Setting up a proxy server

Associate
Joined
17 Nov 2008
Posts
101
Hi all,

What I want to do is have a proxy server hosted at home, that I can use to route traffic through from my laptop using any other connection (i.e. free wifi APs).

I would like this server to be hosted on a small form factor PC such as a raspi or plug computer, failing that a laptop.

What sort of software should I be using to host the actual server, this is not a HTTP server but rather a VPN(?) I guess, I want to send all my traffic through it.

Sorry if this is the wrong section but it seemed like you guys would know the most.
 
Soldato
Joined
9 Nov 2003
Posts
9,510
Location
The Motor City
In computer networks, a proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers.
A virtual private network (VPN) is a network that uses a public telecommunication infrastructure and their technology such as the Internet, to provide remote offices or individual users with secure access to their organization's network.

Quite different animals. What is your actual goal?
 

Pho

Pho

Soldato
Joined
18 Oct 2002
Posts
9,324
Location
Derbyshire
No-one will tell you how to do it on here.

It reads to me that he wants to secure his traffic whilst using public wifi, e.g. at a pub so no one can sit there sniffing his passwords.

I'd go down the SSH / VPN route, some routers (and most after-market firmware) will let you VPN straight into them with OpenVPN for example; or you can just set-up a VPN server on your PC.

Failing that I'd just remote desktop into my home machine (using windows remote desktop / teamviewer etc). Less hassle and probably more secure to be honest.
 
Soldato
Joined
2 May 2004
Posts
19,943
Go for SSH. The links KIA posted will work under Windows. Alternatively, set up CentOS/Fedora/Ubuntu on another PC/VM and install SSH on there. There are plenty of tutorials around. http://www.techotopia.com/index.php/Configuring_CentOS_Remote_Access_using_SSH

Make sure you change the port it uses to something random and also use private key authentication only (turn password auth off).

Then you can use PuTTY with a dynamic tunnel & Firefox with a SOCKS proxy pointing to 127.0.0.1:<dynamic_port_number>


No-one will tell you how to do it on here.

Hmm?
 
Last edited:
Soldato
Joined
13 Jan 2004
Posts
20,929
Laptop > Public Internet > SSH Server on port 443 (Home) > Proxy Server listening on internal subnets only (Home)

I use busybox as an SSH daemon on my router and privoxy for the HTTP/HTTPS requests. Simple, lightweight, works out of the box and highly configurable if you want it. Strips out advertisement and HTTP/Java annoyances also. I like to run SSH on the router as it gives me access to the entire subnet rather than a single PC. You can achieve the same with a linux box and IPTABLEs but in a Windows environment doing it from the router is just easier.

I no longer do ANY browsing on public internet without tunnelling it home - far too many exploits and potential to have data captured.

Running the SSH server on port 443 (HTTPs) gives you ultimate flexibility and the best chance of getting out of strict environments - Public APs that only allow HTTP/HTTPS traffic for example. SSH also does not have the highly temperamental issues of VPNs such as IPSEC passthru and additional overheads of a VPN tunnel failing on networks with highly set MTUs.

Client wise. I use PuTTy on windows machines and Connectbot on my Android mobiles/tablets. Both can forward local ports to the other end of your SSH tunnel. I access my HTTP Proxy, FTP servers, web management interfaces, webcams and connect to systems with Remote Desktop Protocol over the tunnel. Why expose ports to the open internet when you can connect a simple SSH tunnel and encrypt it all?

A typical propxy config would look like this:

Laptop:
Web browser Proxy Enabled pointing at 127.0.0.1:8080
PuTTY SSH tunnel connected with Local/Auto Port 8080 forwarded to 127.0.01:8080 if your proxy server is also your SSH server or proxyhostIP:8080 if the SSH server is separate to your proxy server.

SSH Server:
Running on port 443

Home System:
Proxy server configured to listen on 127.0.0.1:8080 and proxyhostIP:8080 actual IP if accepting data from an upstream device first Eg - Your gateway/router (The proxy server would need to listen 192.168.1.1:8080 if your SSH server ran on your router/192.168.1.254 and your proxy server was 192.168.1.1 for example)

Router/Firewall:
Forward port 443 to your system running the SSH server.

A VPN will be able to encompass ALL network traffic but they are a PITA. (See passthru and MTU/additional header concerns above) You can achieve the same with an SSH tunnel, you just have to do the forwarding on a per port basis. You can also tunnel as a SOCKS proxy for any applications that support it.

I have never, ever met a network/firewall/gateway that stopped me getting an SSH tunnel out on port 443. You can even point your SSH client at an internal authentication based HTTP proxy and chuck the tunnel through that. Do not even need a direct connection.

That flexibility alone is worth the extra work of forwarding on the ports. Once you save your PuTTy/client connection details you only have to reconnect and enable/disable them as you need.

An additional note - If you want to MASK your web browsing you need to forward DNS queries over the tunnel to your proxy also. Use a browser capable of configuring this at config level, Firefox for example. How serious are you about privacy? There are so many pitfalls - You might be performing remote DNS lookups but if you use a browser that has Anti-Fraud checking, for example, it's still going to go away and lookup from your locally configured DNS server - this is potentially the one you do NOT want logging your queries.
 
Last edited:
Soldato
Joined
13 Jan 2004
Posts
20,929
Or, if your broadband at home is a bit rubbish then get a small linux instance going on Amazon EC2 with SSH (free for 12 months) :D

Stuck with socks though unless you also put additional daemons on for specific services.

Also no access to your local network. I have SSH running on my shared box also for those times my home network might be down :D
 
Soldato
Joined
2 May 2004
Posts
19,943
Stuck with socks though unless you also put additional daemons on for specific services.

Also no access to your local network. I have SSH running on my shared box also for those times my home network might be down :D

True, but if all you want is browsing then PuTTY + SOCKS is perfect. Much better for me through AWS as well. 1Mbps/256Kbps internet doesn't do tunnelling so well :p
 
Back
Top Bottom