Setting up a proxy server at home
Update March 2010: You can now use the Google App Engine as a proxy server: http://lifehacker.com/5484934/run-your-own-free-proxy-through-the-google-app-engine
Why would you want a secure proxy server on your home machine?
There are several good reasons for a setup like this. The primary purpose is to encrypt your network traffic. You may want to hide your browsing or chatting from your employer OR something as benign as not wanting people to see your passwords when connected to a hotspot at your local $tarbuck$. When you are browsing through your home proxy server, whomever is 'sniffing' your netowork traffic can only see lots of random packets going to your home machine. Due to the nature of these programs, you should only set this up if you have a broadband router or other NAT device in front of your home network.
The following pre-requisites will make things a lot easier:
Doing this involves four steps:
All you have to do is launch puTTy and connect to your home machine whenever you wish to securely browse.
Why would you want a secure proxy server on your home machine?
There are several good reasons for a setup like this. The primary purpose is to encrypt your network traffic. You may want to hide your browsing or chatting from your employer OR something as benign as not wanting people to see your passwords when connected to a hotspot at your local $tarbuck$. When you are browsing through your home proxy server, whomever is 'sniffing' your netowork traffic can only see lots of random packets going to your home machine. Due to the nature of these programs, you should only set this up if you have a broadband router or other NAT device in front of your home network.
The following pre-requisites will make things a lot easier:
- Know your home machine's external IP address. For this, you'll need either a static IP address from your ISP *or* have a dynamic DNS client installed. For testing purposes, you can view it via http://www.whatismyip.com.
- Give your home workstation a static IP address on your home network. Open up a command prompt and type 'ipconfig /all' and note the current IP address, gateway, and DNS servers. Assign your computer a static IP address that is 50 more than its current dynamic IP (that's a safe bet since most home networks would never have >50 devices connected to it, even if the broadband router has a DHCP scope larger than that). Use the existing gateway & DNS servers.
- Know that your mom goes to college
Doing this involves four steps:
- Installing an SSH server on your home machine. SSH is an encrypted version of telnet which also allows a function called port forwarding. It's this port forwarding that allows you to redirect your network traffic through this proxy. SSH will also function as your authentication mechanism, keeping random people from being able to use your machine as a proxy.
- Installing a HTTP/Socks-5 proxy server on your home machine.
- Opening up the SSH port on your home firewall AND in WindowsXP's firewall (if it exists).
- Installing an SSH client with the appropriate port forwarding settings on your client machine (work machine, laptop, etc).
- Configuring each application to talk through the proxy
Step 1: Installing an SSH server on your home machine
- Download and install the SSHWindows installer from Sourceforge: http://sourceforge.net/project/showfiles.php?group_id=103886&package_id=111688, accepting all defaults.
- Open up a command prompt (start > run > cmd) and type the following:
cd\program files\openssh mkgroup -l >> etc\group mkpasswd -l -u %username% >> etc\passwd net start opensshd
That will create a local ssh user group and give the current logged in user the ability to log in (the password will be the same as your windows login password - if it's blank, change it to something harder!). It will then start the ssh server service.
Step 2: Installing SpoonProxy, a Windows proxy server
- Download spoonproxy: http://www.pi-soft.com/spoonproxy/index.shtml. It costs $19 for a 1-user home license, but there is a 30-day trial.
- Launch spoonproxy: Start > All Programs > Spoonproxy > spoonproxy. Spoonproxy's default configuration works just fine, so just minimize it.
Step 3: Opening up ports in Windows firewall & your broadband router
- If windows XP firewall is enabled, you need to open up the incoming SSH port. To do this, right-click on My Network Places and choose Properties. Now right-click on your primary network card and choose properties. Go to the Advanced tab and click on Settings under windows firewall. Click on the Exceptions tab and then 'Add Port'. Name: ssh Port number: 22 (TCP). Click OK, OK, OK.
