Setting up a proxy server at home
Update March 2010: You can now use the Google App Engine as a proxy server: http://lifehacker.com/5484934/run-your-own-free-proxy-through-the-google-app-engine
Why would you want a secure proxy server on your home machine?
There are several good reasons for a setup like this. The primary purpose is to encrypt your network traffic. You may want to hide your browsing or chatting from your employer OR something as benign as not wanting people to see your passwords when connected to a hotspot at your local $tarbuck$. When you are browsing through your home proxy server, whomever is 'sniffing' your netowork traffic can only see lots of random packets going to your home machine. Due to the nature of these programs, you should only set this up if you have a broadband router or other NAT device in front of your home network.
The following pre-requisites will make things a lot easier:
Doing this involves four steps:
All you have to do is launch puTTy and connect to your home machine whenever you wish to securely browse.
Why would you want a secure proxy server on your home machine?
There are several good reasons for a setup like this. The primary purpose is to encrypt your network traffic. You may want to hide your browsing or chatting from your employer OR something as benign as not wanting people to see your passwords when connected to a hotspot at your local $tarbuck$. When you are browsing through your home proxy server, whomever is 'sniffing' your netowork traffic can only see lots of random packets going to your home machine. Due to the nature of these programs, you should only set this up if you have a broadband router or other NAT device in front of your home network.
The following pre-requisites will make things a lot easier:
- Know your home machine's external IP address. For this, you'll need either a static IP address from your ISP *or* have a dynamic DNS client installed. For testing purposes, you can view it via http://www.whatismyip.com.
- Give your home workstation a static IP address on your home network. Open up a command prompt and type 'ipconfig /all' and note the current IP address, gateway, and DNS servers. Assign your computer a static IP address that is 50 more than its current dynamic IP (that's a safe bet since most home networks would never have >50 devices connected to it, even if the broadband router has a DHCP scope larger than that). Use the existing gateway & DNS servers.
- Know that your mom goes to college
Doing this involves four steps:
- Installing an SSH server on your home machine. SSH is an encrypted version of telnet which also allows a function called port forwarding. It's this port forwarding that allows you to redirect your network traffic through this proxy. SSH will also function as your authentication mechanism, keeping random people from being able to use your machine as a proxy.
- Installing a HTTP/Socks-5 proxy server on your home machine.
- Opening up the SSH port on your home firewall AND in WindowsXP's firewall (if it exists).
- Installing an SSH client with the appropriate port forwarding settings on your client machine (work machine, laptop, etc).
- Configuring each application to talk through the proxy
Step 1: Installing an SSH server on your home machine
- Download and install the SSHWindows installer from Sourceforge: http://sourceforge.net/project/showfiles.php?group_id=103886&package_id=111688, accepting all defaults.
- Open up a command prompt (start > run > cmd) and type the following:
cd\program files\openssh mkgroup -l >> etc\group mkpasswd -l -u %username% >> etc\passwd net start opensshd
That will create a local ssh user group and give the current logged in user the ability to log in (the password will be the same as your windows login password - if it's blank, change it to something harder!). It will then start the ssh server service.
Step 2: Installing SpoonProxy, a Windows proxy server
- Download spoonproxy: http://www.pi-soft.com/spoonproxy/index.shtml. It costs $19 for a 1-user home license, but there is a 30-day trial.
- Launch spoonproxy: Start > All Programs > Spoonproxy > spoonproxy. Spoonproxy's default configuration works just fine, so just minimize it.
Step 3: Opening up ports in Windows firewall & your broadband router
- If windows XP firewall is enabled, you need to open up the incoming SSH port. To do this, right-click on My Network Places and choose Properties. Now right-click on your primary network card and choose properties. Go to the Advanced tab and click on Settings under windows firewall. Click on the Exceptions tab and then 'Add Port'. Name: ssh Port number: 22 (TCP). Click OK, OK, OK.
- Now you must open up the port on your broadband router. To do this, most broadband routers have a web interface. I can't walk you through this because it's slightly different on every system. You want to tunnel external port 22 to the (internal) IP address of your home computer port 22.
Step 4: Installing puTTy, a Windows SSH client on your work computer or laptop
- Download puTTy: http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe.
- puTTy is a free SSH client that is a single executable; there is nothing to install. Save puTTy.exe to your desktop.
- Double-click on puTTy. First, scroll down the left column under Connections > SSH > Tunnels. From here, you need to add three ports to be forwarded. For Source Port, enter 80. For destination, type localhost:8080 then click on add
Do the same for what you see below: 443, localhost:8081 & 1080, localhost:1080. This forwards http, https, and socks-5.
