pchai - 2005-03-24 12:58
只需HK$500就可以突破公司防火牆
聲明: 此文章純作教學,一切後果,請自行承擔
摘要: 透過 Sveasoft firmware 開啟 Linksys WRT54G / WRT54GS 的 SSHD, 透過SSH tunneling 技術達到穿透防火牆的目的
前言:
SSH (Secure Socket Shell) 係一種Unix-based 的安全遙遠控制協定
SSH Tunneling 提供一個 Port forwarding 的途徑。因此可以利用SSH連線達到單穿透防火牆的效果。
一般企業防火牆會限制用戶使用互聯網,例如只開放HTTP(80/TCP)和FTP(21/TCP)。甚至會記錄每一位員工瀏覽記錄,作日後秋後算帳之用。利用 SSH tunneling 技術,不但可以突破防火牆的阻隔,還可以防止瀏覽被記錄。
材料:
1. Linksys WRT54G (約 HK$450) / Linksys WRT54GS (約 HK$599)
2. Sveasoft firmware: www.sveasoft.com (本教學用Alchemy-pre7a beta build version v3.37.6.8sv 作試範)
3. Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
4. 除 80 以外的 TCP port
流程:
A. 使用前準備
1. 更新 Linksys Router firmware,刷入 Sveasoft firmware.
2. 設定 PPPoE 並測試可否正常使用互聯網
3. 開啟SSHD 設定 SSHD PORT: Administration -> Management -> SSHD Enable
4. 申請 DDNS 服務: www.dyndns.org
5. 設定DDNS: Setup -> DDNS
B. 使用SSH
1. 設定 Putty
a. Sesssion -> Host Name 輸入之前申請的的 DDNS, Protocol: SSH, Port: 輸入之前在linksys SSHD port 的設定
b. Connection -> SSH -> Tunnels:
建立一個 Click Dymanic, Source port 8080 再按 "Add"
另試範利用SSH做Remote Desktop 用家電腦
Click Local, Source port 3389, Destination 192.168.1.2:3389 (家中電腦的IP)
c. Session -> Saved Sessions
輸入一個名,方便日後使用,Click Save
d. Click Open
login name: root
password: {Linksys Web Management Password}
3. IE 設定
工具 -> Internet 選項 -> 連線 -> 區域網路設定 -> 進階 -> Socks Proxy 位址: 127.0.0.1, 連接埠:8080 -> 確定
Click 使用 Proxy 伺服器 -> 確定
再確定離開 Internet 設定畫面
SSH 瀏覽成功!
4. Remote Desktop
照正常程序, Computer 輸入 "localhost" 或者 127.0.0.1
後記:
由於Linksys Port 80 原設定為Web Management,所以不能用 Port 80作 SSHD 連接埠,但理論上是可以改變的。
參考:
http://www.sveasoft.com/modules/phpBB2/index.php
http://searchsecurity.techtarget.com/sDefinition/0,290660,sid14_gci214091,00.html
http://www.ccs.neu.edu/howto/howto-sshtunnel.html 高音楷 - 2005-03-24 13:21
正wor... UTP - 2005-03-24 13:33
simular case, softether seems even easiler to set, and no hardware is needed.
using it now in office.... pchai - 2005-03-24 13:33
[quote]
高音楷 寫到:
正wor...
wahahah.
原來有人睇得明
[/quote]
UTP - 2005-03-24 13:47
I suggest using routing and remote instead of proxy, I hate proxy in most cases... pchai - 2005-03-24 13:51
[quote]
UTP 寫到:
I suggest using routing and remote instead of proxy, I hate proxy in most cases...
我無做到proxy... 只係利用proxy叫 IE 行sock 
[/quote]
pchai - 2005-03-24 13:53
[quote]
UTP 寫到:
simular case, softether seems even easiler to set, and no hardware is needed.
using it now in office....
