3

I'm looking for a service on the internet allowing me to redirect TCP connections.

My company's firewall is very strict and allows only HTTP (through a transparent proxy) or SSL on only port 443. I managed to successfully build a tunnel by running stunnel on port 443 at home. The problem is: only one service can run on a port at a time! For example I can't run ownCloud and stunnel at the same time. I know I could tunnel SSH in stunnel and tunnel everything through SSH, but it's getting a pain (and multiple tunnels into each other).

If I would run several hosts on the internet (and not my 1 home IP address) I would simply configure IPTABLES to forward the SSL connection to my home IP/any port, and returning packets the other way around. This way I am end-to-end encrypted and simply multiplex services by IP numbers instead of port numbers.

I therefore have two questions:

  • Is this possible
  • Does it exist
Improve this question
5
  • 1
    Did you consider running a SOCKS proxy at home and some kind of redirector at work like redsocks?
    – pabouk - Ukraine stay strong
    Commented Nov 4, 2013 at 22:39
  • Definitely look into SOCKS proxies.
    – Timtech
    Commented Nov 4, 2013 at 22:57
  • 3
    What is your company's policy on bypassing the firewall?
    – BillThor
    Commented Nov 5, 2013 at 0:51
  • 1
    Thanks, SOCKS looks indeed promising. What I also saw was OpenVPN, which should use SSL, too. But I didn't get it working, strange, is the protocol any different from e.g. stunnel?
    – Borph
    Commented Nov 5, 2013 at 15:01
  • the firewall is at place for a very good reason. if you value your job do not attempt to bypass it since it most probably violates your company policies and your contract.
    – Lorenzo Von Matterhorn
    Commented Nov 29, 2013 at 0:28

1 Answer 1

Reset to default
0

You can use SOCKS proxy via ssh - simply run sshd on a port you can access (say 443) and then ssh -D 1080 .... Firefox can use SOCKS proxy native-ly (configuration) to access the internet (except for DNS, but you most likely have that). Other apps can use something like dante to socksify them and so on...

Other option is openvpn, squid... the new ssh versions can actually create openvpn-like tunnel (-w).

NB: You should first consult your system administrator. While you can bypass the firewall this way, it is not very nice, to say the least ;)

Improve this answer
2
  • As mentioned, SSL on port 443 is the only thing. SSH != SSL, so forbidden from the firewall regardless the port. The problem: only stunnel OR https possible, not both.
    – Borph
    Commented Nov 29, 2013 at 8:47
  • That implies level 7 firewall, nice! Buy a beer to your sysadmin for me. It was not very clear... Have you tried OpenVPN? It's SSL.
    – Doncho Gunchev
    Commented Nov 29, 2013 at 23:55

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .