用DNS隧道实现免费上网

大多数机场、酒店之类场所,当你输入一个网址比如www.google.com时,会弹出一个页面要你输入帐号密码才能上网。这个时候DNS能正确解析,但是上网要付费认证。

可以通过DNS隧道来实现免费上网。具体做法是:

(1)找一个支持DNS解析的域名,现在这类免费域名很多,比如tk的、co.cc的。假设该域名是

abc123.tk

(2)在tk的注册机构里,设置abc123.tk的NS服务器为你自己的主机(最好是Linux VPS),例如:

abc123.tk.     IN  NS  ns.abc123.tk.
ns.abc123.tk.  IN  A   74.81.81.81

(3)在74.81.81.81上,以root身份运行一个Perl脚本(这个脚本来自Dan Kaminsky的OzymanDNS包):

./nomde.pl -i 0.0.0.0 abc123.tk

上述脚本会侦听在UDP 53端口,接受DNS请求,并且只解析abc123.tk域。

(4)在客户机上(要求有ssh,最好是Linux系统),运行如下命令:

ssh -ND 7070 -o ProxyCommand=”./droute.pl sshdns.abc123.tk” user@localhost

上述ssh命令,-ND 7070表示在本机打开7070的socks
5代理端口。droute.pl是DNS隧道的客户端工具,同样来自于OzymanDNS包。sshdns是固定的主机名,加在域名abc123.tk前面。user是你在74.81.81.81上的登录名字,@localhost是固定的,不需要改(因为隧道过去后,就是74.81.81.81本机)。

运行上述ssh命令后,会提示输入密码。输入正确密码后,就和远程主机建立了ssh连接,获取到一个SSH终端。并且,在本机打开了7070的socks 5代理端口。配置浏览器使用这个代理端口,开始享受免费冲浪吧!

下文from: https://plenz.com/tunnel-everything.php

Tunnel Everything through SSH

This site remains here for legacy reasons and will not be updated! All the other articles are probably still available but not linked any more. Start page.

In this Tutorial I'll cover how you can tunnel any TCP traffic through an encrypted SSH connection or a SOCKS server, even if a certain program doesn't support proxying of connections natively.

The only requirement for SSH tunneling to work is a shell account on a machine connected to the internet (and, optionally, a HTTP Proxy server). I will refer to this account as your server (it doesn't matter if you may not become root).

Tunneling HTTP

In case you just want to tunnel HTTP traffic (to surf safely, to let the request appear to originate from a different IP and/or to not disclose HTTP clear text passwords to your LAN) best practise is to set up Privoxy on your server. By default, Privoxy binds to 127.0.0.1:8118 (thus only allowing connections from localhost), which is good for us. No configuration must be done for this.

The next step is to establish a tunnel from your computer to your server's Privoxy. That is done with the following SSH command:

ssh -NL 8118:localhost:8118 user@server

This command opens a tunnel on your computer: All connections to port 8118 will be forwarded (encrypted, of course) over the SSH connection and come out at your server's port 8118 (where Privoxy is running).

Once you have established the connection you will want to edit your browser's proxy settings accordingly. Just set the HTTP (and, with some browsers, the HTTPS) proxy to localhost, port 8118.

Advantages

The great advantage over SOCKS tunneling (see below) is, that even the DNS requests are made from your server. No-one on your LAN can gather information on what kind of site you're surfing. Another advantage is that Privoxy already filters out some advertisements and removes sensitive headers from your requests.

Tunneling Arbitrary Protocols (Dynamic Forward/SOCKS)

If you want to tunnel not just HTTP traffic but arbitrary other TCP protocols as well, a HTTP Proxy isn't adequate any more. Instead, you'll have to set up a SOCKS proxy. That also is possible with SSH:

Setting up the SSH proxy

Setting up the SSH SOCKS proxy is really easy. On your computer, just enter the following command:

ssh -ND 3333 user@server

That command establishes a connection to your server, logs in as user user (you'll have to enter your password though, of course) and then starts a little SOCKS proxy on your server.

On your computer, all connections to port 3333 will be forwarded over the secure SSH channel and will then be forwarded by the proxy to their destination.

