Tuesday, January 31, 2006

HOWTO: Tunneling HTTP over SSH with DD-WRT, DynDNS and Putty

I thought I would write up a tutorial for tunneling HTTP over SSH as it is a great way to increase security and privacy of web surfing. I happen to work at a company that doesn't allow use of anonymous proxies (which is fine) but I don't necessarily want them viewing my web traffic either. Here is how I set up an HTTP tunnel to my home network from work.

My home setup consists of a Linksys WRT-54GL wireless access point connected to a high-bandwidth internet connection. The Linksys WRT-54GL is version 4 of the WRT-54G. With version 5 of the WRT-54G Linksys changed the hardware and stopped using Linux internally. Because of these changes the device could no longer run third-party firmwares. The WRT-54GL is Linksys' response to hobbyists (hackers) who still want to tinker with other firmwares. For this tutorial you'll need a router capable of running the DD-WRT firmware. This excellent firmware has many great features including an SSH daemon which is a prerequisite for our tunneling. A list of supported devices can be found here.

Instructions for flashing the firmware can be found all over the Internet. I'll assume the reader can flash the router and get the DD-WRT firmware running (Administration->Firmware Upload). Some Linksys routers (including the WRT-54GL) have a 3MB limit to firmware size so if that is the case use the mini version of DD-WRT first, once that is running upload the version you want.

I'm using DynDNS to keep tabs on my dynamic Internet IP address. This free service allows you to keep your changing IP address up to date and matched to a hostname. DD-WRT has support for automatically keeping the address updated. Other services are supported too so you can choose your favorite. Once your dynamic DNS account is created you can enter the relevant information into the Setup->DDNS tab in DD-WRT.

The next thing you will need to do is enable the SSH daemon. This can be done throughout the Administration->Services tab in DD-WRT. Under SSHD select enable. The login will be username:root password:[your router password].

To connect to the SSH server and tunnel HTTP you will need the Putty SSH client. To connect to your router enter the hostname or IP address of your router on the Session tab:

Next, to setup the tunnel click on Tunnels, enter 3000 (or whatever local port you'd like to use) for the source port, click Dynamic and click Add. This will create a SOCKS proxy on your local machine on port 3000 (or whatever port your chose) that you can use with your web browser.

Now you can click Open to log into your router. The tunnel isn't created until you log in. Remember that your username is root and your password is your router password (you changed it right?).

Now you're ready to connect your web browser. Using Firefox, you will have to configure a proxy server. Click Tools->Options. Then under General click Connection Settings. On this screen you can configure the SOCKS proxy that you've set up using Putty. Select Manual proxy configuration, enter localhost for the SOCKS host and 3000 for the port (or whatever you used). Click OK. You should now be tunneling through your home router over ssh.

You can verify that the connections are being forwarded by looking at the Putty Event Log. You should see something similar to the following after loading www.google.com in your web browser.

Friday, January 27, 2006

Senators challenge Broadcast Flag!

This is excellent news...

After getting iPods of their own, some senators are questioning the motives behind the Broadcast Flag. Read on for the dettailed account...

I want a DaVinci Cryptex

For all you DaVinci Code fans out there this is really awesome. This site builds Cryptex's to custom orders. Some of these look really awesome! Check out the gallery on the website.

Promoting your blog and generating traffic?

How the heck to people promote their blogs. I'd like some tips in the comments please. I'm going to add it to my email signature I think. blah blah blah. whatever.

Thursday, January 26, 2006

XBox Media Center or MythTV HTPC???

So I've decided that I need a media center. I don't know how much use I would get out of it but as an engineer I need to build one. There are so many cool software packages to choose from (excluding Windows Media Center). Currently I'm torn between using a modified XBox to run XBox Media Center and a self-built Linux box running MythTV. For price reasons I will probably go with the XBox/XBox Media Center option. Of course, I could always install MythTV on an XBox running Linux. If anyone is actually reading this I would appreciate input. over and out...

Monday, January 09, 2006

IFIHADAHIFI, 1.6.2006 at Cactus Club Milwaukee

Happy Monday everybody (anyone?). I just wanted to drop a mention of a great band I saw (for the second time) last Friday at Cactus Club. They're called IFIHADAHIFI and are a great noise rock band from the Milwaukee area (although originally from Green Bay I think). I saw them back in ought-two opening for the Poster Children and they blew me away then. They are a fantastic live show, very energetic. Catch them if you can (the ladies might want to bring some earplugs). The opening band Bang Bang (from Chicago) was also worth checking out.

I'm also looking forward to the Life & Times show on Jan, 27. Life & Times is the current project of the former Shiner frontman Alan Epley. Here is a Pitchfork review of their latest called Suburban Hymns which I (unfortunately) have yet to hear. I guess I pick it up at the show.

Tuesday, January 03, 2006

Nintendo Weirdness

Make your own Question Boxes a la Super Mario Bros

Mike Tyson's Punch Out Song Video (warning: retarded)

First Day Back

at work after the hollidays. I need to get back on a work schedule as I've been staying up too late and sleeping in a lot. I need some caffeine, good thing my wife is an assistant manager at Starbucks. Back to work...

Sunday, January 01, 2006

Pro-Co Rat Distortion Pedal Modification

As a guitarist and an engineer I've always been facinated with guitar effects pedals. I've built my own and modified a bunch of them over the years. This is a recent modification to a Pro-Co Rat distortion pedal that I was quite pleased with.

The Rat is a great distortion pedal but one of my annoyances with it is that it doesn't have an LED (like most other pedals) to let you know when it is on. Yeah, if the distortion is turned up high you can tell but I often turned down the distortion and cranked the volume on this pedal to slam the input of my tube amp. Anyhow, this modification fixed the no-LED problem and made the output much hotter at the same time.

The Rat uses an operational amplifier (op-amp) in its distortion circuit. Two diodes are used in the feedback loop in parallel (and in opposite directions) to clip the signal at about 0.7 volts. LED's clip at a higher level (about 3.5 volts depending on type and color). So by replacing these feedback diodes with LED's the pedals output is much hotter (great for driving that tube amp). A side effect is that the LED's light up when the circuit is clipping. The brightness of the LED's is porportional to the amount of clipping. So when I did this I mounted the two feedback LED's on the case so I would know when the pedal is on (and have a cool light effect to boot). Here is another picture:

How to Setup a Wi-Fi Hotspot

Creating a Wi-Fi Internet hotspot service from scratch can seem like a daunting task. I had many sleepless nights trying to get to grips with FreeRadius, DD-WRT, Chillispot etc. I hope that this How To helps you to avoid some of the problems I encountered along the way.

Happy New Years

I didn't make a new-year's resolution to create a blog. It just happened that way. I drank way too much last night (how common is that) but had a good time with my wife Kari at our friend Chuck's (somewhat) new house. I don't have any specific plans for this blog so it may get boring fast, or it may develop a theme as time goes on. I may post about my wife, our pets, information security (I'm a software security guy), music, weirdness or whatever.

It is sort of weird writing a first post knowing that most-likely no one will read it. Bye no-one.