tunnel computer traffic to remote server

Hello everyone,

I know how to use putty, foxyproxy to anonymize my web traffic connections(on my virtual machine) to external. How do I obtain the same thing with my whole virtual machine? Because I want to run terminal with ssh encryption connection too.

Any help would be greatly appreciated.
totorohaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
you need 3rd party software for that, on windows - effectively you are looking to socks-enable a piece of software that lacks socks support (sometimes called "socksifying")

the free apps for that are no longer developed (and work only on older releases of windows) and the commercial ones are expensive and (in my experience) don't work too well. It's possible qemu could be socks-enabled,  but would require hacking that into place. ..
0
giltjrCommented:
What about setting up a computer to computer VPN connection?  

Although I have never done it, I would assume that you can actually setup ssh to do this.  I did a search on Google with the terms "SSH VPN Windows" and came up with a few hits that looked promising.
0
totorohaAuthor Commented:
My host is windows system, and my guest is linux system. I can do foxyproxy for linux web traffic, but thinking about making the whole web traffic of linux box only through ssh is kind of difficult for me. Can we do that inside the linux box with SSH command ?
0
Webinar: Cyber Crime Becomes Big Business

The rising threat of malware-as-a-service is not one to be overlooked. Malware-as-a-service is growing and easily purchased from a full-service cyber-criminal store in a “Virus Depot” fashion. Join us in our upcoming webinar as we discuss how to best defend against these attacks!

Dave HoweSoftware and Hardware EngineerCommented:
inside a Linux box? possibly.  openssh offers layer 2 tunnelling,  which (with some nat rules) could do this, if not as cleanly as a socks support option could. you could possibly use that to l2-tunnel from the guest to the egress host - wouldn't be transparent to the guest that way, but should work in theory.
0
totorohaAuthor Commented:
Thanks Dave. If anyone has detail instruction, that would be a great help for me.
0
giltjrCommented:
O.K., let me make sure I understand this.

You have a Window computer that has a Linux virtual machine.

You want ALL traffic from the Linux to go through an anonymizer?  I may be a bit naive since I don't have a need to  anonymize, but are there anonymizer for all types of traffic?

If there is, I don't think the VPN idea would work, as the other end, the anonymizer, would need to be setup to accept that VPN tunnel connection.  At least I  don't think a  traditional VPN  (lt2p or IPSec) would work.   Now if they support SSH port redirects, then a SSH-VPN type tunnel may work.
0
Dave HoweSoftware and Hardware EngineerCommented:
Traditional VPN is actually more common for that - the egress point is masked, but the traffic isn't truely anonymised (however, if you are using a virtual machine, that is good enough in context; there is nothing to link that to your real machine)

Layer two ssh forwarding IS vpn, in all but name - see here for example - but is therefore no better or worse than any other vpn technology (ssl vpn such as OpenVPN, or ipsec vpn such as freeSWAN), other than being carried over ssh. Given ssh is single-threaded, that can be a bottleneck; I would actually suggest, in context, that OpenVPN would be a better choice, as that can be sent over tcp/443 and looks pretty much like any other sort of SSL traffic (hence, lost in the noise)

The downside though with all of this - if you are using a ssh host to anonymise, almost invariably there is a paper-trail to track you back to that host, and even if there isn't, a simple check of traffic to and from that host will show a massive correlation between the ssh tunnel and the actual traffic. of course, a lot depends on who you are trying to be anonymous from; a random website would probably be fooled well enough, a TLA wouldn't be (mind you, a TOR hidden service goes though *six* hops of encrypted tunnels-within-tunnels, and still a TLA can track that)

Its also overkill - normally, if I want traffic to look like it comes "from" a ssh host, I actually arrange for that to be true - its trivial to set up a vnc session on the ssh host, I can run browsers etc natively there, and use vnc (over ssh tunnel) to access that desktop; I can also run a xen or kvm guest directly on the ssh host, again, using native resources.  Still, I am trying to answer the question asked, rather than the question I think should have been asked :)
0
ExpertNotReallyCommented:
I don't know if this is allowed and if it is not my apologies.  If you want to anonymize your web traffic I would suggest setting up a system whether it be your windows host as a TOR router.  Once you do that set your vm to use the TOR router as it's gateway and all traffic will run through it.  I have my Raspberry Pi set up this way and followed a how-to similar to this one.
0
totorohaAuthor Commented:
I appreciate all the effort that everyone put to help me. So let me make it clear:
- I have a Windows host
- I have a vmmachine with linux on it
- I cannot format my windows host and turn it to Linux because my works require windows a lot.
- I want to learn reverse engineering, and play with several malware samples from home.
Hence, I don't want to become target or my home wifi become the favorite destination point for hackers.
0
giltjrCommented:
---> play with several malware samples from home.

Is the vmmachine on a separate physical host from your Windows or are you running it under your WORK Windows system.

If you are running it under your work Windows, then stop.  Don't do it.  

Get a separate physical machine.  Get ESXi ( you can get a free license) install it. Do NOT under any circumstance do anything playing with viruses or malware  on a production system.   In fact I would suggest you see if EE has a section dealing examining viruses/malware and see how others do it.  Personally I would try to do this in a way that there is NO network connectivity to the Internet.  I doubt very much somebody that provide anonymous access to the Internet is going to be happy with you making them a target.

If EE does not have a section dealing with people that do this, then I would suggest you see if you can find another forum that does.  Some of these are nasty and even running them on a VM can infect/damage the host OS.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dave HoweSoftware and Hardware EngineerCommented:
yeah. for this sort of thing I would suggest that you go to cash generators or similar,  buy an oldish laptop (which are reasonably cheap) & install a Linux host with kvm or xen. create a tunneled connection that has a tun adapter (Openvpn, ssh l2, or whatever & associate your vm with that device only. put that in a dmz so if the malware escapes the hypervisor, your real machine isn't compromised. ..
0
totorohaAuthor Commented:
really nice suggestion. I will try to do it.
0
totorohaAuthor Commented:
I will buy an old machine, install Linux as Host system. After that, I will install windows XP as a guest system with virtualbox. Is that ok?
0
giltjrCommented:
That would be fine.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSH / Telnet Software

From novice to tech pro — start learning today.