Tunneled IP Addresses?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I use ssh tunnels (via putty) to successfully browse my remote web
servers. First I connect via ssh. Then I configure an ssh tunnel by
specifying that all requests to a particular remote host be sent to
'' - the ssh application then takes over any HTTP requests to
that address and forwards them out the tunnel. I had to add
'remotehost' to my w2k hosts table, identifying it on the line for

Works fine when I browse to the remote host via its hostname.

However, some of the pages on the remote server refer to additional
pages (on the same server), but specify its IP Address rather than
hostname. My PC attempts to load these private addresses directly,
rather than sending them through the tunnel. This fails because the PC
uses its default route to go to that IP rather than via the tunnel,
hence I fail to get these pages loaded.

I was hoping I could simply add a route to the private network via For example:

   route add mask metric 1

However W2K complains "The route addition failed: The parameter is

Is there any way to create this type of route?

Re: Tunneled IP Addresses?

tsreyb@yahoo.com writes:
Quoted text here. Click to load it

To avoid confusion, I wouldn't put it like that. Rather than SSH "taking
over" at the IP level, it just starts listening on
port 80; it's more like you've started a web server on your local
computer, which you then trick your web browser into believing is a
particular remote host by fiddling your hosts table.

Quoted text here. Click to load it

Rather than trying to persuade your IP stack to do this, I'd do it at a
higher level -- set up PuTTY to use a "dynamic tunnel", which starts up
a SOCKS proxy listening on the local machine, and then configure the web
browser to use that SOCKS proxy. Requests for _any_ hostname or IP
address made by the web browser will then go over the tunnel.

Re: Tunneled IP Addresses?

more info from a recent thread:

http://groups.google.com/group/comp.security.ssh/browse_frm/thread/7442210838c61b79/8636a36d1a355ee0 ?

  Richard Silverman

Re: Tunneled IP Addresses?

I put this in a previous post but it may help you.

What I've found useful, at least in the windows world, is proxycap
(http://proxylabs.netwu.com /) or sockscap
(http://www.socks.nec.com/Download/SocksCapDownload/index.asp ). Sockscap
is free (for non-commercial, and you need to register), but time limited
(about a year) whereas proxycap costs a few dollars.
What they both do is grab packets coming from any specified application
which would otherwise be destined for the internet (e.g. your
browser/mailclient etc.) and route them to a defined proxy. The useage
with putty/openssh is to route them to localhost port 1080 (you choose),
where putty encrypts/portforwards them to your remote SSH server, where
they are unwrapped and carry on their way to the internet. Using Putty's
'D' (dyanamic) port forward option (on port 1080, as set above) allows
any IP that the application is sending stuff to, to be port forwarded.
In other words the whole setup acts as a proxy web server at the remote,
SSH server, IP. This has the effect of anonymising the original IP; web
pages see only the IP of the SSH server, and allows you to tunnel
through proxy server firewalls, using the proxy features in Putty. Also
any traffic (personal mail, forbidden web-sites) is encrypted as it
travels through your local network, right up to your personal machine,
so your local IT admin/chinese firewall admin, can't read it.

Now most of you on this board probably knew this; I'm new at this, but
hopefully it will help someone.

Richard E. Silverman wrote:
Quoted text here. Click to load it
http://groups.google.com/group/comp.security.ssh/browse_frm/thread/7442210838c61b79/8636a36d1a355ee0 ?
Quoted text here. Click to load it

Site Timeline