用DNS隧道实现免费上网

大多数机场、酒店之类场所,当你输入一个网址比如www.google.com时,会弹出一个页面要你输入帐号密码才能上网。这个时候DNS能正确解析,但是上网要付费认证。

可以通过DNS隧道来实现免费上网。具体做法是:

(1)找一个支持DNS解析的域名,现在这类免费域名很多,比如tk的、co.cc的。假设该域名是

abc123.tk

(2)在tk的注册机构里,设置abc123.tk的NS服务器为你自己的主机(最好是Linux VPS),例如:

abc123.tk.     IN  NS  ns.abc123.tk.
ns.abc123.tk.  IN  A   74.81.81.81

(3)在74.81.81.81上,以root身份运行一个Perl脚本(这个脚本来自Dan Kaminsky的OzymanDNS包):

./nomde.pl -i 0.0.0.0 abc123.tk

上述脚本会侦听在UDP 53端口,接受DNS请求,并且只解析abc123.tk域。

(4)在客户机上(要求有ssh,最好是Linux系统),运行如下命令:

ssh -ND 7070 -o ProxyCommand=”./droute.pl sshdns.abc123.tk” user@localhost

上述ssh命令,-ND 7070表示在本机打开7070的socks
5代理端口。droute.pl是DNS隧道的客户端工具,同样来自于OzymanDNS包。sshdns是固定的主机名,加在域名abc123.tk前面。user是你在74.81.81.81上的登录名字,@localhost是固定的,不需要改(因为隧道过去后,就是74.81.81.81本机)。

运行上述ssh命令后,会提示输入密码。输入正确密码后,就和远程主机建立了ssh连接,获取到一个SSH终端。并且,在本机打开了7070的socks 5代理端口。配置浏览器使用这个代理端口,开始享受免费冲浪吧!

下文from: https://plenz.com/tunnel-everything.php

Tunnel Everything through SSH

This site remains here for legacy reasons and will not be updated! All the other articles are probably still available but not linked any more. Start page.

In this Tutorial I'll cover how you can tunnel any TCP traffic through an encrypted SSH connection or a SOCKS server, even if a certain program doesn't support proxying of connections natively.

The only requirement for SSH tunneling to work is a shell account on a machine connected to the internet (and, optionally, a HTTP Proxy server). I will refer to this account as your server (it doesn't matter if you may not become root).

Tunneling HTTP

In case you just want to tunnel HTTP traffic (to surf safely, to let the request appear to originate from a different IP and/or to not disclose HTTP clear text passwords to your LAN) best practise is to set up Privoxy on your server. By default, Privoxy binds to 127.0.0.1:8118 (thus only allowing connections from localhost), which is good for us. No configuration must be done for this.

The next step is to establish a tunnel from your computer to your server's Privoxy. That is done with the following SSH command:

ssh -NL 8118:localhost:8118 user@server

This command opens a tunnel on your computer: All connections to port 8118 will be forwarded (encrypted, of course) over the SSH connection and come out at your server's port 8118 (where Privoxy is running).

Once you have established the connection you will want to edit your browser's proxy settings accordingly. Just set the HTTP (and, with some browsers, the HTTPS) proxy to localhost, port 8118.

Advantages

The great advantage over SOCKS tunneling (see below) is, that even the DNS requests are made from your server. No-one on your LAN can gather information on what kind of site you're surfing. Another advantage is that Privoxy already filters out some advertisements and removes sensitive headers from your requests.

Tunneling Arbitrary Protocols (Dynamic Forward/SOCKS)

If you want to tunnel not just HTTP traffic but arbitrary other TCP protocols as well, a HTTP Proxy isn't adequate any more. Instead, you'll have to set up a SOCKS proxy. That also is possible with SSH:

Setting up the SSH proxy

Setting up the SSH SOCKS proxy is really easy. On your computer, just enter the following command:

ssh -ND 3333 user@server

That command establishes a connection to your server, logs in as user user (you'll have to enter your password though, of course) and then starts a little SOCKS proxy on your server.

