Table of Contents

Creating Tunnels for remote access

Any one of the below command creates two tunnels, one for http requests and one for (Windows) RDP via remote host (example.org used in example). The first one uses a “saved session” in putty, hence there is much information missing and in this case I have used SSH shared key authentication. The 2nd command uses userid/password authentication and does not depend on using a saved session. As expected the 2nd command has more details. Notice that one uses plink and another putty. Both work. The -N option ensures no session is established. However this is optional and you can leave an open session, especially if you want to do other stuff with the session. The option can be used with putty.exe also.

“C:\Program Files\PuTTY\putty.exe” -C -load Home-Ub -L 8118:localhost:8118 -L 3390:192.168.0.97:3389

“C:\Program Files\PuTTY\plink.exe” -C -N someuser@example.org -pw <somepassword> -P <if not default> -L 8118:localhost:8118 -L 3390:192.168.0.97:3389

The above won't work! See Common issues for reason. Use the line below. The RDP is optional and just not shown below but can be added

“C:\Program Files\PuTTY\plink.exe” -C -N someuser@example.org -pw <somepassword> -P 15023 -L 8118:192.168.0.100:8118

Details

As simple as this setup is, a small mistake will prevent it from working and usually there is no proper debug or error messages to identify the issue.

HTTP Tunnel

In order to create a tunnel to browse the internet via the tunnel IP as opposed to directly accessing the internet from the local IP, first create a proxy web server on any one of the servers in the remote location. In this case we have privoxy web server running locally on the host that is used to tunnel on port 8118. Our internet browser proxy setting is also localhost:8118. Once setup you should be good to go browsing via the tunnel. I actually have another UNIX box running privoxy as well. The IP of that box is 192.168.0.99. If I wanted to tunnel via one box and use the 2nd as the web server, I can do that quite easily but just specifying “-L 8118:192.168.0.99:8118” instead of “-L 8118:localhost:8118”. However, this may not be the configuration you settle in at. See Common Issues below.

RDP Tunnel

The remote windows box is running on IP 192.168.0.97. Since the local windows box gets confused if we use localhost:3389 (it assumes you are connecting remote to your own box and refuses connection), we have changed the local port to 3390, but kept the remote windows box RDP listen port to its default of 3389. Now connect via RDP to localhost:3390 to connect to your remote windows box on port 3389.

Common Issues

Instead of “-L 8118:localhost:8118” I initially had “-L 8118:192.168.0.100:8118” where 192.168.0.100 was the address of my localhost. However this did not work and I got a Connection Interrupted - The connection to the server was reset while the page was loading. Privoxy on 192.168.0.100 was configured to listen only to localhost and not 192.168.0.100 and does not seem to recognize they are the same. See the listen-address setting in the privoxy configuration file. Now while this works, when I used privoxy as my web filter/proxy when accessing the internet from my local network (windows pc), it would not work. I then edited Privoxy config file (located at /etc/privoxy/config on Ubuntu) and changed “listen-address 127.0.0.1:8118” to “listen-address 192.168.0.100:8118”. This made my web proxy work from my local network computer. Of course now my tunnel does not work! Edited the putty configuration from “-L 8118:localhost:8118” back to “-L 8118:192.168.0.100:8118” and the tunnel started to work as well. It would be great if privoxy can listen on multiple addresses or recognize the localhost's IP as localhost. However, the current setting takes care of what I need.

Privoxy file locations in Ubuntu

FileDescription
/etc/init.d/privoxy restartPrivoxy restart
/var/log/privoxy/logfileLog file
/var/log/privoxy/errorfileError file
/etc/privoxy/configConfiguration File