好多公司都有policy 唔俾install software
Putty係唔洗install
[/quote]
MacJuJu - 2005-03-24 13:54
Eeee? 我成日用 Putty 只係以為佢可以做 SSH Client 架咋喎, 乜 Local Proxy 都得?!  pchai - 2005-03-24 13:56
[quote]
麥豬豬 寫到:
Eeee? 我成日用 Putty 只係以為佢可以做 SSH Client 架咋喎, 乜 Local Proxy 都得?!
唔係local proxy.. 佢係唔會cache.佢只不過係開左port 做 dymanic port forward
[/quote]
UTP - 2005-03-24 14:03
[quote]
P仔 寫到:
好多公司都有policy 唔俾install software
Putty係唔洗install
Agree! didn't think of this point. thank you
[/quote]
pchai - 2005-03-24 14:10
Linksys WRT54G 用左 sveasoft firmware 真係勁好玩
一部幾百蚊既 11G wireless router.做到 SSHD, VPN(PPTP) server. 真係絕! UTP - 2005-03-24 14:18
hum.......................UTP thinks of changing router.............. hum.............. pchai - 2005-03-24 14:23
[quote]
UTP 寫到:
hum.......................UTP thinks of changing router.............. hum..............
識玩既.真係當佢係一部linux咁玩都得.
[/quote]
呀羊@貓沙 - 2005-03-24 14:26
個PPTP係可以用WindowsXP default client login? UTP - 2005-03-24 14:27
[quote]
呀羊..revolution 寫到:
個PPTP係可以用WindowsXP default client login?
me needs the same thing too!
[/quote]
pchai - 2005-03-24 14:27
[quote]
呀羊..revolution 寫到:
個PPTP係可以用WindowsXP default client login?
係
[/quote]
UTP - 2005-03-24 14:28
[quote]
P仔 寫到:
識玩既.真係當佢係一部linux咁玩都得.
woooo.....
my debian just sit unplugged on the desk..................
too much wanted, too less time..........
[/quote]
呀羊@貓沙 - 2005-03-24 14:29
[quote]
P仔 寫到:
係
咁著數?
但個firmware駛唔駛錢?印象中好似要!
[/quote]
守護天使 - 2005-03-24 14:31
借問聲玩完隻router會唔會有後遺症?
或者唔想玩有無得返轉頭?
thx! UTP - 2005-03-24 14:32
woooo, ok, upgrade!!!
throw my XXXXing Rubbish Level One router to bin! pchai - 2005-03-24 14:37
[quote]
呀羊..revolution 寫到:
咁著數?
但個firmware駛唔駛錢?印象中好似要!
yearly $20 USD subscription fee
不過有"Offical free version"
http://www.sveasoft.com/modules/phpBB2/viewtopic.php?t=802
[/quote]
pchai - 2005-03-24 14:38
[quote]
新丁 寫到:
借問聲玩完隻router會唔會有後遺症?
或者唔想玩有無得返轉頭?
thx!
返轉頭無問題,最大既危險都係 flash firmware時死機
http://sveasoft.com/modules/phpBB2/viewtopic.php?t=8339
[/quote]
UTP - 2005-03-24 14:39
so what are the diff of the public and paid version? pchai - 2005-03-24 14:49
[quote]
UTP 寫到:
so what are the diff of the public and paid version?
俾左錢.可以download到最新既firmware同埋睇到佢個forum,
其實我都唔知 Satori-4.0(free to download) http://sveasoft.com/modules/phpBB2/viewtopic.php?t=1626
同 Alchemy-pre7a 有咩分別
[/quote]
vic_shek - 2005-03-24 15:10
[quote]
P仔 寫到:
wahahah.
原來有人睇得明
正wor (唔明都扮下明先~!)
[/quote]
UTP - 2005-03-24 15:19
[quote]
武松搵食 寫到:
正wor (唔明都扮下明先~!)
hahahah, you are so funny!!!
[/quote]
阿健 - 2005-03-24 17:07
有無人試左?
得唔得?
其實我自己都系部電腦度起左個SSHD的,但直接系部Router度起又好似好D咁!
up死左都唔知點算? UTP - 2005-03-24 17:13
hey hey, how did everyone sort DDNS out?
most update of DDNS by Router need so long to reslove.... pchai - 2005-03-24 17:13
[quote]
阿健 寫到:
有無人試左?