On your computer, all connections to port 3333 will be forwarded over the secure SSH channel and will then be forwarded by the proxy to their destination.

Now you'll have to configure the program you want to connect through that tunnel to use localhost, port 3333 as it's SOCKS server (if you have the choice, select SOCKS version 5).

Not many programs support SOCKS proxy forwarding natively (hardly any CLI programs). But there is a workaround for that: tsocks. It enables arbitrary programs which don't support the SOCKS protocol natively to establish connections via a SOCKS server.

How tsocks works

On your computer, install the tsocks program.

I won't go into detail about how this program works, but it basically does the following:

  • Before the actual program is loaded tsocks loads its own shared library.
  • This library overwrites the kernel's connect() function and replaces it with its own.
  • Whenever the program tries to send a request the request is forwarded through your proxy server (and then over the secure tunnel).

All this is done through setting the environment variable LD_PRELOAD to /usr/lib/libtsocks.so.

The tsocks program itself is just a simple shell wrapper script. All the actual redirecting stuff is done via the library.

Editing the /etc/tsocks.conf

Now you'll have to edit the file /etc/tsocks.conf to relay all connections through your proxy. Open the file and delete all lines. Then enter just the following two lines:

server = 127.0.0.1
server_port = 3333

If you may not become root ...

... just enter the two lines from above into a file called .tsocks.conf and place it in your home directory. Then, write a little shell script:

#!/bin/sh

TSOCKS_CONF_FILE=$HOME/.tsocks.conf
export TSOCKS_CONF_FILE
exec tsocks "$@"

I call this script viaservername. Place this script in a directory contained in your $PATH and make it executable.

Tunneling Connections

For programs who natively support proxying connections (e.g. Mozilla Firefox) you can now set the proxy address to localhost port 3333. I don't recommend to do that for browsers; instead, use HTTP tunneling (see above).

All other programs which's connections you want to tunnel through your server are prefixed with tsocks. This would look like some of the following program calls (if you wrote a shell script, use that instead of tsocks):

tsocks dog http://www.google.com
tsocks netcat example.com 80
tsocks irssi -c irc.freenode.net -p 6667

If you call tsocks without parameters it executes a shell witht the LD_PRELOAD environment variable already set and exported. That means that every program called from this shell will be redirected through the external server and every subsehll started from this shell will also have the LD_PRELOAD variable set. So if you started tsocks directly after logging in all your traffic would be redirected through your external server.

Example

$ cat =myip
#!/bin/sh
lynx -dump http://tnx.nl/ip $ ssh -fND 3333 xxx@feh # -f: goes to background after prompting for password
xxx@feh.name's password: $ IP=`myip`; host $IP
Name: p54XXXX8B.dip.t-dialin.net
Address: 84.143.XXX.XXX $ IP=`tsocks myip`; host $IP
16:15:23 libtsocks(26802): Call to connect received on completed request 3
Name: feh.name
Address: 217.160.108.109

Have fun!

ssh tunnel 上网的更多相关文章

  1. 通过ssh tunnel连接内网ECS和RDS

    通过ssh tunnel连接内网ECS和RDS 这里讲了ssh tunnel的原理.很清晰. 此后又给外网访问内网增加了一种思路.感觉特别棒. 拓宽了思路:

  2. 2016-12-14 - SSH Tunnel

    2016-12-14 - SSH Tunnel ssh Network Topo Network Topo A: Internet sshd B: NAT sshd C: NAT B Create S ...

  3. windows SSH Tunnel实施日记

    1.准备条件:SSH跳板服务器一个.软件:Putty,CCProxy 2.putty建立SSH Tunnel:先在session那儿把服务器地址填好,到Tunnel界面上,选Dynamics和Auto ...

  4. Navicat 或者Java的JDBC通过SSH Tunnel连接MySQL数据库

    JDBC通过SSH Tunnel连接MySQL数据库 - 明明 - CSDN博客https://blog.csdn.net/a351945755/article/details/21782693 Na ...