- Now, go up to the top and click on Session. Under "host name or IP address", enter your home computer's external IP address or dynamic DNS name. Under 'saved sessions', type in "SSH home" and click on Save. This will save these connection settings
for everytime you want to connect to your home machine.
To connect, click on Open. You should be asked to accept the SSH certificate (choose 'Accept & Save'). Login using your home windows computer's login and password. You should then see a command prompt. You are now connected and set up to tunnel traffic - you can now minimize (don't close) puTTy. This session must remain open to proxy your web traffic.
Step 5: Configuring applications to go through the tunnel
- Firefox: I recommend configuring one browser (such as firefox) to always go through the proxy, leaving your other browser to browse your corporate intranet (or access
sites that you do not wish to proxy). Alternatively, you can simply tell firefox for which URLs to not use the proxy. In Firefox, go to Tools > Options > General > Connection Settings. Set up the HTTP and SSL connections as seen here:
You should now be browsing through your home machine. Remember, the speed will be limited to your home machine's upstream connection (since your home machine is essentially downloading the web page then re-uploading it to you). If you wish to test that it's working, close puTTy. You should now be unable to browse the 'net.
AIM and Yahoo both support SOCKS5 proxying. Simply go into the connection settings and enable socks5 proxying... server = localhost port = 1080 (default).
Done!
All you have to do is launch puTTy and connect to your home machine whenever you wish to securely browse.
Comments
hide public ip
Does this technique hide public IP address?
Putty Access denied error!
Server: Windows XP PC with direct ADSL connection
Client: Windows Vista behind corporative content blocking proxy
I set both computers as described on tutorial and everything runs smoothly until I try to connect from the client.
Putty runs, connects but when it prompts for password I keep getting "Access denied".
Is this a Vista error?
I'll make some more tests using Tunnelier.
not prompting for password..
I didn't have a password on my home computer, but I went back and added one after doing all this setup. Do I need to redo the command line prompts to get it to prompt me for a password upon connecting? Because I think the way the code was it should just use whatever my current windows password is right? (yes I rebooted too) The reason I bring this up is because when I get on my laptop and run Putty (the windows SSH client) and it brings up the terminal window to supposedly connect to the home machine, it doesn't prompt me for a password at all. So either it's completely unsecure, or it's completely non-functional and I don't know why.
Service is a NO-GO
I configured all the groups and user in the server bit... however the service itself will not startup... I use Win7RC1 if that's any help. ~there are ten kinds of people in the world.... .... those who understand binary and those who don't~
~there are ten
~there are ten kinds....
You mean 10 kinds
LOL ^_^
He's probably the other type!! :))
RE: Service is a NO GO
Don't worry, I fixed it! I simply used the ssh server bundled in Cygwin to handle my tunnel (follow instructions at http://chinese-watercolor.com/LRP/printsrv/cygwin-sshd.html)
ubuntu can't connect
I've been using this method on my windows machine at work for months now and it's worked great! However, I recently wanted to start using it on my ubuntu laptop when I travel and it doesn't connect for some reason. I use the same putty settings and I am able to log in to my home machine over ssh through putty. When I try to use the proxy for my browser it won't connect. I have the settings duplicated and the proxy still functions on my windows box. "Could not connect to proxy server. Access denied" is what I get when I setup the proxy settings to localhost etc... and try to access any site. I only seem to have this problem with ubuntu, though. Anyone have any ideas? Ubuntu is mostly a learning experience so I'm not terribly knowledgable yet and might be missing something obvious. Any help is appreciated.
Hamachi
Would you still need to use putty if you already are using Hamachi to create a LAN to your home computer?
Works fine for XP serving as
Works fine for XP serving as proxy and XP serving and client. But does NOT work for XP serving as proxy and Vista serving as client. Any work around or thoughts on this? Thanks.
Thanks!
Thanks! It worked and made for one very pleasant 3rd shift and I'm sure many more to come
What's with the 'Know that
What's with the 'Know that your mom goes to college' thing 0_o?
This For Sure Rocks!!!!!!!!!!!!!!!!!!
I followed the instructions exactly and it worked perfectly. Thanks man
working with Vista
I alread told HIM how to make this work with Visa, but he is blocking my addition here either automatically or deliberately. This just doesn't work with Vista guys without some little changes, but its pretty easy to fix. Maybe he will add the changes I gave him later.
opensshd
i did both commands (mkgroup and mkpasswd) and when i try to start openssh it tells me error 5 access denied.
u need to open ur command
u need to open ur command prompt as administrator -
go to start/all program/accessories/command promt - right click - run as administrator -
now it should work fine.