Now you'll have to configure the program you want to connect through that tunnel to use localhost, port 3333 as it's SOCKS server (if you have the choice, select SOCKS version 5).

Not many programs support SOCKS proxy forwarding natively (hardly any CLI programs). But there is a workaround for that: tsocks. It enables arbitrary programs which don't support the SOCKS protocol natively to establish connections via a SOCKS server.

How tsocks works

On your computer, install the tsocks program.

I won't go into detail about how this program works, but it basically does the following:

  • Before the actual program is loaded tsocks loads its own shared library.
  • This library overwrites the kernel's connect() function and replaces it with its own.
  • Whenever the program tries to send a request the request is forwarded through your proxy server (and then over the secure tunnel).

All this is done through setting the environment variable LD_PRELOAD to /usr/lib/libtsocks.so.

The tsocks program itself is just a simple shell wrapper script. All the actual redirecting stuff is done via the library.

Editing the /etc/tsocks.conf

Now you'll have to edit the file /etc/tsocks.conf to relay all connections through your proxy. Open the file and delete all lines. Then enter just the following two lines:

server = 127.0.0.1
server_port = 3333

If you may not become root ...

... just enter the two lines from above into a file called .tsocks.conf and place it in your home directory. Then, write a little shell script:

#!/bin/sh

TSOCKS_CONF_FILE=$HOME/.tsocks.conf
export TSOCKS_CONF_FILE
exec tsocks "$@"

I call this script viaservername. Place this script in a directory contained in your $PATH and make it executable.

Tunneling Connections

For programs who natively support proxying connections (e.g. Mozilla Firefox) you can now set the proxy address to localhost port 3333. I don't recommend to do that for browsers; instead, use HTTP tunneling (see above).

All other programs which's connections you want to tunnel through your server are prefixed with tsocks. This would look like some of the following program calls (if you wrote a shell script, use that instead of tsocks):

tsocks dog http://www.google.com
tsocks netcat example.com 80
tsocks irssi -c irc.freenode.net -p 6667

If you call tsocks without parameters it executes a shell witht the LD_PRELOAD environment variable already set and exported. That means that every program called from this shell will be redirected through the external server and every subsehll started from this shell will also have the LD_PRELOAD variable set. So if you started tsocks directly after logging in all your traffic would be redirected through your external server.

Example

$ cat =myip
#!/bin/sh
lynx -dump http://tnx.nl/ip $ ssh -fND 3333 xxx@feh # -f: goes to background after prompting for password
xxx@feh.name's password: $ IP=`myip`; host $IP
Name: p54XXXX8B.dip.t-dialin.net
Address: 84.143.XXX.XXX $ IP=`tsocks myip`; host $IP
16:15:23 libtsocks(26802): Call to connect received on completed request 3
Name: feh.name
Address: 217.160.108.109

Have fun!

ssh tunnel 上网的更多相关文章

  1. 通过ssh tunnel连接内网ECS和RDS

    通过ssh tunnel连接内网ECS和RDS 这里讲了ssh tunnel的原理.很清晰. 此后又给外网访问内网增加了一种思路.感觉特别棒. 拓宽了思路:

  2. 2016-12-14 - SSH Tunnel

    2016-12-14 - SSH Tunnel ssh Network Topo Network Topo A: Internet sshd B: NAT sshd C: NAT B Create S ...

  3. windows SSH Tunnel实施日记

    1.准备条件:SSH跳板服务器一个.软件:Putty,CCProxy 2.putty建立SSH Tunnel:先在session那儿把服务器地址填好,到Tunnel界面上,选Dynamics和Auto ...

  4. Navicat 或者Java的JDBC通过SSH Tunnel连接MySQL数据库

    JDBC通过SSH Tunnel连接MySQL数据库 - 明明 - CSDN博客https://blog.csdn.net/a351945755/article/details/21782693 Na ...

  5. 使用ssh tunnel 来做代理或跳板

    接前文 http://www.cnblogs.com/piperck/p/6188984.html  使用ssh config配置文件来管理ssh连接 前文说了如何配置自己的ssh config 来方 ...

