Why would you want a secure proxy server on your home machine?
There are several good reasons for a setup like this. The primary purpose is to encrypt your network traffic. You may want to hide your browsing or chatting from your employer OR something as benign as not wanting people to see your passwords when connected to a hotspot at your local $tarbuck$. When you are browsing through your home proxy server, whomever is 'sniffing' your netowork traffic can only see lots of random packets going to your home machine. Due to the nature of these programs, you should only set this up if you have a broadband router or other NAT device in front of your home network.
The following pre-requisites will make things a lot easier:
- Know your home machine's external IP address. For this, you'll need either a static IP address from your ISP *or* have a dynamic DNS client installed. For testing purposes, you can view it via http://www.whatismyip.com.
- Give your home workstation a static IP address on your home network. Open up a command prompt and type 'ipconfig /all' and note the current IP address, gateway, and DNS servers. Assign your computer a static IP address that is 50 more than its current dynamic IP (that's a safe bet since most home networks would never have >50 devices connected to it, even if the broadband router has a DHCP scope larger than that). Use the existing gateway & DNS servers.
- Know that your mom goes to college
Doing this involves four steps:
- Installing an SSH server on your home machine. SSH is an encrypted version of telnet which also allows a function called port forwarding. It's this port forwarding that allows you to redirect your network traffic through this proxy. SSH will also function as your authentication mechanism, keeping random people from being able to use your machine as a proxy.
- Installing a HTTP/Socks-5 proxy server on your home machine.
- Opening up the SSH port on your home firewall AND in WindowsXP's firewall (if it exists).
- Installing an SSH client with the appropriate port forwarding settings on your client machine (work machine, laptop, etc).
- Configuring each application to talk through the proxy
Step 1: Installing an SSH server on your home machine
- Download and install the SSHWindows installer from Sourceforge: http://sourceforge.net/project/showfiles.php?group_id=103886&package_id=111688, accepting all defaults.
- Open up a command prompt (start > run > cmd) and type the following:
cd\program files\openssh mkgroup -l >> etc\group mkpasswd -l -u %username% >> etc\passwd net start opensshd
That will create a local ssh user group and give the current logged in user the ability to log in (the password will be the same as your windows login password - if it's blank, change it to something harder!). It will then start the ssh server service.
Step 2: Installing SpoonProxy, a Windows proxy server
- Download spoonproxy: http://www.pi-soft.com/spoonproxy/index.shtml. It costs $19 for a 1-user home license, but there is a 30-day trial.
- Launch spoonproxy: Start > All Programs > Spoonproxy > spoonproxy. Spoonproxy's default configuration works just fine, so just minimize it.
Step 3: Opening up ports in Windows firewall & your broadband router
- If windows XP firewall is enabled, you need to open up the incoming SSH port. To do this, right-click on My Network Places and choose Properties. Now right-click on your primary network card and choose properties. Go to the Advanced tab and click on Settings under windows firewall. Click on the Exceptions tab and then 'Add Port'. Name: ssh Port number: 22 (TCP). Click OK, OK, OK.
- Now you must open up the port on your broadband router. To do this, most broadband routers have a web interface. I can't walk you through this because it's slightly different on every system. You want to tunnel external port 22 to the (internal) IP address of your home computer port 22.
Step 4: Installing puTTy, a Windows SSH client on your work computer or laptop
- Download puTTy: http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe.
- puTTy is a free SSH client that is a single executable; there is nothing to install. Save puTTy.exe to your desktop.
- Double-click on puTTy. First, scroll down the left column
under Connections > SSH > Tunnels. From here, you need to add
three ports to be forwarded. For Source Port, enter 80. For destination, type localhost:8080 then click on add
Do the same for what you see below: 443, localhost:8081 & 1080, localhost:1080. This forwards http, https, and socks-5.
- Now, go up to the top and click on Session. Under "host name
or IP address", enter your home computer's external IP address or
dynamic DNS name. Under 'saved sessions', type in "SSH home" and click
on Save. This will save these connection settings
for everytime you want to connect to your home machine.
To connect, click on Open. You should be asked to accept the SSH certificate (choose 'Accept & Save'). Login using your home windows computer's login and password. You should then see a command prompt. You are now connected and set up to tunnel traffic - you can now minimize (don't close) puTTy. This session must remain open to proxy your web traffic.
Step 5: Configuring applications to go through the tunnel
- Firefox: I recommend configuring one browser (such as firefox) to
always go through the proxy, leaving your other browser to browse your
corporate intranet (or access
sites that you do not wish to proxy). Alternatively, you can simply
tell firefox for which URLs to not use the proxy. In Firefox, go to
Tools > Options > General > Connection Settings. Set up the
HTTP and SSL connections as seen here:
You should now be browsing through your home machine. Remember, the speed will be limited to your home machine's upstream connection (since your home machine is essentially downloading the web page then re-uploading it to you). If you wish to test that it's working, close puTTy. You should now be unable to browse the 'net.
AIM and Yahoo both support SOCKS5 proxying. Simply go into the connection settings and enable socks5 proxying... server = localhost port = 1080 (default).
Done!
All you have to do is launch puTTy and connect to your home machine whenever you wish to securely browse.
No comments:
Post a Comment