Tag Archives: antinat

Antinat outgoing ip same as incoming

Problem

The previous post shows you how you can configure the outgoing ip in antinat but if you have multiple ips and you want to use all of them and you want to be able to control which one to be used for certain things that patch doesn't do enough for you.

Solution

Antinat should bind the ougoing connection on the same ip on which it receives the connection from the client.

So if you want to use a different ip just set your configure your socks settings in the browser or proxifier to the ip you want antinat to use.

And here's the patch to let you do that ...

[download id="24"]

This patch is incompatible with the one on the previous post, you can either have that one or  this one so make sure you apply it on the original antinat source.

Questions or suggestions are welcome as always ...

http://www.google.com/url?sa=t&source=web&ct=res&cd=1&ved=0CAgQFjAA&url=http%3A%2F%2Fantinat.sourceforge.net%2F&ei=WoKjS9DcKczFsgaGwJjMCA&usg=AFQjCNEOlqPAc6T7bkDx0VQpJc2kIBBYHA&sig2=Mdve5s6Ylxdz72SqWJdYfA

Antinat outgoing ip

This post is the first in a series of posts about antinat. The posts will provide solutions for some "problems' with antinat. So here goes the first one ....

Problem

Antinat creates outgoing connection from the primary ip defined on the machine where it's running. There's a config option to make antinat listen on a specific ip but no config option to make it use a specific ip for outgoing connections.

Solution

The attached patch will make antinat use the same ip that it's listening on for outgoing connections. You specify the listening ip with the "interface" config option and now that ip will also be used for outgoing connections.

[download id="23"]

I assume you already know how to patch ... if not ... just ask in the comments or hire me to patch it for you 🙂

HowTo: Shared Hosting as Socks Proxy

Problem

You need a proxy to connect to a service that would only accept connections from a certain location.

You have a shared hosting account on a server in location that is accepted by the service where you want to connect. Could you use it as a proxy server.?

You could install one of those proxy scripts made in php but that would only let you browse the web, what you want is be able to proxify any application and for that you need a socks server working with one of those proxifier applications  (like tsocks on linux/unix ).

So could you use a socks proxy on your shared hosting account?

Solutions

The solutions are listed starting with the most simple working on the most permissive hosting accounts and ending with the most complex suited for the least permissive accounts.
There will be further posts describing the solutions in detail. This post is mostly an introduction.

  1. SSH Tunnel

    This is the simplest but it assumes that your hosts allows ssh access to your account and they don't block ssh tunnels.

    1.  

    This creates a socks server on your local host , then you can use it in the proxifyer app to forward all connections through it.

  2. Custom SSH Tunnel

    This is a solution for those hosting accounts that don't allow ssh tunneling, but allow you to connect over ssh and run a program ( antinat - a socks server ) once connected over ssh.

    ( One might wonder: why create a tunnel when you could just run antinat and connect directly to it? If you can do that then that's the best way to do it but most shared hosting servers would have all ports blocked so you would not be able to connect to any port other then the standard ones ( 80,443,25,110,143, etc ) but those are only available to root and are already busy anyway. )

    The idea is to forward the traffic from your computer to the proxy server through the actual ssh connection instead of using the standard tunneling mechanisms which are blocked by server's configuration.

    For this you would need a program on your host to act both as a socks server ( sort of ) and as a forwarder through a ssh connection. On the other side ( hosting account ) you would need another program that would receive data from the ssh connection and forward it to antinat. Both programs would actually have to forward data both ways.

    Both forwarders would have to multiplex connections and forward them through a single ssh connection because most hosting accounts only allow one connection / user

  3. Callback Socks server

    This is a solution in case your hosting account has no ssh access.

    It's similar to previous solution but in this case instead of having the local forwarder connect to the remote ( hosting ) forwarder through ssh, you eliminate the remote forwarder and just have the socks server connect back to the local forwarder and then forward everything through that connection.

    This would require modification to the socks server as antinat doesn't have this callback feature built in.

    Another requirement is that you are able to upload and run antinat on the server. Usually you can do this by just calling it in a php script ( eg.: system('antinat') ) or from a perl script if the host offers cgi access.

  4. Custom script ?

    What if for some reason (no cgi or php system() blocked ) you can't run antinat?

    Well in this case I'm guessing it would be possible to write a script that you could call over a http connection, and forward through it, but php's socket functions would need to be available and script's max execution time would limit your connection time so don't expect much of this.

I have used solution #1 and I wrote the software and patches required to make #2 and #3 work. In the following weeks I'll write the posts to describe them in more details.

You can subscribe to my RSS feeds or connect with me on one of the social networks listed in the sidebar if you want to be notified when they are posted.

If you know other ways of doing this or ideas about my solutions I'd love to read about them in the comments.