WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: privoxy, polipo & dnsmasq - problem with users, groups and log-file-permissions  (Read 3252 times)

Offline netnomad

  • Hero Member
  • *****
  • Posts: 1026
hi jason w,

i'm looking for a configuration to browse the web over a ssh-tunnel when i travel or use unscecure wifi-networks.
with dCore tsocks i experience some problems with some routers (high cpu-load after starting iceweasel).

i loved to tunnel with a redsocks-script found in the forum:
the great via-ssh.sh-script of the member vitex, should be maintained for the future.
unfortunately vitex is not around anymore :(

now i want to try privoxy, polipo and dnsmasq, but my current setup has to many rough edges...
especially missing users, groups and log-file-permissions causing me some problems.

or do you recommend me another handy alternative  that routes all web-services including browsing, mailing, dns and so on through the tunnel without much changing the configurations all the time?

thank you for your help.
« Last Edit: April 18, 2014, 07:45:29 AM by netnomad »

Offline Jason W

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 9730
Hi netnomad,
I haven't used that kind of setup so I can't really help with it, but on reading about it it does look interesting.  If I try it out on dCore and make any progress I will let you know.

Offline netnomad

  • Hero Member
  • *****
  • Posts: 1026
hi jason w,

thank you for your interest.

i want to give you a little overview of my experiences:

the common way to ssh-tunnel is to use the tunnel with
ssh -D <some port> host f.e. ssh -D 12345 mysshhost
but then you have to change in your browser
in the section network proxysettings the fields socks-host: localhost port: 12345.
with this approach only the browser is tunneled, for the email-program the same changes in the configurations are needed and so on.

another way is to ssh -D 1080 mysshhost
and then to use tsocks with the needed program,
f.e. tsocks iceweasel, tsocks icedove and so on.
there is no need to change the configuration of the browser or the mail-agent and all programs that are started in a terminal with tsocks are routed through the tunnel.
advantage: no changes in the configurations are needed
disadvantage: if you miss to use tsocks, the browsing is untunneled.

the scritpt of vitex via-ssh.sh leads everything through the tunnel without changes in the configurations or the need to use a terminal-command for each started program.
pdnsd is needed to secure the dns-request over port 53!
http://forum.tinycorelinux.net/index.php?topic=11683.0
https://gist.github.com/vitex/1287517
by the way, pdnsd has also problems with users, groups and log-file-permissions :(

some people think that tsocks has some security issues...
in the past i had some good experiences with tsocks under debian...
with dCore i got mixed feelings, cause i use two identical configured routers at two different places with two different ISPs, all configurations are the same despite the ISPs.
one ssh-tunnel works perfectly, the other one is only with tsocks unusable,
cause the cpu rises to 100%, after starting tsocks.
all other tunnels over ssh despite of tsocks work smooth and flawless.
i examined so endless aspects for that misbehavior... and i found no hint despite the ISP could be the origin of that problem?

i would prefer an approach like the vitex-script, but would be happy to be secured by strict firewall-rules.
only the tunnel must route all internet-connections, also the dns-requests (www, mail, dns, ntp),
all other ports are strictly closed for any outbound-connection :)

do you want to have a look at via-ssh.sh, redsocks and pdnsd?
do you have another idea or a different approach?

thank you for your help.
« Last Edit: April 19, 2014, 08:21:43 AM by netnomad »