Clueless and behind a proxy at work.

Discussion in 'DD-WRT Firmware' started by NYBOY, Dec 2, 2005.

  1. NYBOY

    NYBOY Network Guru Member

    I am calling for help in trying something "impossible" I'll say...

    I am at work behind a proxy server:

    but eventhought they have blocked thousands of websites i can access my dd-wrt (11-09 upgraded) WRT54G v.4 router...admin page.

    to my question now: is there anyway/software i could use to go thru my work's proxy server (limited access) and then use my router to regain (full access) ?

    I don't know how else to explain it.... and thanks in advance for any input
  2. NateHoy

    NateHoy Network Guru Member

    Yes, you could forward a port to your desktop computer, then use VNC or equivalent (with heavy passwords!) to "take control" of your desktop at home, which would then have full access. Your corporate computer would be pretty safe, since you are merely taking control of a home machine and not loading any software on your corporate machine other than the VNC client. Your home machine becomes somewhat susceptible to cracking, so you want to make sure to choose an unusual port, secure the connection, and choose a STRONG password.

    Warning (please read): Your IT department might not like it a lot, and you have to check your corporate policies. You work for someone, they pay you, and they expect compliance with their policies while you're on the clock and using equipment and connections that they are paying good money for. If you need something work related, you should ask them to give it to you. Only apply my advice AFTER you have checked with your corporate IT department, and I accept no responsibility if you misuse this information and get yourself punished or canned.

    Ya done been warned. 'Nuff said.
  3. NYBOY

    NYBOY Network Guru Member

    that been said and clear...

    how do i implement that... i have my home pc connected to my router and router to my CableModem and i leave both always up running... what do i need to install (at home) and (at work) ? anywhere i could read about the steps to follow? Thanks again
  4. NateHoy

    NateHoy Network Guru Member


    VNC Server installed on a PC, configured to a specific port.
    That port forwarded on your firewall to the VNC server machine.
    No one else interested in using machine during times you want to use it.


    VNC Client, configured to (your IP address):(the port number you chose)
    A VERY forgiving IT department, or compromising photos of an upper-level executive, if this violates your corporate IT policy. ;)

    You can also use things like GoToMyPC or other commercial clients to accomplish the same task. Heck, I think Norton's remote control software supports a TCP/IP connection. There are lots of packages that can do this. Your choice.

    You will be sending images (continuous screenshots, in essence, with some compression) from your home PC to the client at work, so it may appear that you are downloading files if someone is monitoring bandwidth usage. If your work network is small or you know they pay dearly for bandwidth, use this sparingly and set your screen resolution fairly low, and get rid of backgrounds and other bandwidth-hogs. If your upload bandwidth at home is low, this may be fairly slow.
  5. NYBOY

    NYBOY Network Guru Member

    I was looking into putty https (since they dont block that at work) ssh tunneling... to prevent the bandwith incremental but i think its a more tech savvy solutions since i get a little bit lost in the setting-up procedures. :(

    since i dont have the compromising-photo of a high-level executive i think i step back :sadbye: :(
  6. sufrano63

    sufrano63 Network Guru Member

    your best bet is using ssh to tunnel to your wireless router. If your using dd-wrt fw, the enable the sshd and on your pc @work just just an ssh client and connect. you can do a search on google to find out more
  7. sufrano63

    sufrano63 Network Guru Member

    your best bet is using ssh to tunnel to your wireless router. If your using dd-wrt fw, the enable the sshd and on your pc @work just just an ssh client and connect. you can do a search on google to find out more. Using vnc only if you want to control your PC at home, but if you want to router traffic (i.e internet), then ssh is the better solution
  8. NYBOY

    NYBOY Network Guru Member

    say i happen to lose a nut and brainstorm hard enough to connect to my dd-wrt-upgraded router at home via putty... once that is connected you said i can open an IE and browse anything ?
  9. sufrano63

    sufrano63 Network Guru Member

    yep... :thumb:
  10. NYBOY

    NYBOY Network Guru Member

    i find that hard to believe but i certainly will try it tomorrow from my work... what strikes me is that on the IE settings connections i have the proxy ...

    should li leave those settings like that ? i dont understand what to do once i connect :(
  11. Lazybones

    Lazybones Network Guru Member

    You need to enable the Proxy in Putty and point your browser at that.. You will be able to tell if IE is connecting through your home system by going to a site like whatismyip to see if it picks up your work or home IP address.