- Now you must open up the port on your broadband router. To do this, most broadband routers have a web interface. I can't walk you through this because it's slightly different on every system. You want to tunnel external port 22 to the (internal) IP address of your home computer port 22.
Step 4: Installing puTTy, a Windows SSH client on your work computer or laptop
- Download puTTy: http://the.earth.li/~sgtatham/putty/latest/x86/putty.exe.
- puTTy is a free SSH client that is a single executable; there is nothing to install. Save puTTy.exe to your desktop.
- Double-click on puTTy. First, scroll down the left column under Connections > SSH > Tunnels. From here, you need to add three ports to be forwarded. For Source Port, enter 80. For destination, type localhost:8080 then click on add
Do the same for what you see below: 443, localhost:8081 & 1080, localhost:1080. This forwards http, https, and socks-5.
- Now, go up to the top and click on Session. Under "host name or IP address", enter your home computer's external IP address or dynamic DNS name. Under 'saved sessions', type in "SSH home" and click on Save. This will save these connection settings
for everytime you want to connect to your home machine.
To connect, click on Open. You should be asked to accept the SSH certificate (choose 'Accept & Save'). Login using your home windows computer's login and password. You should then see a command prompt. You are now connected and set up to tunnel traffic - you can now minimize (don't close) puTTy. This session must remain open to proxy your web traffic.
Step 5: Configuring applications to go through the tunnel
- Firefox: I recommend configuring one browser (such as firefox) to always go through the proxy, leaving your other browser to browse your corporate intranet (or access
sites that you do not wish to proxy). Alternatively, you can simply tell firefox for which URLs to not use the proxy. In Firefox, go to Tools > Options > General > Connection Settings. Set up the HTTP and SSL connections as seen here:
You should now be browsing through your home machine. Remember, the speed will be limited to your home machine's upstream connection (since your home machine is essentially downloading the web page then re-uploading it to you). If you wish to test that it's working, close puTTy. You should now be unable to browse the 'net.
AIM and Yahoo both support SOCKS5 proxying. Simply go into the connection settings and enable socks5 proxying... server = localhost port = 1080 (default).
Done!
All you have to do is launch puTTy and connect to your home machine whenever you wish to securely browse.
Comments
help me plz....
im in the philippines can i request how to configure my broadband for proxies....thankz.....
Solution for use with HULU (possible)
This is a theory that should work for HULU outside the US provided your server is in the USA and your client computer temporarily does the following port-blocking. It takes advantage of a fail-over feature built into flash. while using this proxy config and watching HULU: Block destination ports 80, 1935 and 443 on the client and connect to your SOCKS proxy. Use a port blocker like Emsa Port Blocker to block those ports temporarily while using putty as a SOCKS proxy should cause flash to fail-over to the ports you have manually entered into FIREFOX or IE or whatever you are using with this proxy. Can someone test to see if this works? I'm not in a position to test this, since I'm in the USA. I would love to know this works for me so that next time I travel I'm all set for HULU.
Proxy settings
Hello! I have set up a proxy server as per your detailed instructions and configured the Mozilla browser for Manual proxy settings with the parameters given in your site.. When I open PuTTy, before opening an Internet session, and fill in my external IP address and "SSH home" , I do get the Command Prompt asking for my user name and PW for logging on the session. So the Proxy Server should be working. However, when I try to connect to the Internet, I get the " server not found message " .Finally, I discovered that the Internet kicks in only if I check the " autodetect proxy settings" box in the Mozilla options, instead of the " manual " box. Is this normal? Does it mean that my proxy server is setup correctly and functions well? The reason why I wanted to set up a Proxy Server is that recently I got warned by my ISP here in Canada that a U.S. company had tracked my IP address in connection with a Torrent d/load . I am not a heavy user of Torrent d/loads, but for the few times I might do this, as most of us do , I wouldn't want to have any untoward consequences, even though this is not, ( or not as yet!) illegal here in Canada. I just wanted to make sure that the Proxy Server I have set up works well, even though I do not expect to be... 100% invisible. I'd appreciate your comments Thank you Ittiandro
OK - I'll tell you why I'm laughing
This proxy setup can't really be used for the purpose you described. Answer to your question: Your configuration is broken, but I think you knew that already (-;
HAHA - Anyone guess why I'm laughing?
