it matter that the Gateway at work, when scanned only shows one
> UDP port open?
>
> Does it matter that the proxy server at work, when scanned only shows
> one UDP port open?
>
> What do I need to have installed on the Ubuntu desktop to act as the
> server, and how do I configure it?
>
> What do I have to have installed on the work PC, and how do I configure
> it?
>
> What do I need to do with my firewalled router at home (ports, etc)?
>
> Not asking much am I? How the heck do I do it?
>
> Your responses would be greatly appreciated.

Sorry I don't 'Meow' as I hate cats. And I have no idea what restrictions if
any exist through your company's proxy server. But, what you might try is
to ssh into your box at home. You'll need a Windoze program like putty on
the company end. Then on the home end you'll need to install and run sshd.
You'll also need to open up a port in your router to allow ssh to pass
through to your Linux box. The port is dependent upon the port you use in
sshd. The default is port 22. Make sure that you're using a STRONG password
for the user account you're going to be logging into.

Cheers.

--
Ubuntu 7.10 ... wow!
http;//www.ubuntu.com

NoStop

Hello Kitty wrote:

> I am a network noob. There, we got that out of the way.
>
> I would like to have a secure encrypted connection through the firewall
> where I work (XP PC that uses a proxy server), to my home Ubuntu
> desktop machine behind a firewalled router, so that I may browse
> without prying eyes. I use Firefox as my browser. I have several
> questions that I hope someone can give me some detailed answers.
>
> recap:
> SECURE, ENCRYPTED HTTP CONNECTION FROM 10.XXX.XXX.XXX (work) THROUGH
> PROXY SERVER 109.XXX XXX XXX TO 192.XXX.XXX.XXX WHICH IS BEHIND FIREWALL @
> 6XX.XXX.XXX.XXX (home).
>
> Questions:
> Does it matter that I need to go through a proxy server to get out to
> the Ubuntu server?
>
> Does it matter that the Gateway at work, when scanned only shows one
> UDP port open?
>
> Does it matter that the proxy server at work, when scanned only shows
> one UDP port open?
>
> What do I need to have installed on the Ubuntu desktop to act as the
> server, and how do I configure it?
>
> What do I have to have installed on the work PC, and how do I configure
> it?
>
> What do I need to do with my firewalled router at home (ports, etc)?
>
> Not asking much am I? How the heck do I do it?
>
> Your responses would be greatly appreciated.

Another option is to install webmin on the home Linux box then you can acess
all its goodies with a regular web browser. Again, strong password and the
default port in this case is 10000 and through https.

Cheers.

--
Ubuntu 7.10 ... wow!
http;//www.ubuntu.com

Dirk T. Verbeek

Hello Kitty wrote:
> I am a network noob. There, we got that out of the way.
>
> I would like to have a secure encrypted connection through the firewall
> where I work (XP PC that uses a proxy server), to my home Ubuntu
> desktop machine behind a firewalled router, so that I may browse
> without prying eyes. I use Firefox as my browser. I have several
> questions that I hope someone can give me some detailed answers.
>
> recap:
> SECURE, ENCRYPTED HTTP CONNECTION FROM 10.XXX.XXX.XXX (work) THROUGH
> PROXY SERVER 109.XXX XXX XXX TO 192.XXX.XXX.XXX WHICH IS BEHIND FIREWALL @
> 6XX.XXX.XXX.XXX (home).
>
> Questions:
> Does it matter that I need to go through a proxy server to get out to
> the Ubuntu server?
>
> Does it matter that the Gateway at work, when scanned only shows one
> UDP port open?
>
> Does it matter that the proxy server at work, when scanned only shows
> one UDP port open?
>
> What do I need to have installed on the Ubuntu desktop to act as the
> server, and how do I configure it?
>
> What do I have to have installed on the work PC, and how do I configure
> it?
>
> What do I need to do with my firewalled router at home (ports, etc)?
>
> Not asking much am I? How the heck do I do it?
>
> Your responses would be greatly appreciated.

I was recently confronted with a similar situation although I was only
interested in enabling E-amil via pops (port 995), smtps (port465)
and reading these newsgroups (port 119).

The corporate proxy server (on default port 8080) had only two ports
open, 80 for http and 443 for https.

I used a ssh tunnel to log into the shell server of my provider
xs4all.nl, initially with this command:

ssh -2 -c blowfish -l mylogin -L 1995ops.xs4all.nl:995 -L
1465:smtps.xs4all.nl:465 -L 1119:news.xs4all.nl:119 shell.xs4all.nl

You see I added a 1 in front of the local ports and on the provider side
the tunnel the original ports were opened.
This worked fine till a week later some corporate IT person possibly saw
a log showing non-http traffic and disabled it.

A day later I found the option to use the https port 443, as this https
traffic is encrypted anyway it'll be very hard to detect the ssh session:

ssh -p 443 -2 -c blowfish -l mylogin -L 1995ops.xs4all.nl:995 -L
1465:smtps.xs4all.nl:465 -L 1119:news.xs4all.nl:119 shell.xs4all.nl

To get through the proxy you need one other utility, corkscrew that uses
the connect command to pass through the proxy.
It is in the repositories and it's for this particular use set up with a
config file in ~/.ssh/config that contains:

Host *
ProxyCommand corkscrew corporate.proxy.com 8080 %h %p

When your company is only keeping selective ports open you don't need
corkscrew, it is used when there is a proxy server involved.