  6. navicat链接阿里云mysql报80070007: SSH Tunnel: Server does not support diffie-hellman-group1-sha1 for keyexchange

      http://www.jianshu.com/p/200572ed066c navicat 链接数据库 使用navicat 的ssh通道连接数据库回遇到权限问题 错误代码如下: 80070007: ...

  7. Navicat---使用SSH远程连接到MySql,报错80070007: SSH Tunnel: Server does not support diffie-hellman-group1-sha1 for keyexchange

    尝试使用Navicat远程连接到我在阿里云服务器上的MySql,通过SSH. 但是报错: 80070007: SSH Tunnel: Server does not support diffie-he ...

  8. [svc]通过ssh tunnel连接内网ECS和RDS

    问题背景: 一些ECS没有访问公网的需求,或是RDS出于安全考虑只允许内网访问.但是希望远程连接这些ECS或RDS进行管理时就会比较麻烦,一般可以通过选一台有公网的ECS搭建VPN的方法来解决这个问题 ...

  9. 使用putty进行ssh tunnel远程内网机器

    通常我们通过登录具有外网ip的远程机器来连接内网的机器:本文介绍,通过putty进行ssh tunnel,进而达到使用本机直接连接远程内网机器: 1,在putty中创建一个session,输入具有外网 ...

随机推荐

  1. JS form 表单收集 数据 formSerialize

    做后台系统的时候通常会用到form表单来做数据采集:每次一个字段一个字段的去收集就会很麻烦,网站也有form.js插件可以进行表单收集,并封装成一个对象,通过ajax方法传到后台:现在介绍一种直觉采集 ...

  2. ORACLE.错误码 ORA-12154 及Oracle客户端免安装版的设置

    .错误码 ORA-12154相信作为ORACLE数据库的开发人员没有少碰到“ORA-12154: TNS: 无法解析指定的连接标识符”,今天我也又碰到了类似的情况,将我的解决方法进行小结,希望能对碰到 ...

  3. ES6变量的解构赋值

    变量的解构赋值 1.数组的解构赋值 2.对象的解构赋值 3.字符串的解构赋值 4.数值和布尔值的解构赋值 5.函数参数的解构赋值 6.圆括号问题 7.用途 1.数组的解构赋值 ES6 允许写成下面这样 ...

  4. FlappyBird模拟(不完整版本)

    FlappyBird模拟(不完整版本) 准备材料 land地 sky天 pipe管道 bird小鸟 Land.js function Land(info) { this.x = info.x; thi ...

  5. json属性(Jackson)

    Jackson相关:使用Jackson相关的注解时一定要注意自己定义的属性命名是否规范. 命名不规范时会失去效果.(例如Ename ,Eage 为不规范命名.“nameE”,“ageE”为规范命名). ...

  6. Android中使用GoogleMap的地理位置服务

    写在前面:android中使用地理位置功能,可以借助Google给我们提供的框架,要是有地理位置功能,你需要引用Google Play Services,请在sdk manager中下载.如果你还要使 ...

  7. BeautifulSoup 库的使用记录

    BeautifulSoup 有何用途 如果我们需要通过脚本来抓取网络中的数据时,使用传统的字符解析等方法时是非常低效的,而BeautifulSoup则可以方便的通过接口来获取标签中所想要得到的数据.主 ...

  8. 开发一款合格的APP成本费用大概是多少?

    随着移动互联网的发展,APP开发已经成了当下最热门的话题.无数人都盼望做出下一个微信.滴滴打车等等神奇的APP软件.如今,APP开发门槛已经非常低,媒体上也充斥着各种小团队创造奇迹的故事.不过,APP ...

  9. 「CorelDRAW降价提醒」,您关注的商品已降价!

    不管是“光棍节”还是“剁手节” 似乎和我都没有什么关系 事实证明,我错了 今天,早上竟然有不识趣的人发红包祝我单身快乐 纳尼,有没有搞错? 我能直接怼回去,说不领么? 但好像又不是我的风格 哎,一个红 ...

  10. 347. 前K个高频元素

    题目描述 给定一个非空的整数数组,返回其中出现频率前 k 高的元素. 示例 1: 输入: nums = [1,1,1,2,2,3], k = 2 输出: [1,2] 示例 2: 输入: nums = ...