OpenSSH
Hi,
I'm not very technical, I installed the Openssh, I'm trying to follow the instructions for mkgroup and also mkpsswd commands, but that is where i'm not getting it. I'm using windows vista. Can someone please help me with more specific step by step instrucstions? I know, they do seem pretty specific, but I really feel like I'm not doing the right thing. My main goal is just trying to setup a proxy server to troubleshoot why I'm not able to log into yahoo messenger. They say that this is one of the troubleshooting steps I should try.
Thanks! This is the best write-up ever
I just got to the end of my 30 day trial of spoonproxy, and i'm so happy with how everything is working, i'm actually going to buy it, which is very unlike me. Your instructions worked perfectly. The only stumbling block (self inflicted, since you advised otherwise) was I usually don't have a password on windows, and until I changed to having one, I couldn't log in through putty. THANKYOU THANKYOU THANKYOU
Setting up a proxy server at home
I like your solution better than most. Its free, and its small. Worked great on XP but not on Visa.
I installed it as admin and I opened the command prompt as admin.
Then I did the following:
Got myself a new copy of cygwin.dll from a fresh copy of cygwin.
Then:
***Copy the cygwin1.dll file into \program files\openssh\bin
***overwrite the old .dll file
***When you install spoonproxy, it will work even though the console shows
***no traffic (just zeros)
Then...
cd\program files\openssh
mkgroup -l >> etc\group
mkpasswd -l -u %username% >> etc\passwd
net start opensshd
Now it works...
8e6 r3ooo
idk why but when i tried to get in to the thing it said connection unadvible....
nice
worked like a hummer
Easy to read guide
Thank you!!! This rocks and was easy to setup!
I have found interesting
I have found interesting sources and would like to give the benefit of my experience to you. I am tuning my pc by the best software for free, with the file search engine BecoMon May be you have your own experience and could give some useful sites too. Because this social site help me much.
Usage outside of the US?
Hi, thanks a lot for this article, it's exactly was I was looking for! I have already setup everything, but now I'm trying to connect to my OpenSSH server (located in the US) from my PUTTY laptop client being outside of the US, and it does not connect! Any ideas? I have already discarded any possibility that this may be due to problems with firewall or any other potential issue.
I have a quick question. How
I have a quick question. How do you log in if the password for the computer is blank as in it has no password? Do you just use the normal username log in and keep the password section blank? Is there a way to establish a pass for openssh by editing the passwd file? Like could i open it in notepad and make my own password? If so how? Thanks
Does not work
All I get is a "connection reset" page. These instructions are horrible. How to you configure spoon proxy, and where is it installed. Don't use terms like "home machine" that could mean anything.
Cannot figure out these instructions
I followed every step and all I get is blank screens or error messages on the browser. I can't figure out what the heck spoon proxy does or how to configure it. I'm trying to set up my home machine as a proxy behind my router and use it from work to browse. All of the instructions are set up as if you are at home, not at a remote computer, and you are using your home computer as a proxy. What is the advantage in doing that? All you are doing is sending web pages to yourself. Can you write the instructions as if you are at a remote computer trying to connect to your home computer behind the router?
advantage?
i can access internet at my work but not all website is accesible like youtube, facebook, blalala. even YM n MSN can login at work. I try search for free web proxy online but all the free proxy server was also blocked by the company. how to get my ass out and access all the website that i want? the last way that i think can solve my problem was this home proxy. since the company dont have my home ip in thier black list, so if i have proxy server install on my home computer, i can freely surf the blocked site through this home proxy like other blocked proxy. this is the BIGGEST ADVANTAGE for me since most of the proxy server on the internet is in the company's blacklist.
CMON!!!!
wow dude!!! omg! r u retarded!!! plz, u r supposed to do these things on ur home computer (or w/e comp u want to use as the proxy). except the part about putty!!! the part about putty u r supposed to do on, in ur case, the computer at work!!!!!
Vista :(
School recently implemented a 8e6 r3000, Filter. So i went through this tutorial and got everything installed to the best of my ability. Though because I was using Vista I believe that some of the steps went bad. I go to open Putty with all the ports and such open and correct. But it says fatal Error Network connection refused. help please?
How do I know I am using a proxy
First off I have an intermediate idea of what I'm doing: I'm not an advanced user, but I'm not a noob either. Point of the story is that when I check my IP at ip-address.com it says that i dont have a proxy setup: I don't want to be found: how do I change that?
Newsgroups
I can only connect to my ISP's newsgroup servers from within their network. How would I configure the tunnel to connect to the servers? I tried forwarding L119 to localhost:119. Am I missing something here?
