Comments on: Protecting your browsing with iPhone SSH tunnels

By: ChrisJohnRiley

ChrisJohnRiley — Sun, 28 Mar 2010 18:49:59 +0000

After you’ve run the SSH command it will sit and just run without feedback. You can force it to go into the background by adding an & to the end of the command. This will leave you free to run the 3proxy command straight afterwards. I’ve not played about with using nohup (not even sure it works on iPhone) but you might want to look into that as well.

The error you get with 3proxy sounds like it’s already running. Run a ps | grep 3proxy and see if it’s running in the background.

By: dgc

dgc — Sun, 28 Mar 2010 11:35:39 +0000

Sorry, maybe I’m a bit thick on this one. There seem to be a couple of problems I don’t understand. I guess what I was expecting it to drop back to the command line so I can run 3proxy.cfg. Does this mean after enabling backgrounder, I can quit that terminal session and start a fresh one to run 3proxy.cfg and the tunnel will still be active? I thought that would kill the tunnel.

Also, when I run 3proxy.cfg, it says “100328113238.941 8080 000 – 127.0.0.1:8080 0.0.0.0:0 0 0 0 bind(): Address already in use”

I assume something wrong with my 3proxy.cfg but I’m not familiar enough to figure it out. I appreciate the help so far. I’d really like to figure out how to use this to circumvent the Great Firewall of China on my iPhone.

By: ChrisJohnRiley

ChrisJohnRiley — Fri, 26 Mar 2010 11:21:15 +0000

Just a thought… but what do you expect to happen? The -N command specifically tells SSH not to run anything. In this case, the lck of response, command-line or error says that the forwarding is probably working just fine. You need to make sure you background the terminal to keep the command running.

By: dgc

dgc — Thu, 25 Mar 2010 15:02:15 +0000

It could be that Dreamhosts sshd configuration doesn’t allow tunnelling

Unlikely, since I tunnel through it on my linux and windows boxes everyday (I live in China). I’m using the same port on the iPhone as well, so I know that’s open. After I enter the password, the terminal just hangs… no command line, no error, nothing. Tried on different Wi-Fi connections as well.

By: ChrisJohnRiley

ChrisJohnRiley — Thu, 25 Mar 2010 07:16:28 +0000

It could be that Dreamhosts sshd configuration doesn’t allow tunnelling…. also the -N option requires SSH protocol version 2. To ensure protocol version 2, use the -2 option in the command-line.

By: dgc

dgc — Sat, 20 Mar 2010 10:30:16 +0000

I’ve been trying this and ssh’ing to Dreamhost is hanging up if I include the “-N” operator. Any idea why?

I also get this sometimes, though I think its because I kill the hanging process and it doesn’t close the listening port correctly.:

bind: address already in use
channel_setup_fwd_listener: cannot listen to port: 8081
Could not request local forwarding

Any help would be appreciated

By: Steve

Steve — Thu, 04 Mar 2010 04:51:21 +0000

What’s the advantage of this 3proxy approach over running squid on remotehost, setting up an ssh tunnel using

ssh -p 64000 -L 8080:localhost:3128 -l username remotehost -f -C -q -N

then setting the manual HTTP proxy localhost:8080 for the iPhone’s Wi-Fi setting for the specific network?

I’ve been using this squid approach successfully, but also have 3proxy and am wondering why I should use that.

By: Goran Cobanovic

Goran Cobanovic — Sun, 06 Dec 2009 02:25:08 +0000

Great read, will come back for more soon, thanks

By: Cedric

Cedric — Sun, 22 Nov 2009 16:52:08 +0000

Can you give me the name of the hosted VPN service? I’m searching besides 26c3 for a more secure dataconnection of my phone and it’s hard to find a reliable and trustworthy service for 30$

Maybe you will add me at twitter @kernelpaniclite so we can DM?

By: ChrisJohnRiley

ChrisJohnRiley — Sat, 21 Nov 2009 08:20:28 +0000

Due to router issues I went with 2 options. 1 was a Dreamhost server that runs my US SSH server. The other is a hosted VPN service that encrypts from the device to a central server, then directly connects to the web. The service was something like $30 for a year, and at the time it was a lot more cost effective than buying a new router, configuring and setting up the VPN over a weekend before Blackhat. Still, there’s plenty of time before next years events to set something up Problem is, iPhone doesn’t support OpenVPN (yet).

If you’ve got a DECT eventphone you can call me on extension 2252 (BAKA) or you can catch me on twitter as I’ll be using that to setup meeting and posting information about the conference. I’m @ChrisJohnRiley on Twitter.