How can I access my webmail via a ssh tunnel?
January 4, 2006 8:37 AM   Subscribe

How can I access my webmail via a ssh tunnel? My corporate firewall started blocking ports 2095, 2096, and 2082, but I can ssh to the box that is hosting my domain.

I used to access my webmail via https://domain.ext:2096/ but no longer can. My host runs Linux and my desktop machine is Windows. How do I properly set up an ssh tunnel so I can access my webmail via the web and not using lynx from within an ssh session?

I tried using putty and L2095 <> localhost:2095 and same for 2096, but to no avail. Perhaps I was doing something wrong.

Thanks for the help.
posted by seinfeld to Computers & Internet (15 answers total)
I'm able to get thru to gmail on ssh using lynx, and you can easily forward your mail there. May I ask why you'd rather not use lynx?
posted by By The Grace of God at 8:40 AM on January 4, 2006

you want to setup Putty for dynamic port forwarding, then point your web browser to a SOCKS proxy at (yes, localhost).

Putty will act as a SOCKS server, tunneling your requests so that your traffic will be coming *from* the box you're sshing to. That way the machine is talking to itself.
posted by mrbill at 8:42 AM on January 4, 2006

Response by poster: mrbill: mind explaining how to do that? I'm not sure how to fill in the fields in the socks portion of the putty config -- do I do anything with tunneling??

posted by seinfeld at 8:57 AM on January 4, 2006

Here's what I do:

1) Obtain access to a Linux or UNIX server (I run a Linux server on my home DSL line, and I use to map my dynamic IP address to a hostname)

2) Install sshd and squid on the above server

3) Install putty on the Windows PC. Setup an ssh tunnel from localhost:3128 (local) to localhost:3128 (remote)

4) Set web browser proxy to localhost:3128

5) Start putty, establish ssh connection to server.

6) Surf and enjoy.
posted by dudeman at 9:02 AM on January 4, 2006

I need to duly remind you that your company probably has several reasons why it implemented these filters and has listed punishments for even attempting to circumvent them.

I'm not saying that they're right, but it's their network, their rules. If you like your job, do not run afoul of them. Network admins are smart and quick to anger.
posted by unixrat at 9:09 AM on January 4, 2006

building on mrbill's answer, PuTTY can act in a "dynamic" tunnel mode in which it acts like a SOCKS proxy. The added benefits are that you don't need to install and configure Squid on your Linux box, which is quite a large and complex package, and many other net-using programs can use SOCKS.

Here's how to do it, using the latest PuTTY and Firefox versions:
1. Configure PuTTY. Start PuTTY and put in the address of your host server to connect to on the first screen. In the menu on the left, pick 'Tunnels' from the tree. Under 'Add new forwarded port:' put in 1080 (this is pretty arbitrary, but 1080 is the "official" SOCKS port). Leave 'Destination' blank and choose the 'Dynamic' radio button. Feel free to go back to the 'Session' entry on the menu tree on the left if you wish to save a session so you don't have to do this every time.

2. Configure Firefox. Under Preferences, click the 'Connection Settings' button from the main 'General' options. Click 'Manual Proxy configuration:' and under 'SOCKS Host' put in localhost with port 1080. Click OK and try to surf. You should now be being routed through your Linux host. You can go to to verify you're being routed through your host's IP address.
posted by zsazsa at 9:45 AM on January 4, 2006

As a network guy myself, 100% backing what unixrat says.

Then again, There are many good (non abusing) reasons you would want to do this so for the sake of posterity, here's how I do it. I find it easiest to do it from a command line and for the hosts i need to do this often on i create a batch file. here's the syntax:

C:\putty\putty.exe -D 8080

login as usual, point your browser to, port 8080 in the socks proxy setting and you're done.
posted by skatz at 9:47 AM on January 4, 2006

Oops. I forgot to say in the PuTTY step to press the 'Add' button after filling in the 'Source port' and selecting the Dynamic radio button.

skatz's batch file way does the exact same thing as doing it graphically, only it's easier to click on once it's set up.
posted by zsazsa at 9:50 AM on January 4, 2006

Response by poster: skatz: point my browser to http://localhost:8080 or http://localhost? And what, exactly, do I put in the Connection portion of my Firefox configuration? Do I need to do anything with putty configuration on the tree in the left?

posted by seinfeld at 9:52 AM on January 4, 2006

seinfeld, whether you use my 'Step 1' or skatz's batch file, you configure Firefox the same way as in my 'Step 2'. Just make sure you put in either '1080' as in my instructions, or '8080' as in his. His PuTTY command line does the same thing as the instructions I gave on configuring PuTTY graphically via the 'Tunnels' configuration dialog.

'Point your browser' is a bit misleading, he's just saying put in (aka localhost, they're the same thing) in the SOCKS host box in Firefox's connection settings.
posted by zsazsa at 10:05 AM on January 4, 2006

Bitvise Tunnelier makes this stuff about a million times easier. I use it to RDP into a home machine and that's behind a Linksys running a firmware replacement. Your options are about a million times more flexible.
posted by phearlez at 10:08 AM on January 4, 2006

Response by poster: zsazsa, I cannot surf via port 1080. It's tough determining what outbound ports are available, isn't it?
posted by seinfeld at 10:08 AM on January 4, 2006

seinfeld, Firefox is connecting via PuTTY's own SOCKS server port 1080 (or 8080, once again, the port is completely arbitrary) on localhost, aka, aka your own computer. That connection goes from 1080 on your computer, through the SSH tunnel, to your Linux host, and out to the real world. Your workplace can't filter that as long as the SSH connection gets through.

The proxy is completely transparent once you've got Firefox configured. You can just go to normal http:// and https:// addresses in like you always have before.

It looks like Bitvise Tunnelier does the same integrated SOCKS thing that PuTTY does.
posted by zsazsa at 10:21 AM on January 4, 2006

You may not want to use webmail under lynx, but have you tried just using elm or pine instead?
posted by krisjohn at 3:12 PM on January 4, 2006

Response by poster: Yes, krisjohn, I have. My shell providers does not, well, provide, either.
posted by seinfeld at 6:45 PM on January 4, 2006

« Older Track down a dead Brit's living descendants, from...   |   I'm looking for some floppy shoes. Newer »
This thread is closed to new comments.