I am not very informed about what you need at the other end but you will
at least need an ssh server to receive these packages and obviously the
relevant ports need to be opened on your firewall/router or NAT.

Opening a ssh port is generally the invitation of a lot of knocking on
it's door by very undesirable 'guests', you need good security!

There is another utility called HTTPtunnel that can help you 'hide' ssh
packages through a http proxy.
It consists of a server hts and client htc that you run on the
respective ends.

jebblue

On Wed, 28 Nov 2007 16:00:38 -0500, Hello Kitty wrote:

> Not asking much am I? How the heck do I do it?
>
> Your responses would be greatly appreciated.

FREE: Run x11vnc (not the one in the repository, download and build the
latest from the web site, it's in Google, it has the -ssl option).
Connect using your browser, a Java VNC applet will connect over SSL and
you can log into your desktop securely. x11vnc gives you access to your
real X server so anyone in the room with your X machine can see your
display, the workaround is to run Xvfb first, then point x1vnc at it with
-display.

PAY: Buy a license for RealVNC which does the same Java VNC applet
desktop session over SSL.


--
// This is my opinion.

J(ohn|ane) Doe

Hello Kitty wrote:

> I am a network noob. There, we got that out of the way.
>
> I would like to have a secure encrypted connection through the firewall
> where I work (XP PC that uses a proxy server), to my home Ubuntu desktop
> machine behind a firewalled router, so that I may browse without prying
> eyes. I use Firefox as my browser. I have several questions that I
> hope someone can give me some detailed answers.

I know this isn't going to be a popular answer, but have you considered
the possibility that trying to circumvent your $WORKPLACE network access
policies is just a bad idea? That they *will* be able to see you making a
consistent connection to your home PC regardless of how secure it is, and
know precisely how much data you're moving? And that this alone might be
enough to get you fired?

Here's a novel idea..... you're suppose to be working, not surfing.
They're paying you to do the former, so why not concentrate on that and
leave the surfing until you're actually sitting at your home PC.

CBFalconer

"J(ohn|ane) Doe" wrote:
>
.... snip ...
>
> Here's a novel idea..... you're suppose to be working, not surfing.
> They're paying you to do the former, so why not concentrate on that
> and leave the surfing until you're actually sitting at your home PC.

Earthshaking! Totally contrary to normal business ethics. If this
ever takes hold there will be excess productivity, and most
programmers will be out of work. This will debase the salary
levels, and put us in competition with ditch diggers.

--
Chuck F (cbfalconer at maineline dot net)
<http://cbfalconer.home.att.net>
Try the download section.



--
Posted via a free Usenet account from http://www.teranews.com

CBFalconer

"J(ohn|ane) Doe" wrote:
>
.... snip ...
>
> Here's a novel idea..... you're suppose to be working, not surfing.
> They're paying you to do the former, so why not concentrate on that
> and leave the surfing until you're actually sitting at your home PC.

Earthshaking! Totally contrary to normal business ethics. If this
ever takes hold there will be excess productivity, and most
programmers will be out of work. This will debase the salary
levels, and put us in competition with ditch diggers.

--
Chuck F (cbfalconer at maineline dot net)
<http://cbfalconer.home.att.net>
Try the download section.



--
Posted via a free Usenet account from http://www.teranews.com

CBFalconer

"J(ohn|ane) Doe" wrote:
>
.... snip ...
>
> Here's a novel idea..... you're suppose to be working, not surfing.
> They're paying you to do the former, so why not concentrate on that
> and leave the surfing until you're actually sitting at your home PC.

Earthshaking! Totally contrary to normal business ethics. If this
ever takes hold there will be excess productivity, and most
programmers will be out of work. This will debase the salary
levels, and put us in competition with ditch diggers.

--
Chuck F (cbfalconer at maineline dot net)
<http://cbfalconer.home.att.net>
Try the download section.



--
Posted via a free Usenet account from http://www.teranews.com

M!$$y 50m3b0dy

In article <1cc881bb88943466447a615184bb616a@hermetix.org>, ohn|ane
<xor@hermetix.org> wrote:

> Hello Kitty wrote:
>
> > I am a network noob. There, we got that out of the way.
> >
> > I would like to have a secure encrypted connection through the firewall
> > where I work (XP PC that uses a proxy server), to my home Ubuntu desktop
> > machine behind a firewalled router, so that I may browse without prying
> > eyes. I use Firefox as my browser. I have several questions that I
> > hope someone can give me some detailed answers.
>
> I know this isn't going to be a popular answer, but have you considered
> the possibility that trying to circumvent your $WORKPLACE network access
> policies is just a bad idea? That they *will* be able to see you making a
> consistent connection to your home PC regardless of how secure it is, and
> know precisely how much data you're moving? And that this alone might be
> enough to get you fired?
>
> Here's a novel idea..... you're suppose to be working, not surfing.
> They're paying you to do the former, so why not concentrate on that and
> leave the surfing until you're actually sitting at your home PC.
>

Thank you for the advice. I thought this was an Ubuntu forum? Why are
you posting during working hours? Please get back under your bridge.

--
Regards