Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
i do not know very much about ssh and tunnelling up to now. But i try to
solve the following problem:

I have a desktop, a laptop and a router that points to the internet.
The desktop ist connected to the router via lan-cable, the laptop is
connected to the router via wlan.

Now i could connect from my laptop to the router via wlan for
router-administration, but this is not secure. Connecting from the
desktop via the lan-cable seems to be much more secure. Nevertheless,
sometimes i can not work on the desktop, since someone else works there.

Now, i could start a proxy-server on my desktop and build a tunnel from
the proxy-server port (80) to a local port on my laptop. I think, this
should work like

ssh -L 9080:desktop:80 -N user@desktop

and then, i connect to localhost:9080 on my laptop and there is a save
connection between my laptop and my desktop via the tunnel, while every
input to this tunnel is lead to the right point via the proxy-server. So
i can have a secure connection from the laptop to the router.

I did not run this up to now, because no proxy server is running on my
desktop. But i hope, this would work.

Nevertheless, i would like to know, if there is a way to achive the same
result without having a proxy-server to run on the desktop.

Thank you for every help

Re: tunneling

Quoted text here. Click to load it

Yes.   Two options:

laptop$  ssh -L9999:IP.OF.the.ROUTER:80  user@desktop

Here, traffic to the router would be in the clear over the wire
between the desktop and the router.  That would work for you provided
the router only requires port 80 communication.   I know mine starts
off there, but redirects in various ways to other ports so dynamic
port forwarding might be something you'd dig.

A general proxy is trivial to achieve though using ssh's dynamic port
forwarding option -D  (see man page for details).  

laptop$  ssh -D 9999  user@desktop

And you just set your laptop's web browser proxy options to use a
socks4 proxy at port 9999 (or whatever port you choose

Web requests to any site you visit from the laptop (including
http://ip.of.router and https://ip.of.router ) will appear to originate
the desktop machine.  The wireless hop of that request from your
laptop to your desktop will be in the ssh tunnel, and the dynamic port
forwarding magic of the desktop's ssh server will talk to your router
in the clear over port 80, (or ssl encrypted over 443 as called for by
the router's web admin tool), but that potentially unencrypted
communication will be over the wire between the desktop.


Best Regards,
Todd H.
http://www.toddh.net /

Re: tunneling

Todd H. wrote:

Quoted text here. Click to load it

I tried this out and it works just as i thought.

Quoted text here. Click to load it

Connecting to the router from the desktop always is in the clear. I think,
this might be unsecure in a greater network but not in my simple setup.

Quoted text here. Click to load it

Thank you for this tip.

Site Timeline