Setting this up for world of warcraft and ventrillo
could you give me port numbers and all the info i need to set this up for world of warcraft and Ventrillo thanks Michael KB3NZQ
WoW and Vent Ports
WoW uses 3724 (TCP) to play and 6112 (TCP) for patching.
I'm not sure about Vent. Are you hosting a Vent server? Or are you just trying to connect to a Vent server?
~Legion (does not forgive, forget, etc.)
Fatal error: Connection timed out.
Putty gives me this when trying to connect to my proxy, have followed each step exactly and all seems to be set up correctly, apart from getting this error when trying to connect to it with putty. Any ideas? Thanks.
another way
i had to do something different to get mine to work. When configuring putty, I simply used Dynamic port 333 (you can use whatever port) and then on the browser config the only part i filled in was on the SOCKS part and I set it to localhost 333 (same port you used above) thats it. works great.
CMD error
when I type in "mkpasswd -d -u %usernam% >> etc\passwd" I get "could not find domain controller for this domain"
also when I use putty, I get the login window, I then type the user name, then the password prompt come up but when I type on the key board, no charcters register on the screen, this my have somthing to do with the cmd error, or they are being typed in but are invisiable.
any help would be greatly appreciated
thanks
Password "error"
The password isn't supposed to show up. PuTTY isn't malfunctioning in any way. Just type your password -- even if it doesn't show up -- and continue.
~Legion (does not forgive, forget, etc.)
P.S.: Check out my website by clicking on my name in the top-right corner of this post.
Answer for a moron
Open up a command prompt (start > run > cmd) and type the following:
Answer for a moron
He's using -d because he's on a domain, moron.
Pretty Sweet
Pretty cool tutorial. I may need to get a proxy set up for me though
Minor Suggestions
First, THANKS. This is exactly what I've been looking for. In your instructions above, "cd\program files\openssh" should be "cd\program files\openssh\bin" Also, it would probably be a Good Idea to create a non-Admin account to connect to remotely (maybe "sshuser" or "luser" ;-), in which case you'd need to "mkpasswd -l -u sshuser >> etc\passwd". You'll have to log into it once locally, first, before it'll work remotely. You might suggest using http://www.whatismyip.com to test that you're actually using the SSH tunnel and the proxy server (it should show your home IP, rather than the IP you're browsing from. SpoonProxy site says "So, for a small two machine home network, SpoonProxy is basically free." Sweet. Fx also has several usable proxy-switching add-ons, such as FoxyProxy Users should also keep in mind that the cache on the client machine may end up containing things you would not like found on your work machine. Hopefully this will be used to get to a site linked from places like /. or Deal Sites that are blocked for something lame like Web Banners. Again, many thanks!
Correction Correction
Firefox Proxy Add-ons
Just installed Fx Quick Proxy & Show MyIP. Quick Proxy is just the basics: Turn the proxy on/off. Show MyIP confirms I'm going through my proxy server.
verification?
Hi I have attempted your setup Kristopher and I think it is awesome. I installed and setup everything and even get a putty to connect to my remote computer at home and I can browse my home computer via the cmd like prompt of putty... only issue now is that when I configure firefox to go thru my proxy it just says connection timed out. the task bar at the bottom gives the indication that my browser is never even connecting with the website. I just get a "connecting to ..." notification. So either my spoonproxy is set up wrong, I miss configured my port forewarding, or what? I then installed freecap on my client machine at work and it opens firefox fine and webpages connect but is there a way to verify that it is going remotely thru my SSH tunnel and not using the companies proxy server?
I can't seem to
Connect using my main PC... it says connection timed out AND I can't type in a password into Putty when it asks for it :( and it won't go through if I set it not to have a password and press enter... says access denied
SOCKS5 connections
I set up the Proxy server as described and noticed after about an hour I had 7 different connections from different IP addresses. I am using CCProxy. Does anyone have an idea about what that means? Is someone scanning and using my proxy machine? thanks for any input..
Microsoft Windows XP
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\Documents and Settings\Jason>cd\program files\openssh C:\Program Files\OpenSSH>mkgroup -l >> etc\group 2 [main] ? 3068 _dll_crt0: internal error: couldn't determine location of thread function on stack. Expect signal problems. What am I doing wrong? Thanks
The problem is with SSH, it
The problem is with SSH, it doens't install without errors, so it has nothing to do with your tutorial.
I went with php proxy instead
Gaming
Is there a way that I can forward ports or something so that I can play games (Call of duty 4) online? I have set this up but am unable to connect to servers. Cod4 uses the port 28960 is there anyway i can p[en it up or something?
Post new comment