zen.org Communal Weblog

March 10, 2005

AIM/MSN/Yahoo inside a firewall

Filed under: — brendan @ 15:16 IST

Say you want to talk to your wife or remote co-worker on AIM, but you’re on a system inside a firewall. All is not lost if the firewall is really picky about what ports it’ll allow you to use—and you have no ability to change the firewall’s settings. If the SSH port (22) is open on the firewall, you’ve got a workaround as long as you can SSH to a remote host that’s able to be configured for you or by you.

In the description of what I came up with (derived from the suggestions of others via google), both the home system and laptop I describe are running version 9.2 of the SuSE Linux distribution. In theory, however, this should work with any client using a recent copy of OpenSSH. Please feel free to correct me if this isn’t true. :)

Originally, I suggested that you need to install dante and dante-server on the remote server you’ll be using to do the work of the connection. However, it turns out OpenSSH has the DynamicForward option which does the work for you, making the OpenSSH server and client use the SOCKS5 protocol to handle the connection. Many thanks to Justin Mason for pointing it out.

On the laptop that’s roaming from place to place, install just the GAIM instant messaging package. (In theory, if we had to use dante-server then you’d also install the dante client on the laptop so KDE can use the SOCKS for its own IM client kopete. However, we’re using GAIM because I’ve been unable to make KDE+kopete work for me in this. And since OpenSSH is doing the work, we don’t need to install the extra package on the laptop.)

From inside the firewall, log into the remote system with the command “ssh home“. The ~/.ssh/config file (or wherever your SSH client keeps its configuration) should have

   Host home
     HostName 1.2.3.4  # server external IP address
     # If we were using dante and dante-server, we'd need:
     #LocalForward 1080 127.0.0.1:1080
     # However, we can just use this:
     DynamicForward 1080

On the laptop, run GAIM and go into Preferences, selecting Network. Under ProxyServer choose Proxy type SOCKS5, and set Host to 127.0.0.1 and Port to 1080. Click on Close.

To connect, click “Sign On” in the GAIM window. (You’ll need to make sure that each account in GAIM has “Auto-login” selected so more than just AIM are used.)

In theory, the SSH tunnel letting you use SOCKS should now make any/all of your AIM, MSN, and YahooMessenger IDs be online successfully. I’ll be interested to hear of any problems others might have trying to get this to work.

6 Comments »

  1. you know recent OpenSSH servers support acting as a SOCKS server directly? ie. it opens a SOCKS4 port on the client side, and the server proxies on the requests. very nice.

    http://jmason.org/software/scripts/mailtunnel.txt is what I use to set this up and keep it running, even when moving from network to network with intermittent offline time.

    Comment by Justin Mason — March 10, 2005 @ 17:05 IST

  2. Thanks! Nope I didn’t know that OpenSSH had that in it, and just used it myself. Much, much easier. I’ve updated the post to reflect using that instead.

    Comment by brendan — March 14, 2005 @ 06:24 IST

  3. Wow, I should’ve played with SOCKS before. Before, my .ssh/config was creating LocalForward entries for the imaps port to my desktop system, imaps to my incoming mail server, smtps to my outgoing mail server, and then also doing a DynamicForward of 1080 so SOCKS would let Jabber, AIM, MSN, and Yahoo all work.

    I realized Thunderbird didn’t need all of these entries for host 127.0.0.1 and random port numbers (like 1993 to get to desktop:993, 1994 for incoming:993, and 1465 for outgoing:465). Instead, I put them back to the correct host/port stuff, and went to Edit->Preferences->Advanced, looked in Connection Settings, and made it use SOCKS v5 with host 127.0.0.1 port 1080.

    So now if I’m in any random location, I ssh into my desktop machine using “DynamicForward 1080″ so it’ll use the OpenSSH-driven SOCKS thru the SSH tunnel for all mail activity—to any of the three hosts! No matter where I happen to be. Way cool.

    If Thunderbird just had something like a profile or location chooser, so I wouldn’t have to create the ssh tunnel from my laptop or my Zaurus to my desktop host when I’m at home and using one of them downstairs…

    Comment by brendan — March 17, 2005 @ 05:28 IST

  4. Thank you for this tip. I have just set it up for Windows Messanger (The old version of MSN) as they use this at my work. I can now connect from outside the network.
    Very useful.

    Comment by Ed — November 9, 2005 @ 17:16 IST

  5. try a web based ssh client if your stuck behind a firewall and don’t have an ssh client on your local machine -

    http://www.browsershell.com

    Comment by john — June 23, 2008 @ 15:39 IST

  6. Wow, I should’ve played with SOCKS before. Before, my .ssh/config was creating LocalForward entries for the imaps port to my desktop system, imaps to my incoming mail server, smtps to my outgoing mail server, and then also doing a DynamicForward of 1080 so SOCKS would let Jabber, AIM, MSN, and Yahoo all work

    Comment by Msn nickleri — April 12, 2009 @ 17:12 IST

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

(required)

(required)


Powered by WordPress