I figure I will eventually get this to work if I keep playing with it, but I figured somebody here might be able to quickly point me in the right direction. Even simple links to relevant material would be nice, and most appreciated.

Basically, there are times when my local internet connection is a bit laggy and unreliable (plus my upstream bandwidth is capped), but I still have a reliable 100 mbps network connection to a machine that has an (uncapped) 10 mbps connection to an internet backbone.

During these times, I normally ssh into an account on this Solaris machine, and use xwin to display a remote browser on my computer. This becomes a pain when my local connection fails entirely, because I need to install appropriate applications on the remote machine to use them (e.g. GAIM for instant messages) and then maintain a second set of applications there.

I'd like to set up a system where by I change a few settings on my local (Windows) computer, and then certain applications will connect through the Solaris box to get to the net, and necessary communication is obviously relayed back to me.

So I've tried to research what I need to get this to work, and I'm not sure I have it all down. In some cases the terminology can be a bit confusing to me.

It seems like what I might need is a SOCKS implementation on the Solaris machine which can forward my requests from here to the internet. Then I tell IE or whoever to use that machine for internet requests. I see the section in the IE config and my FTP client to do this, but I don't see it I some applications like AIM or GAIM. Perhaps there's a way to tell windows to forward all traffic through certain port through the server? Or perhaps I'll need to use this program to capture all network traffic and forward it through the server.

So should I just use the reference implementation of SOCKS (for Educational / Personal Use) or is there a better way to do it? Or should I be looking at proxy software? A lot of people seem to like Squid, but it seems to do a lot that would be useless to me, like cache data.

Also, would it ever be helpful to use SSH to tunnel a local port to a port on the Solaris machine? Maybe somehow helps in programs that don’t let me specify the location of the SOCKS server? (Or does the ssh tunnel do nothing other than provide encryption?)

Finally, it’s important to note that I do NOT have root privileges on the Solaris box and thus can’t make serious changes to it, but I’m hoping I won’t have trouble installing it to my area of the disk, using ssh to manually start it, and have it use high-numbered ports that aren’t already in use.

Thanks in advance for all the sage advise,

John

Hey, I had the same EXACT problem at my school. Try junkbuster. It's a proxy/filter. You can configure and run it without any root access. We have a cluster of computers here called solix which run solaris and they have a faster internet connection. The connection running to the apartments and dorms here SUCKS and this fixed it for me

-Greg

Hey, thanks for the advice. I looked through junkbuster and it looks interesting, but I'm going to try a little harder to try to get something setup that allows forwarding of non-http protocols.

I personally don't play many online games, but I think some of my friends could make serious use of this alternate "gateway" I'm trying to configure, as the standard connection is terribly laggy. Plus, I'd like to be able to use AIM and ftp when my network goes down (unfortunately common).

Thanks for the suggestion though,

John

You can use ssh to tunnel specific ports and have them redirected anywhere you specify on the remote side. But then you'd have to be able to tell GAIM, et al., to connect to whatever port you specify on localhost, and whether or not you can do that depends on the application.

In general, you'd want to ``ssh -L <AIM port>:<AIM server>:<AIM port> <remote Solaris machine>'' and then have GAIM connect to localhost, if possible.

Yeah, I do this from work with GAIM and my browser. Although, I use the -D option for ssh. Either way, it works great.

hrmmmm :-/

I've been playing with this for 7 continuous hours, with little success. Somewhat frustrating.

First let's discuss your ssh option which sounds promising, but I can't get to work.

I'm using a windows machine, and I've always used TeraTerm for ssh, but after I couldn't get the forwarding to work, I tried downloading f-secure's CLI ssh program, which also ended up not working.

The command I typed into f-secure's ssh was:

ssh2 -L 5190:login.oscar.aol.com:5190 [email protected]

also tried:

ssh2 -L 5191:login.oscar.aol.com:5190 [email protected]

After typing those commands, it would log in as normal, and I could only assume the port magic was occurring (no messages or anything).

Then in AIM, under "Server", I change: "login.oscar.aol.com", port 5190 to: "localhost", port 5190 and then port 5191. I also tried 127.0.0.1 in place of localhost. Every time AIM could not connect.

Since ricin had said that he'd had success with GAIM, I downloaded that (version 0.61). It does not have a section where you specify a server, but it has a proxy section, where I tried (for the hell of it) putting it onto HTTP (other option is SOCKS) and putting localhost as the proxy server with port 5190 (or 5191). No dice. Also played with the Proxy option in AIM, to no avail.

Any ideas? Could I not be doing the ssh port thingy right? The port thing is automatically bidirectionally connected, right?

More details of my exploits in futility shortly.

Yeah, I do this from work with GAIM and my browser. Although, I use the -D option for ssh. Either way, it works great.

So I guess the -D allows the destination (of the port 80 request) to go though the tunnel to direct it to the right place when it gets there, or something like that.

My ssh doesn't even have a -D!?!? These solaris boxes do, but that doens't help much.

