osx - I can connect to my SSH server but cannot browse the internet

08
2014-07
  • bigpedro36

    I have setup an ssh server on my windows 8.1 system as well as port forwarding on my home router and from inside and outside of the network I can login on my macbook using the command ssh -D 8080 [email protected] -p 443(in the actuall command the X's are my public ip address). Once I've logged in I activate the socks proxy 127.0.0.1:8080. I know that I have successfully logged in because I can view my home computer's entire folder structure. Now here is where I get confused; although I am successfully logged in and have properly setup my socks proxy my browser times out when i attempt to go to any web pages and never takes me there.

    I have tried:

    • Using ports other than 8080(which gives me an error and immediately closes the ssh connection when I try to go to a webpage)
    • Logging in from different networks including internally on my home network
    • Using multiple browsers
    • Turning the firewall off on my macbook.
    • Turing the firewall off on my desktop

    I'm out of ideas and have no clue what to do to get it to actually work. It is pointless for me to only be able to manipulate my file structure as i need to be able to reach git and other resources that are blocked.

    • Answers
    Know someone who can answer? Share a link to this question via email, Google+, Twitter, or Facebook.

    Related Question

    router - Setting up an SSH Server on Port 80
  • Ryan

    I'd like to set up an SSH Server to the public internet on port 80.

    I've got SSH for Windows installed on my machine, and I can use Putty to SSH into localhost.

    In my router config, I set up a "Virtual Server" to forward TCP and UDP from public port 80 to my local machine on port 22.

    But when I use shields up it tells me that port 80 is closed stealth.

    I'm using a D-Link router. Anything I might be missing?

    Why port 80? I'm trying to access some files on my home machine from another computer behind a firewall that blocks port 22. Not sure if 443 or 8080 are blocked.


    • Related Answers
  • 0x89

    Using Port 433 is a good Idea for ssh as the packets are indistinguishable from https.

    If shields up tells you that the port is closed, it either means that

    1. The firewall on your router correctly lets the packets pass to your LAN, but they don't get picked up by the daemon on your machine.
    2. The firewall on your router is not configured to just drop packets to unwanted ports.

    The second point is very unlikely - firewalls usually just drop unwanted packets, as a reply would mean sending just more unecessary traffic through the pipes, an attacker might gain knowledge from the reply, or the source IP may be spoofed (that could even mean somebody is using you to attack someone else..).

    So assuming that 1. is true, it is possible that

    1. You have a personal firewall of some sort running on your box that is replying to the packets.
    2. Your ssh daemon does not accept the connection (maybe it is configured to only accept connections from certain devices, subnets, etc.)

    If shields up tells you that the port is "stealth", it means that a firewall on the way silently drops the packets. This either means that your router is misconfigured or that you are behind another NAT of some sort.

    You could have added information about your way of connecting to the internet and your ISP on your question, that might have helped..

  • EvilChookie

    There are a few reasons:

    1. Some d-link routers don't like to port forward 80. You might be able to get around this by changing the port used by the router's interface to something like 8080 - your rule might work then.

    2. Some ISP's don't allow inbound traffic on port 80 - this is more than likely the overall reason you're not seeing it allowed.

    Why do you need to use port 80? Can you use another port?

  • Jared

    Your ISP may block traffic on port 80 to stop you from running a web server, try a high port like 48928

  • Ryan

    D'oh! Turns out that Windows Firewall was on.

    Not quite a victory, however, because the client's http proxy does not support CONNECT, which means I can't ssh in.

  • Axxmasterr

    You are on the right track for sure!

    The suggestion that was posed earlier about the router not happily relinquishing port 80 is a valid concern. I have dealt with problems like this before with good success so I will share my experience with you.

    I would recommend using a port that you are guaranteed to find open on your ISPs egress firewall. 

    Port 443

    This port is always my first choice. Your ISP cannot lock this port down without breaking every website that allows you to buy something online. 

    Port 53

    This Port is almost always open as well.