    Just a word of caution.. Not all companies monitor the prox, some install a client on every workstation that monitors activity and brower use.. if this is the case and your company has a strong policy againts what you are trying to view you might get in trouble.
  12. 4Access

    4Access Network Guru Member

    Well then lets solve that with some easy step by step instruction, pictures included! :thumb:

    As long as what you said is true about being able to access your WRT's remote admin page from work and ssh not being filtered then the following steps will work.

    1. Download PuTTY

    2. Enable ssh on the WRT from the 'Administration -> Services' page.

    3. Now lets make sure ssh is working.
    3a) Open putty and type (or whatever your WRT is using for a LAN IP address) into the Host Name field as shown below:


    3b) Press the 'Open' button.
    3c) Within a few seconds you should see a PuTTY Security Alert. Write down the Server's "key fingerprint" that you see in the alert!!
    3d) Press the 'Yes' button so you don't have to see the Security Alert in the future.
    3e) Enter "root" (without the quotation marks) when asked for a user name. The password is the same as the web admin password.
    3f) You should now see a DD-WRT welcome message. Great it works!

    4. Now we need to configure the firewall so you can access ssh remotely:
    4a) Go to the 'Applications & Gaming' -> 'Port Forwarding' page and add a rule like shown below. (Don't forget to save.)


    You should now be ready to connect from work.

    5. From work:
    5a) Open PuTTY and type your routers WAN IP address into the "Host Name" field, but don't click the 'Open' button just yet.
    5b) Instead select the 'Tunnels' option on the left.
    5c)Type 12345 into the "Source port" box, leave the Destination box empty, select the 'Dynamic' option and then press the 'Add' button. Below is a picture of what the Tunnels options should like like immediately before you press the 'Add' button.


    After you press 'Add' you should see "D12345" in the Forwarded ports list.

    5d) Now press the 'Open' button to initiate the connection.
    5e) Within a few seconds you should see the PuTTY Security Alert.
    5f) Check and make sure the fingerprint is the same as the one you recorded earlier then press the 'Yes' button.
    5g) Enter your user name and password like usual.
    5h) Minimize the PuTTY terminal.

    6. Assuming you are using Internet Explorer, click on the Tools menu and then choose Options.
    6a) Click on the Connections tab
    6b) Press the LAN Settings... button
    6c) Press the Advanced... button
    6d) Configure as show below:


    Finally click OK on all the windows you've opened and then surf to your hearts content.

    Lastly & most importantly, don't screw things up for everyone by abusing ssh and getting it filtered. :thumb:

    BTW, you can verify it's working once you've configured everything by visiting sites such as like LazyBones mentioned and you should find that the IP address you are visiting the site from is your WRT's WAN address.
  13. NYBOY

    NYBOY Network Guru Member

    First let me THANK YOU SO MUCH for the detailed steps although:

    Followed all those steps... everything work OK but eventho: i can connect to the router and everything via SSHD auth with tunnel on Dynamic(443 was the port i used instead of 12345 sine 443 is https although 12345 didnt work either).

    question: when i put port-forwarding on the application field i typed: SSHD and the ip instead of i put my router real IP 67.xx.xx.xx and change the port from 22 to 443 (but i already change the SSHD port from 22 to 443 on the services... i know i can acces HTTPS from work but dont know if the have 22 port blocked so i change all my 22 ports and configurations to i said everything works out fine putty-wise but on the IE i still can't connect. :(

    observation: my proxy when IT from here set up the PC they put that info not in the proxy-server part of the connection settings but instead on the "Use automatic configuration script".... would that make any difference? because according to instructions i have to go to the advance "proxy-server" dialog window... *just wondering*

    and again... got very excited when i could connect to my router from work but still can't browse freely :(

    any input is strongly appreciated...