HAHA - Anyone guess why I'm laughing?
trouble
hey i cant seem to download spoonproxy or putty of the link you gave i dont understand why but it just gives me a black tab with the url typed in :S any idea why and how i can get round it? thanks
trouble
hey i cant seem to download spoonproxy or putty of the link you gave i dont understand why but it just gives me a black tab with the url typed in :S any idea why and how i can get round it? thanks
connection timed out
I set up the whole thing just like it is shown but when i hit open in puTTY it shows a terminal window and sits like that for about 20 seconds then says connection timed out. BTW im using ubuntu and the host is XP.
you are lucky - I have an
you are lucky - I have an answer.... when u run putty in UBUNTU, don't just click the putty icon. The connection is handled at the SU level. So, open a terminal window. Type sudo putty. Give your password. Login to your host. Then minimize all that and use firefox (not the system proxy settings). Should work fine. I'm using it now!
THANK YOU. That's all but you should know you are appreciated.
Finally, someone who know's how to put together a knowledgeable and informative step by step process on how networks evolved and can be utilized and can be customized.
I am trying to learn how to set up my own home network. I'm not a newbie, with regards to computers but the number of acronyms and protocols settings etc can leave one baffled and intimidated to even attempt it.
I want to set up a proxy so that I can attempt to STREAM my favourite radio station to my PSP.
I am currently using internet radio and don't like their stations.
This web sites has made me think... I CAN do this.
YOU my friend. Take the apprehension from even trying to do this. Thanks.
I have bookmarked your site and passed it on to my brother.
Bruce Hobson
Need advice
hi, I have a question here. Assume that i am using a proxy. I heard that if i visit a website that using https web page, or the website using JAVA, then the webmaster can be track my real ip. If i using your method above, the webmaster can also track my real ip? Thanks, Rex
Script - java or flash - can
Script - java or flash - can get outside your proxy. HULU is a prime example. To encapsulate everything, for sure, only a VPN will do. However, unless you are on the run from authorities (haha - I hope) this spoon/putty proxy works 99% of the time.
Hey friend, i need your help
Please e-mail anytime you can, with a solution for a proxy on windows vista, with the same steps listed as u did here, i believe u have done a great job with this tool kit. If is possible and it doesn't affect you and your spare time in any way, i please ask you one more time to help me. i would truly appreciate your help
Sending you the files you need
Post an email address here in the comment section so I know a way to reply. I'll zip up everything you need
to fix this little vista hickup and send it to you.
P.S. Another work around is to install XP in a virtual machine and follow the instructions exactly as he has already posted.
I've done both ways with equal success.
Anyway. Put your email here, you will get you files in the mail.
No reason I shouldn't share.
Jim
Windows Vista Workaround
Hello, may you send me the windows Vista workaround? i'm trying to solve the problem in vista too.
Thank you
unless someone is going to
unless someone is going to ACTUALLY leave me an email address to mail the vista work-around to, I can only suggest you run win xp in a VM in vista - That also works well for me and requires no special steps... Other than creating the VM and understanding its mechanics...
You need to use a file from cygin
I have posted the cure for the vista install on several occasions. I'm not sure why, but the SSH files need to be replaced from the most recent release of cygin. To make it all easy, I have already written a quick how too and even removed the key files to make install simple. To put it simply, after u manually replace a couple of files, the install is same. Works fine. He has my email. If he emails me, I'll send him the files and he can post them where ever he likes.
windows 7
I just could not make it in windows 7 woked for 3 hours tring to install it in windows 7... but after giving up on windows 7 , I set in windows xp in 30 min (including router port forwarding)
hide public ip
Does this technique hide public IP address?