  5. 使用ssh tunnel 来做代理或跳板

    接前文 http://www.cnblogs.com/piperck/p/6188984.html  使用ssh config配置文件来管理ssh连接 前文说了如何配置自己的ssh config 来方 ...

  6. navicat链接阿里云mysql报80070007: SSH Tunnel: Server does not support diffie-hellman-group1-sha1 for keyexchange

      http://www.jianshu.com/p/200572ed066c navicat 链接数据库 使用navicat 的ssh通道连接数据库回遇到权限问题 错误代码如下: 80070007: ...

  7. Navicat---使用SSH远程连接到MySql,报错80070007: SSH Tunnel: Server does not support diffie-hellman-group1-sha1 for keyexchange

    尝试使用Navicat远程连接到我在阿里云服务器上的MySql,通过SSH. 但是报错: 80070007: SSH Tunnel: Server does not support diffie-he ...

  8. [svc]通过ssh tunnel连接内网ECS和RDS

    问题背景: 一些ECS没有访问公网的需求,或是RDS出于安全考虑只允许内网访问.但是希望远程连接这些ECS或RDS进行管理时就会比较麻烦,一般可以通过选一台有公网的ECS搭建VPN的方法来解决这个问题 ...

  9. 使用putty进行ssh tunnel远程内网机器

    通常我们通过登录具有外网ip的远程机器来连接内网的机器:本文介绍,通过putty进行ssh tunnel,进而达到使用本机直接连接远程内网机器: 1,在putty中创建一个session,输入具有外网 ...

随机推荐

  1. BZOJ 2794 DP

    思路: 考虑把询问离线 按照m排序 物品按照a排序 f[i]表示c[j]的和到i b的最大值 背包就好 O(nk)竟然能过-- //By SiriusRen #include <cstdio&g ...

  2. 用 JS + LeanCloud 给网页添加数据库(留言功能)

    记录给自己网页添加留言功能的过程. 使用工具:LeanCloud,一个自带数据库和增删改查(CRUD)功能的后台系统. 1 在JS中引入LeanCloud官方库 在LeanCloud注册并添加应用的步 ...

  3. [Offer收割]编程练习赛39

    公平分队 #pragma comment(linker, "/STACK:102400000,102400000") #include<stdio.h> #includ ...

  4. Kotlin基础语法:变量、函数、类、枚举、控制流

    一切都需要从基础学起! 前言: 在Kotlin语言中,没有分号的概念了,也就是每一行代码,都不在需要用分号结束了 点击查看代码 定义 常量:val --相当于java当中的final 变量:var 关 ...

  5. 关于电脑安装新硬盘,出现无法是识别设备,03F0问题解答。

    问题说明:在添加新的硬盘,切确定硬盘没有坏的情况下,无法识别出新的硬盘. 解决方案: 1.检查bios系统里的安全模式,是否处于开启中.因为在windows 8.1以上的版本中,不开启的情况下只能读取 ...

  6. Photoshop扣除特定颜色背景

    步骤:打开ps--打开图片---选择--选择色彩范围---取样颜色(用吸管选定颜色)-- ( )再按delete键删除--点击文件--点击储存为PSD. 这样就抠除了特定范围色彩内的背景.

  7. Stanford概率图模型: 第一讲 有向图-贝叶斯网络

    原文链接(系列):http://blog.csdn.net/yangliuy/article/details/8067261 概率图模型(Probabilistic Graphical Model)系 ...

  8. 使用jquery获取css的top和left属性

    使用jquery获取css的top和left属性 因为left和top也都是普通的css属性所以可以使用如下代码来获取 var left = $('#test').css('left'); var t ...

  9. 路飞学城Python-Day107

    88-Ajax简介 Ajax是前端的JS技术,目前向服务器发送请求是通过1.向浏览器的地址栏发送请求的方式:2.form表单的请求方式是两种get和post方式:3.a标签的href属性对接地址 是一 ...

  10. iptables防火墙和selinux

    iptables 存在以下两种方式: 一.service方式 查看防火墙状态: [root@centos6 ~]# service iptables status iptables:未运行防火墙 开启 ...