    edit: i pulled the script (a .txt file with redirection according to the URL passed) and exchange the for the actual proxy used for external URL but still IE doesnt connect (can't solve any URL) ...putty does connect...i think it has something to do with my settings on the putty and IE. either that or IT ppl at my job are VERY GOOD !! :cry:
  14. NYBOY

    NYBOY Network Guru Member

    Update: i could get it to work.... weird thing is on the Tunnel settings on the putty i have to put set it to "local" to listen on "Source port" 3080, then on "destination" i had to use a free-proxy-server i found in colombia .

    Does that means i have to have a proxy server installed on my house Desktop ... becuase damn that server in colombia was slow? in that case.... any recommendations... my home desktop runs windows XP... and if home-desktop ip address is *becuase is LAN connected to the router*....what IP do i put in the "destination" filed on putty... ?
  15. 4Access

    4Access Network Guru Member

    You could do that if you really wanted to but that would mean you have to find a HTTP proxy server to run on your home PC and would require that you leave your home PC on all the time... While this would work there is no need. The steps I posted originally should work and don't require that your home PC be left on.

    I had a hard time understanding the changes you made so I'm not quite sure where things got messed up... What steps did you change? (I went back and modified my last post so each step has it's own unique number.)

    As best I can tell, in step 2 you changed the ssh port on the Administration page from 22 to 443 right? If so, then on step 4a you will also need to replace port 22 with 443. (I think you did this.) Also, I don't know if you were asking about it or not but jut to be sure, in step 4a you need to enter your routers LAN IP address for the port forwarding rule.

    I'm hoping that after changing the ssh port from 22 to 443 you were able to successfully connect to ssh on port 443 from work? (The only thing you would do differently is make sure to specify port 443 on the Session configuration page of PuTTY instead of the default 22.)

    Now regarding the Tunnels configuration: I think this is where things started to get messed up... You should NOT need to change the the port in this step! Leave it as Dynamic port 12345 like the instructions suggest!

    Now the important part: Between steps 5b & 5c you will also need to uncheck the options "Use automatic configuration script" & "Automatically detect settings" as shown below:


    Do everything else as instructed above and it should work.
  16. NYBOY

    NYBOY Network Guru Member

    I'll try that on Monday once i am back on y job cuz my brain overheated today with that and i am at home now... but i would like you to explain me in theory what is your process steps doing? i could understand when i set it up myself with the server in colomibia i even drew in a white sheet the flow diagram of what i was doing... but when i follow your steps i sort of get lost as off how things happen when i tried to connect and why do i get an DNS Error on the IE.
  17. 4Access

    4Access Network Guru Member

    I'm a little too lazy right now to create my own diagram but I found this one that does a good job of illustrating what's happening.

    A few things to keep in mind while viewing the image:

    1. The "Application" on the left is IE
    2. You can think of "SSH" on the left as PuTTY
    3. Using my instructions above "Port C" = 12345
    4. "" is you WRT at home.
    5. "Host A" is the blocked web server you are trying to access.

    Also it's not in the diagram but the reason you configure IE to use as the proxy server is because that's the "Loopback address" on a computer and is what tells IE to connect to "Port C" (or 12345 in your case) on your own computer.

    Does that help?
  18. NYBOY

    NYBOY Network Guru Member

    Back at work: change the SSH to 22 since i realized they (work) dont have it blocked. Started everything from step 1 and it loooks exactly like the pics ... :thumbdown: didnt work.... :( i dont know what else to do to get it to work...

    i got this from the IE when i tried

    Cannot find server or DNS Error
    Internet Explorer
  19. 4Access

    4Access Network Guru Member

    OK lets try and narrow down the problem:

    Start at step 5 & repeat all the steps through 5h but once you have logged in instead of minimizing PuTTY try typing the following command into the shell instead:

    ping -c 5

    If you get an unknown host error tell me what the output of the following command is:

    cat /tmp/resolv.conf
  20. NYBOY

    NYBOY Network Guru Member

    ping worked fine...

