Celebrating my freedom and a stupid SSH trick

I just got back into town from visiting my parents in the Dallas, Texas area (USA).  We did something that I’ve never done before, though it’s pretty obvious when I think about it.  It’s Summer Vacation for my daughter, which means no school.  My wife’s activities have slowed down.  I’m the one who gets to work.  Then I had an inspiration.

Like many in the technology world I do a lot of work remotely.  I actually work from a home office, which technically means that any time there is Internet and a telephone I’m i the office.  (Some may read that I am always in the office, and there might be a level of truth to that.)  I don’t miss the commute or the need to keep my desk so that it would impress visitors at any time.  IBM makes it extraordinarily easy to work remotely, even from Linux.  A little VPN client connects me to the IBM network any time I want.  I have email of course– lots and lots of email.  I also have the Sametime instant messaging which works just as well as people popping into my cube to disturb me.  It works better in fact because I can complete a thought before switching to them without feeling their eyes boring into my head and hearing the foot gently tapping.  In fact when I was in the office I had people carry on instant message conversations with me from the other side of the cube wall!  Other important applications are available through the Notes client or the web browser (Firefox of course!).

One advantage to this is I have some flexibility.  Since I work remotely anyway, it doesn’t matter if I’m in my home office or tucked in a room at the back of my parents’ house.  So, when we went visit my parents for Father’s Day — a quiet US event where everyone is supposed to be nice to their Dad for a day, which pales in comparison to the lavish attention we spend on Mom — rather than rushing back on Sunday we extended the visit with me working from there.  My parents get extra grandkid time.  My wife gets extra time with the grandparents distracting the kid so she can think.  My daughter gets extra spoiled.  I get work done and enjoy everyone’s company in the evenings and at lunch time.  It’s win-win-win.

All of that goes swimmingly.  My daughter went with grandpa to the natural museum to look at spiders and snakes.  My wife and my mother went shopping.  I got stuff done.  But then I end up with a weird little thing.  It had nothing to do with my IBM work.  All of that worked fine.  But I do have a life outside of IBM, you know.  My problem was with my personal email.  My Dad’s Internet connection assumes that only he will be sending email through their mail server… so as a courtesy to him they blocked access to other SMTP servers.  I guess that’s a good thing overall, but for me it was annoying.  It didn’t make sense to try to have the conversation with my dad about getting the block removed from his account.  It wasn’t worth bothering him, and since he is a Windows users it was probably good to keep any protections like that in place.  My solution ended up being simple and right under my nose.

Since I run Linux on all of my systems SSH is built-in on everything.  If you don’t already know about SSH then you are missing something. Basically it’s a very simple way to tunnel information through strongly encrypted sockets.  (If you are running another environment SSH is also available with freely downloaded applications.  For example, PuTTY is a popular client for Microsoft Windows.)   I use SSH to securely synchronize files between my laptop and the desktop across the Internet and to remotely access my home system.  However, SSH will allow you to securely tunnel any socket to a system or through a system.

Here’s the way I worked it out.  I cannot access SMTP from my current location, but my home system can access the account.  I can access my home system.  So, if I can have my laptop go through my home system I can use my mail normally.  Basically, I’m going to use my home system as a proxy server for POP and SMTP to my domain and I’ll do it through a secured tunnnel.

The command was simple.  I already use a free dynamic DNS server to update the address for my home system, so I can keep up with changing IPs from my ISP. (That was interesting.)  Essentially, I’m setting up a port on my local system which will be proxie through my home system to my mailserver destination.  Here we’ll call that myhost.  I use the username on my home system, which I’ll call user.  Here’s what the command lookedlike to do the magic:

ssh -l user@myhost -L 10110:pop.mymailserver:110 -L 10025:smtp.mymailserver:25

I get a connection between my laptop and my home system.  Anything I send to port 10110 on my localhost goes to the POP port on my mailserver.  Anything sent to 10025 on my localhost goes to the SMTP port on my mailserver.  My mailserver sees POP and SMTP traffic all coming from the same box, because the proxy causes it all to originate from my home system.  My dad’s ISP is oblvious.  I get the added advantage that any transactions going on with email are encrypted from my laptop to my home PC– though communication between the home PC and the mail server gain no additional encryption.

The command above created two tunnels.  I also automatically set up several tunnels using this technique, including one to tightVNC for remote control of my system.  In other situations I use the same sort of proxy technique to connect into a network and have VNC access to multiple workstatios behind the firewall.  Cool, huh?

I’m constantly amazed at the sort of flexibility that I have in this environment and how there are always little free tools and techniques to work through a situation.  It keeps it fun.  If you’re interested in some of these techniques check some of the links that I put throughout.  Linux does this stuff out of the box (or straight off the Internet, I guess I should say).  But with the tools around you can do the same thing in just about any environment if you do a little digging.

Happy exploring!  Cheers!

Leave a Reply

Your email address will not be published. Required fields are marked *