Way to make an ssh tunnel be the "default router"

Hi,

My work computer (Redhat AS4, I have root) is isolated from the
company's Intranet. I am, however, allowed to ssh to a "common"
computer that has access to the Intranet.

I would like to create an ssh connection between my computer and the
"common" computer and then have the tunnel be the "default router" for
my computer.

I have been successful at using port forwarding with ssh to forward a
few ports, but I want to forward ALL traffic.

Is this possible? How?

THANKS!
John

> My work computer (Redhat AS4, I have root) is isolated from the
> company's Intranet. I am, however, allowed to ssh to a "common"
> computer that has access to the Intranet.
>
> I would like to create an ssh connection between my computer and the
> "common" computer and then have the tunnel be the "default router" for
> my computer.
>
> I have been successful at using port forwarding with ssh to forward a
> few ports, but I want to forward ALL traffic.
>
> Is this possible? How?

For TCP traffic, you can set up a "dynamic" port forward in your client
with e.g. -D1080. This will act as a SOCKS (SOCKS5 IIRC) server
listening on localhost:1080. You can then tell Windows to use
localhost:1080 as a SOCKS proxy, or many network applications (e.g.
browsers) have their own proxy settings.

Of course this doesn't help with UDP. Not sure how to help there.

--
To reply by email, replace "deadspam.com" by "alumni.utexas.net"

(E-Mail Removed) wrote:
> My work computer (Redhat AS4, I have root) is isolated from the
> company's Intranet.

Presumably this is corporate policy rather than a technical limitation?

> I am, however, allowed to ssh to a "common"
> computer that has access to the Intranet.

OK

> I would like to create an ssh connection between my computer and the
> "common" computer and then have the tunnel be the "default router" for
> my computer.

You can run ppp over ssh (see google) but the performance is not terribly
good. If you're trying to circumvent company policy I assume you've
weighed up the career related risks.

I can't help but think you've got two other options to address first,
though:

* Get the policy changed to allow your machine direct Intranet
access

* Run a true VPN (e.g. OpenVPN - easy to set up and pretty secure)
between your RH AS4 box and the intermediate one.

Regards,
Chris

(E-Mail Removed) wrote:
> Hi,
>
> My work computer (Redhat AS4, I have root) is isolated from the
> company's Intranet. I am, however, allowed to ssh to a "common"
> computer that has access to the Intranet.
>
> I would like to create an ssh connection between my computer and the
> "common" computer and then have the tunnel be the "default router" for
> my computer.
>
> I have been successful at using port forwarding with ssh to forward a
> few ports, but I want to forward ALL traffic.
>
> Is this possible? How?

Assuming that this is either supported or not forbidden, you can set an
entry in "authorized_keys" on the server to start ppp, and you can
define an ssh "startup" command in /etc/ppp/peers for the remote, such
that when you start the connection it runs the command to start pppd on
the other end.

Do note that this will be slower than a regular VPN in most cases.

Then set the routing to the "other end" IP address.

--
bill davidsen
SBC/Prodigy Yorktown Heights NY data center
http://newsgroups.news.prodigy.com