    5 packets transmitted, 5 packets received, 0% packet loss
    round-trip min/avg/max = 82.6/84.9/87.5 ms

    *shrug* now what?

    edit: an observation: this night at the university i tried it...although isnt the same since its not proxy but it connected and didnt get the IE when to from the IE and i was browsin thru my RT54G and using the FireFox i was using my school IP...weird...yes...what's going on at work.? i dont know maybe something is happening at (my company proxy)...becuase here at the university without proxy it connects beautifully... *shrug again*
  21. 4Access

    4Access Network Guru Member

    OK here's the problem:

    IE isn't sending it's DNS querries through the ssh tunnel, combined with the fact that your company is probably filtering DNS queries. (You can test this by trying to ping from your work computer. I'd be willing to bet you get a "could not find host" or "destination host unknown" or some such error.)

    The solution is to replace Step 6 from the original instructions with one of the options below:

    Method 1 - Use Firefox! (These steps based on Firefox 1.5)

    1. In Firefox click on the Tools menu then select Options.
    2. In the General category click on the Connection Settings... button.
    3. Configure the Proxy settings as shown below:


    4. Click OK twice to close the options windows.
    5. Type "about:config" (without the quotes) into the address bar and press enter.
    6. Type "socks_remote_dns" (without the quotes) into the filter bar.
    7. Double click on the "network.proxy.socks_remote_dns" option so that it has a value of "true" (It will also turn bold.)
    8. Restart Firefox and enjoy!

    Method 2 - For Internet Explorer (Untested)

    I haven't been able to find a built-in way to configure IE so that it will send it's DNS queries through a SOCKS proxy. It's still possible there is some obscure registry hack that will enable this so if someone stumbles across it please let us know!

    As a work around you can install a program like FreeCap which will capture traffic from designated programs (even programs that don't include proxy configuration options!) and send it through a proxy server of your choice automatically.

    1. Download & install FreeCap
    2. Configure FreeCap as shown below:


    3. In Internet Explorer:
    3a) Click on the Tools menu and select Internet Options...
    3b) Select the Connections tab and then click on the LAN Settings... button.
    3c) Uncheck all the options as shown below!


    4. Surf! (I haven't actually used FreeCap so I can't say for sure if it would require any additionally configuration or not...)

    Hopefully that will get you up and running. If it doesn't might be a useful website for further research. Especially the Surfing Software page.

    Let me know how it goes! :thumb:
  22. NYBOY

    NYBOY Network Guru Member

    YOU ARE A GENIUS !!! :cheer:

    IE sux <-- well that isnt new

    Yeeeeeeeeehhhhaaaaaaa !!! :rockon:

    i can check my email.... after 2 years... from work... :cheering:
  23. NYBOY

    NYBOY Network Guru Member

    can i do this using a WRT54GC? <-- doesnt support linux so it is still with Linksys Firmware so i can't do ssh
  24. GoldServe

    GoldServe Network Guru Member

  25. NYBOY

    NYBOY Network Guru Member

    Vacation Time is over

    For over 3 years i managed to get around this way until a new IT hire switch from Basic Isa Server proxy Authentication to NTML Windows Authentication.

    And guess what? you guessed right... putty does not pass NTML to the proxy server when i specify my user name and password on the proxy tab.

    After days of looking around i can't find a way around this i decided to return to those who know better than anyone... the Linksys community....

    help please...
  26. sufrano63

    sufrano63 Network Guru Member

    try the vpn version of dd-wrt and setup OpenVPN

    With this setup your IT guy probably won't know how you bypass his proxy.
  27. batmodem

    batmodem LI Guru Member

  28. CaNsA

    CaNsA Network Guru Member

    sorry if this has been said already, but try using

    I use that from work, no ports to open, all you do is logon to the website and access ur machine. you have to register (free) and install a small prog at home.

    very secure and very reliable. i have never had a problem with it and it runs on all 3 computers at home.

    Hope this helps

  29. littlepsp

    littlepsp Guest

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice