Making a small proxy server...

[l053r0y]

At school, all the ports are blocked, except 80, and I need to work on things when I have free time, my friend and I have a webserver, running with linux Apache. I talked to the net-admin here at school, and he said that even he does not have the power to unblock those ports, which he would, becuase he telnets places too. I was wondering how I could set up a small proxy server on our server that my friend and I have. all I need to be able to do, is connect on port 80, and run telnet or PuTTY from that computer or inline on a webpage, if anyone knows how to do either of theses, please help.

-Kris

[Vin DSL]

My favorite is CGIProxy. Here's the URL:

http://www.jmarshall.com/tools/cgiproxy/

[Vin DSL]

Oh, BTW, don't set it up on JagPC. I think it's forbidden in the AUP. That's why I never did it here.

Um... if I'm mistaken - somebody, please let me know...

[Spathiphyllum]

...I talked to the net-admin here at school, and he said that even he does not have the power to unblock those ports, which he would, becuase he telnets places too...

I'll say one thing... you are persistent.

I think it's pretty obvious that the school would rather not have students do what you intend to do. And if you read the TOS from Vin's recommendation of CGIProxy, you'll notice the following:

Legal Disclaimer
Censorship is a controversial subject, and some governments and companies have rules about what information you should have access to. If you use my software to bypass rules that have been imposed on you, you assume all legal risks and responsibilities involved. I'm providing the software as a demonstration and teaching tool, and for when legitimate access is needed to non-accessible servers. I won't encourage you to break any rules, because I would get in trouble if I did. I can't prevent you from using this software in illegitimate ways, but I believe the value of it as a teaching tool is far too great to let a few miscreants ruin it for everybody.
Kris, you are living dangerously here, and Vin, quit contributing to the delinquency of a minor.

Just know that this is NOT a telnet through firewall proxy... it is a miniserver that resides on another computer outside of your firewalled network. You would reach the outside server via HTTP to hit the CGIProxy running on another machine. And the author says it works only for FTP and HTTP only at this point. Not sure how you'll telnet to other machines from that proxy machine unless the remote proxy has a telnet application that can accept and pass commands via a web GUI interface.

But then why would you run a CGIProxy on a remote machine (that is presumably yours) to which you already have access and permission when the commands you send outbound via telnet to your firewalled machine will be blocked? You are trying to operate "your" remote machine, right? And you are trying to use telnet protocols to do it, right? I don't see how the installation of CGIProxy on that machine is going to help you since it acts more as an HTTP/FTP anonymizer than a remote script handler.

What am I missing here?

[Vin DSL]

Bah! You're talkinging out your butt, Spathiphyllum. Stick to subjects you know something about...

The reason system admins block access is because they want to limit entry points from the Internet into their system. When you work through a proxy, it doesn't compromise their system[s]. It's actually a MUCH more secure way of doing things. Connecting remotely to the Internet, through decentralized screening systems, e.g. proxy servers, it minimizes the application entry points for greater system security, not less. When you run through a properly configured proxy server, it's almost impossible for malicious individuals to hijack your browser, explore your system, exploit browser vulnerabilities, steal email addresses, change browser home pages, and take complete control of your system.

In short, proxy servers are a useful addition to security, not a method of circumventing it.

I would love to setup a proxy server in my webspace on JagPC. The only reason I haven't done so is I think I've read that 'they' don't allow proxy servers here. If I'm wrong, I'll install CGIProxy in a heartbeat.

Anyone know for sure?

[Spathiphyllum]

Bah! You're talkinging out your butt, Spathiphyllum. Stick to subjects you know something about...

First, I asked "What am I missing here?".
Second, thanks for keeping the discussion professional.

Yes, admins block access to limit entry but they also block to limit exit. It's pretty obvious that the powers that be, and not some low-level network admin or even lower-level students/teachers, do not want anyone connecting through their network exclusive of port 80 as stated by Kris.

But explain to me, Vin, how installing this CGIProxy is going to help someone access a node outside of the firewalled network that needs to communicate via port 23 when all ports except 80 are blocked? To be clear, you are suggesting he install this proxy on which computer... his green zone desktop PC, his orange/yellow zone web server, or his remote, red zone linux Apache server?

Kris's desire is to send telnet commands to a remote machine, presumably to tweak it from a local, and anonymyzed, location that is school. No ports except 80 are allowed out and neither he nor his net-admin have the authority to override those settings. How, exactly, is CGIProxy going to help him accomplish this task? The software says that it can only proxy FTP, HTTP, and HTTPS... so how is telnet going to be accomplished? The program looks like a web-browsing anonymizer with some extra HTML parsing tools to me.

Would you recommend that he set up his linux to route port 80 to port 8080 and then divert port 23 to port 80? At least this would allow him to send telnet commands via port 80 assuming he can set up his local telnet client to communicate through port 80 as well.

The web GUI suggestion was my idea for him to run something like webadmin whereby he could run commands via HTTP to his linux box and do the tweaks that way rather than trying to force telnet through unsanctioned (and imppossible?) means.

Again, what am I missing?

[Vin DSL]

LoL! Okay, look, we're talking apples 'n' oranges here...

He said he wanted to setup a proxy server, and I told him CGIProxy is my favorite. I would like to do that here, if anyone knows the answer to my question. I suppose I was veering off course, but I was following his lead...

Then, you implied schools don't want students to use proxy servers, because they are a security risk. Maybe I misunderstood you, but if that's what you're saying, that's BS. They would probably love it if everyone used a proxy. It would take the heat off them, making sure all those desktops are free of worms, spyware, malware, et cetera.

Now, it's true that telnet has nothing to do with HTTP and FTP. HTTP tunneling is probably what he really needs. But, I wasn't trying to turn this thread into a dueling match. That's your modus operandi. I'm an investigator.

Having said that, go check out this link, l053r0y:

http://sebsauvage.net/punching/

Assuming you don't go to a Muslim College, or live in a communist country, like Germany, you can (most likely) ignore the capital punishment warning, especially if your teacher wants to do the same thing...

[l053r0y]

Wow, this has become quite the heated arguement for just a simple question, and yes Spathiphyllum, i am persistant, I live in a world outside HTTP, so, telnet and SSH are my best friends, thank you for your help, and I will check out the links you guys sent me. Untill the next time I get lost...

-Kris

[Spathiphyllum]

He said he wanted to setup a proxy server, and I told him CGIProxy is my favorite. I would like to do that here, if anyone knows the answer to my question. I suppose I was veering off course, but I was following his lead...

I'm afraid I don't know the answer to your question and maybe Jag will chime in here, but I didn't think you were veering that far.

Then, you implied schools don't want students to use proxy servers, because they are a security risk. Maybe I misunderstood you, but if that's what you're saying, that's BS...

I'm afraid you did because this thread is a carryover from a similar l053r0y thread from Kris which is why I commented on persistence. In fact, in the other thread, you had already suggested for him to "Setup a proxy server on your home computer and go through it...".
Previous telnet thread with Vin's suggestion

I didn't understand how he was going to use a proxy server to get through the school's firewall to do telnet then either, but didn't think it was worth the follow up at the time. It is now.

The reason for the security notice was because I'm paranoid when I hear someone looking for ways to circumvent firewalls about which they have no authority and the tool of choice is telnet. That raises a red flag in my mind. [Sorry Kris, it just does.] I've seen too many crack attempts from overseas schools (usually in China and Korea) that have IPs registered to educational facilities. Schools are a great way for impoverished students to use someone else's access to crack anonymously (they think) because they are too young to do it from an internet cafe. This is fact with some social commentary thrown in for fun. I'll let you decide which is social commentary.

I wasn't implying that proxies in and of themselves are dangerous at all. What I was repeating was what the author of the CGIProxy wanted everyone to know: "I won't encourage you to break any rules...". I was implying that you might be suggesting to this student the use of a perfectly appropriate tool under proper circumstances to misuse it inappropriately. And I already mentioned the stated history of bypass firewall, telnet, denied access, and my own observational history of cracking from educational institutions and propensity of students to abuse the resource. [Don't panic yet Kris. I have notes for you at the end.]

But, I wasn't trying to turn this thread into a dueling match. That's your modus operandi. I'm an investigator.

Oh Vin, I'm sooo misunderstood. But if that's your take, then pot, kettle, black.

...or live in a communist country, like Germany

Just so that I maintain my MO, isn't Germany still technically considered a Democracy that is fiscally and socially, um, Socialist?

Kris - I'm probably not giving you a fair shake on the implementation of tools from your school so don't take my gut reaction too seriously. If you are just trying to run your machine remotely, Webmin is a great tool and easy to learn and set up.

As far as the heating up of things, just know that that if someone claims that "You're talkinging(sic) out your butt", you better defend your position. It's the equivalent of South Park's kids getting served. And that is Vin's MO since we're generalizing wildly here.

At any rate, have fun with your project and then send us a pointer so we can check out your linux Apache served pages.

[Vin DSL]

...if someone claims that "You're talkinging(sic) out your butt", you better defend your position...

LoL! Guess I'd better start using a spell checker...

[l053r0y]

Spath, i understand what your saying, and I know its, not a good thing to do, especially at school, and I do know the risks of telnet, i hate telnet, i SSH whenever, i have, hell, i dissallowed telnet access to the server my friend and i have. As for setting it up, I will look into Webmin, never herd of it, but it will go into consideration, and the link that Vin last sent, i found a program that will **hopefully** encapsulate the SSH request in a HTTP request, the only problem with that is, the same IP has Apache installed and that is what we run the websites off, so i dont know if it will cause a problem connecting to port 80 and then forewarding it to 22, I would assume an HTTP connection from port 80 would try to be reverted to 22, which would cause a mess of prolems. So basically I'm at square 1 untill i can test some of these options that you have given to me, thank you again.

-Kris

[Galen]

So.... does anybody know the answer to Vin's question cuz I'd kinda like to install a proxy too

[Vin DSL]

Yeah... if proxy servers are allowed, why should we pay $19.95 a month (or whatever) to use someone else’s ‘anonymizer’ service? It would be nice to protect ourselves from identity theft and credit card fraud when ordering merchandise online, for instance, without having to use a third party...

[Galen]

I guess they're not gonna answer us....

Think we should just install the proxy and see if THAT gets anybody's attention?

[Spathiphyllum]

AUP

"Programs: We do not allow programs to run continually in the background. This is to minimize system resources used and operational maintenance needed. We do not allow any chat or topsite programs on our servers other than the ones we pre-install for our clients to use. IRC: We currently DO NOT allow IRC or IRC bots to be operated on our servers."