|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
Tunneling through ssh?
Hello!
I recently picked up learning FreeBSD, coming from OpenBSD. I put it on bare metal so that I may better tinker with it and become acquianted with its ins and outs. Since as of now it serves as a desktop, I'm working out if I could potentially have it replace my main workstation. One of the functions I can't figure out right now is tunneling through ssh for use with socks-proxy. On OpenBSD, one would ssh over to a host with -D port. Ie: Code:
% ssh -D 12345 user@host Code:
% links -socks-proxy localhost:12345 I figured the syntax must be different in FreeBSD and the handbook does mention a different approach. localport:remotehost:remoteport. Code:
% ssh -L 5023:localhost:23 user@foo.example.com Thank you for any explanations. And since this is my first post: it's good to be here. EDIT: I see now that the former method with -D does appear in netstat -a, but a web browser utilising socks-proxy gets stuck on 'making connection to another server' Last edited by shvehlava; 24th May 2021 at 06:49 PM. Reason: new findings |
|
|||
I figured it out. it was pf
|
|
|||
My follow-up question then would be, what am I to allow in pf.conf for socks?
|
|
|||
I did not use the SSH built-in socks proxy for a long time.
This is what works for me on an OpenBSD workstation and OpenBSD server at siralas.nl using the simple -D option : Code:
-D [bind_address:]port Specifies a local "dynamic" application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.
Using this method I don't have to adjust anything in pf.conf on both workstation and server.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump Last edited by J65nko; 24th May 2021 at 08:22 PM. |
|
|||
I debugged it.. I forgot
Code:
set skip on lo Last edited by shvehlava; 25th May 2021 at 11:44 AM. |
|
|||
On your FreeBSD desktop/workstation:
On your FreeBSD machine do you have a set skip on lo0 directive? If pf blocks loopback 127.0.0.1 traffic it won't work ;-) Before you do enable that skip loopback directive, you can make pf log blocked packets: Code:
block in log (all) # tcpdump -eni pflog0 in a separate xterm.Then do you ssh tunneling command in xterm nr 2 and start your browser in xterm 3 Anything interesting showing up in xterm 1, running the tcpdump?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
It was indeed set skip on lo0, I've edited my previous post. Thanks again! and thank you for the tcpdump tutorial.
|
Tags |
freebsd ssh tunnel socks proxy |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Prevent SSH tunneling through port 80 | pttymuth | General software and network | 7 | 15th July 2013 05:35 PM |
SSH tunneling vs. OpenVPN | revzalot | OpenBSD Security | 8 | 31st May 2009 06:45 AM |