Forwarding unwilling network programs (was: Evolution and Exchange ...)

[bscott at ntisys.com]

On Sat, 25 Sep 2004, at 5:22am, cbrenton at chrisbrenton.org wrote:
> Little easier than mucking with iptables and less parts to break.

  Another interesting hack is the "dynamic port forwarding" feature of
OpenSSH's ssh(1) program (the "-D" switch).  For example:

	ssh -D 1080 server.example.com

That opens the usual SSH session to <server.example.com>, but it also puts a
SOCKS4 server listening on port 1080 on the local (client) system.  Now any
clients using that SOCKS server will be dynamically forwarded so they appear
to be originating from <server.example.com> instead.

  If you have a SOCKS aware application (such as Mozilla), you can just tell
it to use <localhost:1080) as your SOCKS server, and now the application
will behave as if its network connections are on <server.example.com>.

  For non-SOCKS aware programs (most of them), you can use a dynamic library 
preload to intercept normal sockets calls and turn them into SOCKS.  The 
dante package (a full SOCKS implementation) includes a "socksify" script 
which can do this automatically on a one-by-one basis.  For example,

	socksify evolution

might work.  Combine that with the SSH dynamic port forwarding described
above, and Evolution will behave as if it is running on your remote SSH
server.

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do  |
| not represent the views or policy of any other person or organization. |
| All information is provided without warranty of any kind.              |