Rolandes Ramblings

So here’s another techie post but you can’t blame me. After all I spend nearly a third of my life working on this stuff.

Anyway, having worked in a bank for the past 6 years, I have gotten used to the omnipotent Big Brother always lurking over my shoulder to track what I am doing. However, having designed or been involved in the implementation of most of those systems in my last job, I knew all of the controls in place and how to quietly get around them for my own convenience and benefit. You know it is annoying when someone in HR decides it is a good idea to block access to certain website categories or even specific websites for one reason or another. I totally agree with policies blocking all the obscene content and things that just don’t belong in the workplace. But blocking my access to certain Multimedia content, Google Desktop, or Distributed Computing sites seems rather Midieval to me.

So, enough with that crap. Sadly, even though I am in the group that engineers and implements these solutions, I do not have the ability to stand up any systems with backdoors. Time to look at alternate methods.

Luckily enough, SSH is allowed outbound to any destination through a SOCKS proxy environment. Since I have my own Linux server running on my DSL service at home, I can easily connect to its SSH server from my desk at work. I had been using this for some time to login to my server at home to check email or use it as an outside source for testing or verifying certain things across the Internet.

For some reason, over the past ten years or so, I had never spent any time messing around with SSH port forwarding. I have no idea why. I had previously played with an HTTP port forwarding/tunneling solution but the performance of that was miserable to say the least. In my previous position, SSH was not allowed outbound at all by any means which is why I had to mess around with the HTTP tunneling just so I could check my email at home.

Now I have finally discovered the Holy Grail. I reconfigured my Apache webserver on my Linux server at home to support proxy functionality limited to access from just my local network. I also configured my SSH server to allow TCP port forwarding. I then used my SecureCRT SSH client to setup port forwarding. I mapped a local port on my laptop to a remote destination and port through the SSH session. In this case, I setup TCP port 8080 on my laptop to map to TCP port 80 on my Linux server at home which is the port my Apache proxy server listens on. Now all I do is point my web browser’s proxy settings to localhost:8080 and …Voila! I now have unfiltered proxy access outside the internal network. Additionally, no one on the local network can see anything that I am doing because the traffic is all encrypted inside a single SSH session going to my Linux server at home.

Pretty cool stuff. Now all I need to do is finally get XP Pro loaded on my desktop at home so that I can run Terminal Services and get remote desktop access. That would be the icing on the cake.