Could you tell me more about your setup, since you seem to have it working correctly. Any ideas as to want I can look at from the stuff I listed above?

These aren't the only things I've tried though, oh no!

First I tried to get a SOCKS implementation I could run on solaris, but the damn website wouldn't let me download the reference edition of SOCKS5, and the Dante implementation looked (at the time) particularly nasty. (I think the FAQ must have been written in less than an hour.)

I finally settled on a sort of gateway / proxy program called DeleGate, which it reasonably nice. After a good period of sacrifices and makfile massages, I got the beast running on my solaris machine. The syntax is a little ridiculous, but I got it sucessfully proxying my http and ftp requests, which was pretty easy, as it has builtin support for those protocols. Even after playing with the tcprelay options fo a good while I was totally unable to get any sort of non-http/ftp traffic to work (I tried sftp and AIM).

With the debugging turned on on the proxy, it seemed that some of the initial AIM stuff gets sent, but I never get a reply from the service. So how something's not getting sent around right. AIM ends up failing around the same place that it does with the SSH trick, giving an error that it cannot contact the service.

Any more ideas? Is there a better way to do this? I don't really care as long as it works.

I think I need to take a good size break to clear my head.

John

-D is an option to OpenSSH to set up a SOCKS proxy. I didn't realize that existed until just now. Anyway, if you're not using OpenSSH on the local side, then it probably won't exist.

I'm guessing, though I have no low-level experience with AIM, that it might be trying to make other connections beyond the initial connection. That's a guess based on the symptoms you've presented. If that's true, then you'll have to find an AIM-specific proxy. You might also want to try using the TOC AIM protocol and see if that works. I think it's an option within GAIM.

I didn't realize the -D option was only in OpenSSH until Bitt mentioned it. So, I guess that's out, unless you want to switch over to OpenSSH, which might not be a bad idea.

Also, there are small proxies out there, like ReAIM, that are made specifically to be an AIM proxy. I've never tried any of them, but I'm sure one would work for you. Seems like more of a hassle than just getting OpenSSH, though.

I sounds like getting a real SOCKS proxy set up on the solaris machine might work then? I guess I'll try the Dante implementation next time I get some free time.

I tried finding a way to run OpenSSH on Windows, which got pretty nasty as I'd have to use cygwin, and I always have trouble with that kind of windows stuff, anyway.

OpenSSH recommends using PuTTY on Windows, but I don't think it has the "-D" functionality. Here's a screen shot:



I tried watching the AIM protocol with ethereal, but so much crap came by when I signed on that I didn't have time to battle with what was going on. I'll have to investige the TOC AIM protocol later.

It still seems like there should be an easier way to do this. Like with some kind of magical routing software or port forwarding or something.

Oh well, thanks for everyone's help.

I didn't realize the -D option was only in OpenSSH until Bitt mentioned it. So, I guess that's out, unless you want to switch over to OpenSSH, which might not be a bad idea.

Tried that (see above). OpenSSH doesn't work with windows unless you you cygwin and that's getting pretty nasty.

I'm still not sure I'm seeing how this works though. Can you explain how you have GAIM set up to use the tunnel? I don't see what options you'd put in. You must have done the -D trick, with SOCKS and localhost, or something. But how do things know to get to login.oscar.aol.com:5190? Do you specify that somewhere? Not seeing that.

Also, there are small proxies out there, like ReAIM, that are made specifically to be an AIM proxy. I've never tried any of them, but I'm sure one would work for you.

This might work, and that may be what I end up doing, as long as ReAIM can also handle AIM file transfers too. Then I'll have this for AIM and DeleGate for Http/Ftp. My game playing friends would be out of luck, as would kazaa users, but that's probably good for them anyway. Frustratingly complicated though.

John

I'm still not sure I'm seeing how this works though. Can you explain how you have GAIM set up to use the tunnel? I don't see what options you'd put in. You must have done the -D trick, with SOCKS and localhost, or something. But how do things know to get to login.oscar.aol.com:5190? Do you specify that somewhere? Not seeing that.

Come to think of it, I don't think I ever got it working using -L. I think that may be because it doesn't forward UDP traffic. With the -D option, you just specify the local port to connect to and it takes care of the rest, mimicing a SOCKS 4 proxy. As the man page for ssh says about the -D option:

-D Specifies a local ``dynamic'' application-level port forwarding.

             This works by allocating a socket to listen to port on the local

             side, and whenever a connection is made to this port, the connec-

             tion is forwarded over the secure channel, and the application

             protocol is then used to determine where to connect to from the

             remote machine.  Currently the SOCKS4 protocol is supported, and

             ssh will act as a SOCKS4 server.  Only root can forward privi-

             leged ports.  Dynamic port forwardings can also be specified in

             the configuration file.

it determines where to connect by refering to the original requset from the application.


Of course, none of that helps if you're not using OpenSSH. You can get Win32 binaries from here. I've just run through a quick test on one of my machines here, and using the -D option, with GAIM set to proxy to localhost on the port specified as a SOCKS4 proxy, works flawlessly.