Putty Access denied error!
Server: Windows XP PC with direct ADSL connection
Client: Windows Vista behind corporative content blocking proxy
I set both computers as described on tutorial and everything runs smoothly until I try to connect from the client.
Putty runs, connects but when it prompts for password I keep getting "Access denied".
Is this a Vista error?
I'll make some more tests using Tunnelier.
not prompting for password..
I didn't have a password on my home computer, but I went back and added one after doing all this setup. Do I need to redo the command line prompts to get it to prompt me for a password upon connecting? Because I think the way the code was it should just use whatever my current windows password is right? (yes I rebooted too) The reason I bring this up is because when I get on my laptop and run Putty (the windows SSH client) and it brings up the terminal window to supposedly connect to the home machine, it doesn't prompt me for a password at all. So either it's completely unsecure, or it's completely non-functional and I don't know why.
Service is a NO-GO
I configured all the groups and user in the server bit... however the service itself will not startup... I use Win7RC1 if that's any help. ~there are ten kinds of people in the world.... .... those who understand binary and those who don't~
~there are ten
~there are ten kinds....
You mean 10 kinds
ROFLOL!!! Hilarious!
ROFLOL!!!
Hilarious!
LOL ^_^
He's probably the other type!! :))
RE: Service is a NO GO
Don't worry, I fixed it! I simply used the ssh server bundled in Cygwin to handle my tunnel (follow instructions at http://chinese-watercolor.com/LRP/printsrv/cygwin-sshd.html)
ubuntu can't connect
I've been using this method on my windows machine at work for months now and it's worked great! However, I recently wanted to start using it on my ubuntu laptop when I travel and it doesn't connect for some reason. I use the same putty settings and I am able to log in to my home machine over ssh through putty. When I try to use the proxy for my browser it won't connect. I have the settings duplicated and the proxy still functions on my windows box. "Could not connect to proxy server. Access denied" is what I get when I setup the proxy settings to localhost etc... and try to access any site. I only seem to have this problem with ubuntu, though. Anyone have any ideas? Ubuntu is mostly a learning experience so I'm not terribly knowledgable yet and might be missing something obvious. Any help is appreciated.
Hamachi
Would you still need to use putty if you already are using Hamachi to create a LAN to your home computer?
Works fine for XP serving as
Works fine for XP serving as proxy and XP serving and client. But does NOT work for XP serving as proxy and Vista serving as client. Any work around or thoughts on this? Thanks.
Thanks!
Thanks! It worked and made for one very pleasant 3rd shift and I'm sure many more to come
What's with the 'Know that
What's with the 'Know that your mom goes to college' thing 0_o?
This For Sure Rocks!!!!!!!!!!!!!!!!!!
I followed the instructions exactly and it worked perfectly. Thanks man
working with Vista
I alread told HIM how to make this work with Visa, but he is blocking my addition here either automatically or deliberately. This just doesn't work with Vista guys without some little changes, but its pretty easy to fix. Maybe he will add the changes I gave him later.
opensshd
i did both commands (mkgroup and mkpasswd) and when i try to start openssh it tells me error 5 access denied.
u need to open ur command
u need to open ur command prompt as administrator -
go to start/all program/accessories/command promt - right click - run as administrator -
now it should work fine.
OpenSSH
Hi,
I'm not very technical, I installed the Openssh, I'm trying to follow the instructions for mkgroup and also mkpsswd commands, but that is where i'm not getting it. I'm using windows vista. Can someone please help me with more specific step by step instrucstions? I know, they do seem pretty specific, but I really feel like I'm not doing the right thing. My main goal is just trying to setup a proxy server to troubleshoot why I'm not able to log into yahoo messenger. They say that this is one of the troubleshooting steps I should try.
