FYI, this was used at one time to bypass military proxy/firewalls here at work so that's why it references "Base Proxy"
First, let's look at how the traffic flows normally. For those of you that know how NMS/BIPS is set up, you might want to skip this part. The normal flow of data follows along the green path. Workstation -> Base Proxy -> Firewall -> the Internet -> Target Web server and back.
Actually, it's a little more complicated than that. From your computer to the proxy the packets have a destination port of 8080, the normal proxy port. Then the proxy re-packages them with a destination port of 80, the normal http port. Of course, it does all it's checks to make sure the request isn't for a naughty site yada yada yada. Then it's port 80 all the way through the firewall, internet, over the river and through the woods until it gets to
http://www.grandmothershouse.com.
Then the data comes back the same way.
But wait! Grandmothershouse.com is in the proxy server's unacceptable sites list! They don't want you getting that "warm apple pie"!!!
Bah I say! Let's try following the yellow path. *Follow the yellow brick road, follow follow follow follow, Follow the yellow brick road* This would be the path your packet takes when you don't have a proxy server configured in your browser's settings. The packet leaves your computer with a destination address of
http://www.grandmothershouse.com and a destination port of 80.
Because of how the routers are set up on a typical network, everything flowing out or into the network has to pass through the firewall. So, your little wayward packet makes its way through your base network and gets to the big bad firewall. Your little packet tries to go through the firewall's port 80 hole only to find it's shut tighter than a ten year old jar of pickles. There our little packet's journey stops. He waits at the firewall, sets up camp, and eventually dies of starvation.
But wait! Our green packet went right through port 80 on the firewall! Why can't our cowardly yellow packet?
It's because the firewall is set to only allow packets coming from the proxy server through on port 80. Otherwise anyone could circumvent the proxy simply by telling their browser not to use one. This would suck up more bandwidth and allow people to surf anywhere they wanted!
Now, let's take a look at the devilishly ebil red packet. The red packet is going to travel through your SSH tunnel. Following my earlier post you've set up an OpenSSH server at home along with CCProxy. CCProxy is listening on its default port of 808, VNC on 5900, and SSH on 22.
You run PuTTY on your work PC and connect to your home PC's SSH server. When you connected you set up two tunnels, one for port 808 and another for port 5900.
Now your work PC is listening on port 808 and port 5900. Anything going to your work PC on either of those ports magically pops out the other end of the tunnel at your home PC!
So, if you set your work PC's browser proxy to point to your work PC on port 808, it will pop up on your home PC on port 808 and CCProxy will pick it up.
So, in the case of our little devilish red packet, it goes from your work PC's browser to the front end of the tunnel on port 808. It gets stuffed into the tunnel and travels through it on port 22 until it gets to the other end at your home PC. It exits the tunnel at your home PC and the SSH server sets it back to port 808. CCProxy picks it up on port 808 and acts just like the Base Proxy server. Only this time there are no filters blocking you from going to "naughty" sites. Then it goes out to
http://www.grandmothershouse.com and back the same way it came!
The patriotic blue packets are VNC packets. They do much the same thing as the devilishly clever red packets, in that they travel the tunnel. Only they start out on port 5900. When they exit the tunnel back at your home PC, it's WinVNC's turn to pick them up since it's the program listening on that port.
As far as the firewall's concerned, all the red and blue traffic is going over port 22. But we know better. Don't we kiddies?
Then again, since you're not able to hit anything I doubt this will work for you either... oh well...
) and has shut down the internet for me, and getting on himself whenever im away.
I love it. 