I saw on reddit that someone made a BSD server to have websites unblocked at their school, How can I do this?

elicannon

New Member


Messages: 6

According to the reddit post, the kid made a server, and used ssh to connect to it. He had a version of firefox that ran on the chromebooks/PCs on a flashdrive that routed the requests to the BSD server rather than the schools dns filter.
ssh.PNG


I have putty connected, the firefox and flashdrive is all that i need, Thanks for your help!
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,085
Messages: 33,642

Nothing to do really, just use the dynamic port forwarding of SSH and configure your browser to use that port as a SOCKS5 proxy.
 

Zirias

Aspiring Daemon

Reaction score: 460
Messages: 961

Probably not worth even trying, modern filtering solutions have DPI firewalls in place and will block SSH (exactly because it can be used to tunnel anything). What could still work is tunneling through https with something like HTTunnel, but that would be pretty slow and a bit more complicated to set up. All of this has nothing to do with FreeBSD.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,085
Messages: 33,642

Probably not worth even trying, modern filtering solutions have DPI firewalls in place and will block SSH (exactly because it can be used to tunnel anything).
Don't need a DPI firewall for this, just block all outgoing connections and force everyone through a proxy for web access. But you'd be surprised how often regular workstations have full, unfettered, access to the outside world.
 
OP
E

elicannon

New Member


Messages: 6

Im new to ssh and port forwarding. I have expirance in creating websites so i do have some knowledge.

so i use this example:
Code:
ssh –L 5901:188.17.0.5:4492 pnap@ssh.server.com
https uses 433, so i will change 5901 to 433. and then i change the rest to the IP of my server and the port?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,085
Messages: 33,642

You got the gist of it. Yes, you could do that. But the downside is that it only works for that particular website you're forwarding to. Quite useful in many cases. In this case however, you'll want to do something like ssh -D 8080 myuser@myserver.example.com. Then configure your browser to use a SOCKS5 proxy on localhost port 8080 (assuming the browser and the SSH session run on the same computer). The browser's proxy settings will direct the traffic through the tunnel and out the receiving end (myserver.example.com).
 

mjollnir

Aspiring Daemon

Reaction score: 269
Messages: 658

These tips are only for legal use, or e.g. to cope with restrictions under a dictatorship. Do not use that to escape your schools internet rules, right?
 

Aeterna

New Member

Reaction score: 6
Messages: 19

I don't know about legality of this. Anyway, it is easy way to avoid censorship (tested in quite restrictive environment). Tor is rather visible and always will get scrutiny.
To make it short: hide traffic in https. In contrast to ssh (as in the case of tor), it is very difficult to monitor, detect and block (https is quite general protocol).
 
OP
E

elicannon

New Member


Messages: 6

Have a look at nomadBSD
Ight ill look at it
as for legal stuff, i mean what will the school do about it. I singed something that said that i will abide by the rules, but i mean i am not at the age where i can legally sign something. ALSO uh yeah everyone bypasses the filter and it will just be epic this way
 

mjollnir

Aspiring Daemon

Reaction score: 269
Messages: 658

as for legal stuff, i mean what will the school do about it. I singed something that said that i will abide by the rules, but i mean i am not at the age where i can legally sign something. ALSO uh yeah everyone bypasses the filter and it will just be epic this way
De jure, you might not have full legal empowerment. But still you can sign some - not all - contracts. Anyway, IMHO it's much more important your school tells you which & why content is inaccessible. You're gifted with a brain to think, and if you decide e.g. to watch inter-species sex, well, if that thrills you, that's your decision... :-/
Did you read the man page of ssh(1) & the chapter in the handbook? A user name of server is fairly unusual... maybe you mixed things up?
 
OP
E

elicannon

New Member


Messages: 6

De jure, you might not have full legal empowerment. But still you can sign some - not all - contracts. Anyway, IMHO it's much more important your school tells you which & why content is inaccessible. You're gifted with a brain to think, and if you decide e.g. to watch inter-species sex, well, if that thrills you, that's your decision... :-/
Did you read the man page of ssh(1) & the chapter in the handbook? A user name of server is fairly unusual... maybe you mixed things up?
i aint into that stuff gladly. anyways yeah i made a new user account, but the root password isnt working and the display is showing no signal
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 9,085
Messages: 33,642

also i got this error
That is not an error. Whenever you make a new connection to a server (or any other machine), you're asked to validate the signature to positively identify the server you're connecting to. Once you accepted the signature it will be stored in ~/.ssh/known_hosts. The next time you connect to that machine the signature will be compared with the stored one from known_hosts. If the signatures don't match ssh(1) will scream bloody murder warning you somebody may be trying to hijack your connection. It is an extra validation check to make sure you're connecting to the right machine.
 

olli@

Aspiring Daemon
Developer

Reaction score: 538
Messages: 583

Don't need a DPI firewall for this, just block all outgoing connections and force everyone through a proxy for web access.
In that case you can still tunnel ssh (and thus anything) through the proxy using CONNECT. See the -X and -x options of nc(1) and the ProxyCommand setting in ssh_config(5). Been there, done that.

However, modern corporate proxies often prevent that, for example by transparently intercepting the HTTPS traffic using MITM methods.
 
Top