Thanks! This is the best write-up ever
I just got to the end of my 30 day trial of spoonproxy, and i'm so happy with how everything is working, i'm actually going to buy it, which is very unlike me. Your instructions worked perfectly. The only stumbling block (self inflicted, since you advised otherwise) was I usually don't have a password on windows, and until I changed to having one, I couldn't log in through putty. THANKYOU THANKYOU THANKYOU
Setting up a proxy server at home
I like your solution better than most. Its free, and its small. Worked great on XP but not on Visa.
I installed it as admin and I opened the command prompt as admin.
Then I did the following:
Got myself a new copy of cygwin.dll from a fresh copy of cygwin.
Then:
***Copy the cygwin1.dll file into \program files\openssh\bin
***overwrite the old .dll file
***When you install spoonproxy, it will work even though the console shows
***no traffic (just zeros)
Then...
cd\program files\openssh
mkgroup -l >> etc\group
mkpasswd -l -u %username% >> etc\passwd
net start opensshd
Now it works...
8e6 r3ooo
idk why but when i tried to get in to the thing it said connection unadvible....
nice
worked like a hummer
Easy to read guide
Thank you!!! This rocks and was easy to setup!
I have found interesting
I have found interesting sources and would like to give the benefit of my experience to you. I am tuning my pc by the best software for free, with the file search engine BecoMon May be you have your own experience and could give some useful sites too. Because this social site help me much.
Usage outside of the US?
Hi, thanks a lot for this article, it's exactly was I was looking for! I have already setup everything, but now I'm trying to connect to my OpenSSH server (located in the US) from my PUTTY laptop client being outside of the US, and it does not connect! Any ideas? I have already discarded any possibility that this may be due to problems with firewall or any other potential issue.
I have a quick question. How
I have a quick question. How do you log in if the password for the computer is blank as in it has no password? Do you just use the normal username log in and keep the password section blank? Is there a way to establish a pass for openssh by editing the passwd file? Like could i open it in notepad and make my own password? If so how? Thanks
Does not work
All I get is a "connection reset" page. These instructions are horrible. How to you configure spoon proxy, and where is it installed. Don't use terms like "home machine" that could mean anything.
Cannot figure out these instructions
I followed every step and all I get is blank screens or error messages on the browser. I can't figure out what the heck spoon proxy does or how to configure it. I'm trying to set up my home machine as a proxy behind my router and use it from work to browse. All of the instructions are set up as if you are at home, not at a remote computer, and you are using your home computer as a proxy. What is the advantage in doing that? All you are doing is sending web pages to yourself. Can you write the instructions as if you are at a remote computer trying to connect to your home computer behind the router?
advantage?
i can access internet at my work but not all website is accesible like youtube, facebook, blalala. even YM n MSN can login at work. I try search for free web proxy online but all the free proxy server was also blocked by the company. how to get my ass out and access all the website that i want? the last way that i think can solve my problem was this home proxy. since the company dont have my home ip in thier black list, so if i have proxy server install on my home computer, i can freely surf the blocked site through this home proxy like other blocked proxy. this is the BIGGEST ADVANTAGE for me since most of the proxy server on the internet is in the company's blacklist.
CMON!!!!
wow dude!!! omg! r u retarded!!! plz, u r supposed to do these things on ur home computer (or w/e comp u want to use as the proxy). except the part about putty!!! the part about putty u r supposed to do on, in ur case, the computer at work!!!!!
Vista :(
School recently implemented a 8e6 r3000, Filter. So i went through this tutorial and got everything installed to the best of my ability. Though because I was using Vista I believe that some of the steps went bad. I go to open Putty with all the ports and such open and correct. But it says fatal Error Network connection refused. help please?
How do I know I am using a proxy
First off I have an intermediate idea of what I'm doing: I'm not an advanced user, but I'm not a noob either. Point of the story is that when I check my IP at ip-address.com it says that i dont have a proxy setup: I don't want to be found: how do I change that?
Post new comment