Panix Help: Secure port forwarding

Panix - Public Access
Networks Corporation

SSH Tunneling

If you need information about setting up ssh and obtaining the public keys for the Panix user hosts, please see www.panix.com/help/ssh.html.

Introduction

How to set up SSH port forwarding to Panix for Web proxying

Using SSH port forwarding to send email

Introduction

What is Secure Port Forwarding?

If you're interested enough to read this page, you're probably using a Secure Shell connection to Panix already. So you're at least familiar with the value of a secure, encrypted connection.

Secure Port Forwarding lets you use that SSH connection for things besides straight UNIX shell sessions: things like Web browsing, email, and FTP.

What's it used for?

Usually, (for example) a Web connection goes directly from your computer to the Web server; but with Secure Port Forwarding, you connect to the Web server through the SSH link. This accomplishes two things:

Security and privacy: Between you and Panix, your requests (and the Web pages) are transferred over an encrypted link. This makes it much harder for nasty people to listen in and grab your Web passwords, or spy on your browsing session.
Access through firewalls: If your Internet provider blocks connections to some ports on some servers, you can gain access to those ports by way of an SSH connection to Panix. Your computer will connect to Panix, and then Panix will connect to your destination. So, as long as Panix doesn't have your destination blocked, you'll be able to get there.

How to set up SSH port forwarding to Panix for Web proxying

First, you need to have a working SSH connection to Panix. You also need to use an SSH client program that supports Port Forwarding. (We recommend OpenSSH for UNIX or Mac OS X, TTSSH and PuTTY for Windows, or MacSSH for Mac OS 9. We've tested all of those; you're on your own if you use something other.)
Make sure your Web browser will accept a proxy server address. Modern browsers (Netscape 4 and up, IE 4 and up, Opera 4 and up all do this, so it shouldn't be a problem.)
Create an SSH connection to Panix, and then open the port forwarding section of your SSH session. Set up a "local" type forwarded port, with these settings:
```
      Local port:  9000
      Remote server:  127.0.0.1      Remote port:  8008
```
(Panix maintains Privoxy web-proxy service on port 8008 of all our userhosts. If you want "ad-blocking" too, use remote port 8118 instead.)
Save your session with the new forwarded port, so you can create a "favorite" or shortcut later.
Connect to Panix with your port-forwarded SSH session. Now your local port 9000 is hooked up to Privoxy on Panix, and ready to use. (The local port doesn't have to be 9000, it can be any unprivileged port that you're not using for other purposes. If you are setting up more than one proxy, you'll need a separate session, with a different port number, for each.)
Open your Web browser, go to the "preferences" or "options" section, and look for the "proxies" category. Enter the following under "HTTP" and "HTTPS": Proxy server: 127.0.0.1 Port: 9000 This will redirect your Web browser so it goes through the tunnel.
You should be able to surf now, regardless of firewall restrictions.

Sending email through an SSH tunnel

Users of some high-speed connections may discover that even when they use Panix's SMTP server, their outbound message headers include node information that causes some spam filters to reject their email.

You can avoid including headers from elsewhere using SSH proxying to send mail directly from the userhosts. The instructions are similar to those for web proxying, above, with appropriate modification of the port.

Create an ssh connection to Panix and open port forwarding. You need to set up a "local" forwarded port with these settings:
```
      Local port:  9000 Remote server:  mail.panix.com      Remote port:  25
```
(Port 25 is the standard port for SMTP.)
Connect to Panix with your port-forwarded SSH session. Now your local port 9000 is hooked up to the SMTP port on Panix's shell host.
(The local port doesn't have to be 9000, it can be any unprivileged port that you're not using for other purposes. If you are setting up more than one proxy, you'll need a separate session, with a different port number, for each.)
Point your mail program at 127.0.0.1 port 9000 for SMTP through the tunnel.

For details on setting up specific SSH or Web browsing software, refer to the documentation for that program.

webmaster@panix.com | Last modified: Monday, 06-Feb-2006 17:45:14 EST

[ Panix Home ] [ Security Help ] [ Help System Index ] [ Top of This Page ]