Tr1v14l Pursu1ts: Stupid Network Tricks: Smoothwall, SSH and the Smoothwall Proxy

Maxims, rules of thumb and other observations on human cognition and sociocultural affectations

This will be added to on an irregular basis...

What is said to humans directly is received with skepticism and considered with dubiousness while that which is heard in passing, especially that which most conforms to their mentality or prejudices, is readily believed.
Humans have a certain cognitive latency between exposure to new information or experiences and the ability to think dispassionately and intellectually about it.
Humans have a certain cognitive spectrum starting with the moment of exposure to new information or experiences and ending with some point at which the thing is effectively "in the past" for them.
This cognitive spectrum is linked to the emotional process often referred to as shock, anger, denial and acceptance.
The more and faster information or experiences are presented to people and the closer the quarters and the lesser the distance between people, the more their early reactions in the passionate emotional stage are reflected back to them in the manner of responses to those reactions from others in light of those responses.
The more outrages which are suffered without sufficient time to allow emotional bleed-off, the farther the bar for subsequent reaction and outrage are pushed, and the more further events must progress before reaction and outrage.
It is possible for serious detriments to eventually sit below this threshold for long enough for their damaging effects to build and multiply until their entire society undergoes some reactive convulsion.

Thursday, June 25, 2009

Stupid Network Tricks: Smoothwall, SSH and the Smoothwall Proxy

So maybe you’re behind a firewall at work that stops your web browsing freedom and yet has not locked down your machines so much that you cannot change proxy settings. Or maybe you can’t on Windows/MSIE but you can use Firefox on a thumb drive. If you can set a browser to use a proxy, maybe you can’t get to it on the public Internet. Maybe you wouldn’t want to because of a lack of user control.

Here’s how to do it.

First, you need to be using Smoothwall. I prefer the current version 3.

Smoothwall has the capability of being interacted with via SSH. Even better, it defaults to a port other than 22 so it may not be blocked where you are at the time you want to reach it.

You need to remember to allow open access to the port it uses so at the web based admin screens you want Networking | External Access and there you create a rule for TCP protocol, the SSH port you’re using, and source can be all unless you’re only connecting from very specific networks. Make sure to enable the rule and save it.

Now then, when you ssh to your external IP address, which may be dynamic and I highly recommend dyndns.org to get a dynamic DNS entry as Smoothwall has a client that can keep it update when your ISP changes your IP, you need to be able to redirect traffic through Putty.

Yes, Putty is the easiest to use. Connection | SSH | Tunnels is the place in the Putty session set-up. There you need not check either of the top boxes. Just enter your tunnels.

Now then Smoothwall has a web proxy that when on and not in transparent mode answers on port 800 by default. So you create a tunnel by entering 800 in the Source port field or whatever number you want your local machine to listen on for proxy incoming, and then enter the IP address of the LAN SIDE Ethernet port of the Smoothwall and NOT the public IP or anything like that and you make it with a colon and 800 as in 192.168.1.1:800 in that field.

When you get the SSH session going, you are going to be doing SSH from wherever you are to the WAN side Ethernet port, and the SSH server will be taking in your tunnel from Putty and aiming your proxy traffic at port 800 on the Ethernet interface and as far as Smoothwall is concerned, it is as if it came from your home LAN.

You will now appear to be communicating from home even while at work or a friend’s house. The IP seen will be that of your home connection, so keep your nose clean and play nice, but have fun.