得唔得?
其實我自己都系部電腦度起左個SSHD的,但直接系部Router度起又好似好D咁!
up死左都唔知點算?
我出得呢個post...
你估我真純理論咁寫出來?
[/quote]
pchai - 2005-03-24 17:15
[quote]
UTP 寫到:
hey hey, how did everyone sort DDNS out?
most update of DDNS by Router need so long to reslove....
我用 dyndns, 好快喎
[/quote]
阿健 - 2005-03-24 17:21
老實說,如果有部Linux長開著,囉佢黎起個sshd會仲快~~ pchai - 2005-03-24 17:26
[quote]
阿健 寫到:
老實說,如果有部Linux長開著,囉佢黎起個sshd會仲快~~
當然啦.
你砌部 600蚊既 linux俾我睇睇
同埋..linksys用你幾多電?
部linux機用你幾多電?
[/quote]
tomming-TT - 2005-03-24 17:40
問題:
[quote]
引言回覆:
B. 使用SSH
1. 設定 Putty
a. Sesssion -> Host Name 輸入之前申請的的 DDNS, Protocol: SSH, Port: 輸入之前在linksys SSHD port 的設定
b. Connection -> SSH -> Tunnels:
建立一個 Click Dymanic, Source port 8080 再按 "Add"
我只可經公司既 proxy server 出街, 咁係咪唔 work...?
[/quote]
pchai - 2005-03-24 17:54
[quote]
tomming 寫到:
問題:
我只可經公司既 proxy server 出街, 咁係咪唔 work...?
係.
最開頭既材料都寫明一個出到街既 tcp port
如果連一個 tcp port都無.真係無得攪
[/quote]
UTP - 2005-03-24 18:02
hum.......my isp block port 80, and some of the workspace I am at only allow port 80, not even 21 or so.........well....................
luckily now at work are config by me je.... vic_shek - 2005-03-24 18:04
[quote]
P仔 寫到:
當然啦.
你砌部 600蚊既 linux俾我睇睇
同埋..linksys用你幾多電?
部linux機用你幾多電?
咁個linksys入面有幾多位可以放野? 如果大D, 玩法可以多D.
[/quote]
阿健 - 2005-03-24 18:59
好係話有32MB玩的~~ UTP - 2005-03-24 19:21
hum......................upgrades....... UTP - 2005-04-01 21:12
thanks P仔, it works for me!!!!!!
(not using hardward tho doing software SSHD)
anyway THANKS! 路人sc - 2005-04-01 23:06
正想買Wireless hub....呢隻正 ~.~ 冷血‧睡魔 - 2005-04-02 18:35
咁可唔可能係隻route 到install 野??
install 個 ftpd, mount 個 network drive 用黎做ftp. :D Bryan - 2005-04-03 0:47
[quote]
rickywk 寫到:
個PPTP係可以用WindowsXP default client login?
係.... 
[/quote]
呀羊@貓沙 - 2005-04-04 18:45
剛剛買o左隻WRT54G...想隊個Sveasoft Satori v4.0入去,但一禁Upgrade,佢就話failure,唔俾我up上去...
我隻係V2.2 hardware,唔通block o左? sdf - 2005-04-04 22:46
[quote]
rickywk 寫到:
剛剛買o左隻WRT54G...想隊個Sveasoft Satori v4.0入去,但一禁Upgrade,佢就話failure,唔俾我up上去...
我隻係V2.2 hardware,唔通block o左?
hardware v2.2 要用Sveasoft Alchemy firmware,$$$
[/quote]
呀羊@貓沙 - 2005-04-04 23:23
好! MacJuJu - 2005-05-18 22:29
成個月後, 返工地點又變左 (家陣人工都未知丫..唉), 買左隻囉.
試下攪下過 sshd 先. |
發表於 2005-6-28 08:30 PM
| 
發表於 2008-3-5 12:09 PM
| 
