I've got a Mandrake 9.0 server running at home, and would like to use that connection to surf the web through an SSH connection from work. I go through a proxy server at work, and would rather keep my web browsing encrypted.

How would I go about setting this up? I wanted to search the archives here, but I really didn't know where to start to get this to work. Are there any good newbie guides on how to do this?

Thank you in advance for your help.

Weird that you should ask about it. I just read this article.
http://ezine.daemonnews.org/200304/ssh-tunnels.html

Okay, I've got the thing functioning when I'm sitting at my workstation at home and going through the proxy server, so that's a start.

Now, here's my current frustration. I'm using Putty at work to do an SSH connection to my home server, and I also have the tunnel setup at 3128.

Now, if I do a GET command in Putty, I get a flood of HTML which is the page I'm GETting, so I'm feeling pretty great there. However, after I change my Proxy settings in Mozilla, and go to a random webpage, it gives me a "Access control configuration prevents your request from being allowed at this time" message.

One thing that puzzles me, and it might be because of my less-than-firm grasp of the big picture. When I do an ipconfig in Winnt I get a 10.x.x.x address, but when I look at my IP address when I post something in a forum, or in an email that I send from here, it's a 199.x.x.x addie, which seems to change day-to-day. What's up with that?

I'm setting Squid up through Webmin, which makes it easier, but the theories should still transfer over for those who don't use Webmin. I've created a Client Address ACL range of 10.x.x.0 - 10.x.x.255 and another of 199.x.x.0 - 199.x.x.255 (naturally, I'm filling in the x's with legitimate numbers). I'm setting the Proxy Restriction to allow on both of those ACL's, and making sure that they are above any Deny's on the list. I apply the settings, and restart Squid (whether I really need to is unknown).

So, what am I missing? What am I doing wrong? Thank you VERY much for your assistance in this one, cuz I really want to learn.

I'm not sure where you get the 10.0.0.0 address. That is a class A private address space much like the 192.168.0.0 class C private address. That means you are under a masquerade and if your 199.x.x.x address changes then your address is probably assigned dynamically with a 1 day lease time.

When you say it works from Putty do you mean you are doing it from inside your squid box? Try using the local (work machine) telnet and connect. You shouldn't have to add your work machine into squids acl list since you are going through a tunnel.

When I'm in Putty I'm SSH'ed into my server, so once that happens I *should* just have to change the proxy settings in my browser and that's it, right? It's not that way, for some reason. Still gives me the denied message.

For kicks I connected Putty this morning to my server, and then did an SSH to my desktop box at home, and THEN tried to set the proxy in the browser. Same danged result.

There's gotta be something basic that I'm missing. SOMETHING is keeping me from being able to connect from outside the home network, regardless of the SSH tunnel. Any more ideas?

when you say sshed into your server you do mean you have opened up a tunnel right? Not that you are sshed into a terminal?

http://login.hmdc.harvard.edu/~mathpre/vnc/putty/

Yeah, I've both SSHed into my server, and at the same time a tunnel to port 3128 is setup. I know it's working, because the error message I get in my browser is generated from my home server, so the connection is there. It's just not letting me through to the web from there...:mad:

when you telnet into localhost:3128 what does it tell you?

I'll give that a try on Monday when I'm back at work, and then get back to you. Thanks for the help!