.. meta::
  :navigation.name: SSH tunnel

SSH tunnel
----------

Here are some scripts (for Debian Linux systems) to let you use WebCleaner
over ssh and dialup from your box at work (my.atworkbox.com) to your box
at home (my.homedslbox.org).

Remember: do not open port 8080 in your home-firewall for this to work.
If you do not have a firewall on your home dsl box or don't know what I
am talking about, leave these scripts alone!

1. Put this iptables line in your firewall at my.homedslbox.org::
   
     $IPTABLES -A INPUT -i ppp0 -p tcp -s my.atworkbox.com --dport ssh -m state --state NEW -j ACCEPT
   
   This assumes your ppp interface is ppp0. And you must have state
   matching enabled in your kernel.

2. copy this script on my.homedslbox.org::
   
      -- start file /etc/ppp/ip-up.d/30webcleaner --
      # add external IP to the allowed host list
      # tested under Debian Linux
      #!/bin/sh
      D=/etc/webcleaner
      O=$D/webcleaner.conf
      N=$D/webcleaner.new
      R="s/^ allowedhosts=.*/ allowedhosts=\"localhost,$PPP_LOCAL\"/"
      test -f $O || exit 0
      rm -f $N
      sed  -e "$R" $O > $N
      mv -f $N $O
      /etc/init.d/webcleaner reload
      -- end file /etc/ppp/ip-up.d/30webcleaner --

3. copy this script on your work box my.atworkbox.com::
   
     -- start file ~/bin/f.sh --
     #!/bin/sh
     ssh -C -2 -L 8080:my.homedslbox.org:8080 my.homedslbox.org
     -- end file ~/bin/f.sh --
   
4. Start your home box, start webcleaner, then start your network with "pon".
   The script 30webcleaner gets executed.
   
5. Go to work, start script f.sh and you can surf with this setting:
   ``export http_proxy="localhost:8080"`` :-)
