Hello. Please help on the topic described in the title.

The situation is this: there are several computers connected to the router with firmware DD-WRT. Where the cable goes from the router is unknown. It is only known that the connection to the Internet occurs through a proxy server (for example, proxy.mycorp.ru.73128). At the same time, some ports and protocols are blocked, including NTP and Bittorrent, as well as the entire windowsupdate.com. Because of this, updates are not installed, time is not synchronized, Windows components cannot be loaded, and many other troubles. At the same time, computers and the router have full access, you can do anything with them, but it’s almost impossible to find the person who sets up the network in the building: D

Yes, and in the presence of a home router with a white static ip, Raspberry Pi and home PC. Is it possible to somehow configure all this to bypass filters in the organization?

    1 answer 1

    If you have access to the Internet through a proxy server and a computer that is waiting for you outside, you can provide almost completely unlimited access to the Internet. A number of techniques that allow, using limited Internet access, to expand it to a full-fledged one, is known as firewall piercing .

    It is possible to organize Internet access even when there is only the possibility of resolving DNS names (DNS tunneling), only pinging (ICMP tunneling) and so on. If there is a proxy, then it is generally elementary.

    If the proxy server allows the CONNECT method, everything is done in two accounts. Usually the CONNECT method is allowed for at least port 443, but often for 80.

    In this case, you can start out with SSH. Use the corkscrew program.

    In the configuration file ssh ~/.ssh/config write

     ProxyCommand /usr/local/bin/corkscrew proxy.work.com 80 %h %p

    Thereafter:

     ssh -L 8080:localhost:80 user@server.at.home -p 443

    Here you not only went to your remote computer via SSH, but also at the same time and forwarded port 80 to 8080 of the local machine.

    source: daniel.haxx.se

    (image source: daniel.haxx.se)

    SSH is very, very much, already almost everything.

    If you have root access on the computer from which you start ssh (in our client terminology), you can not only forward ports, but also raise a full-fledged tunnel with routing.

    This can be done not only with the help of SSH, but also with the help of OpenVPN, VTUN and many other similar programs.

    Unlike ssh these programs require root permissions locally. ssh even without root rights allows quite a lot (except for creating interfaces and routing through them).

    If CONNECT on a proxy is prohibited, it is also possible to go through it, but a little more difficult. One of the tools to do this is httptunnel .

    Two programs are used:

    • client, htc ;
    • server hts .

    You start the server at home, the client at work:

     hts -F localhost:22 80 htc -P proxy.corp.com:80 -F 8022 server.at.home:80

    Here you forwarded the SSH port to port 8022 locally, and then everything is as usual.

    More details:

    Learn more about the aforementioned DNS tunneling (although your conditions are not so severe yet):

    • 2
      Great answer, you saved the question. - VladD
    • @VladD: Vlad, thank you! Why did you save the question? What did you want to do with the poor question? Close - Igor Chubin
    • one
      Well, the question looked a bit offtopic. But with such an answer, it is a pity to vote against. - VladD