--EOF--

--EOF--

--EOF--

1）到江苏移动网站确认关闭cmnet功能

2）直接使用Mobile Partner的cmnet连接 APN：cmnet 拨号：*99***1#

这样即时使用的cmnet连接，最后走的流量也都是cmwap的，不用担心产生在套餐外的流量。

使用 Proxifier + UGiA CMWAP代理服务器2.0 就可以很方便的上网了~~

http://www.ugia.cn/?p=119

UGiA CMWAP代理服务器2.0January 19, 2007 at 8:37 am · Filed under General

到此这个软件的功能基本完成了，剩下的就是在稳定性以及性能方面的改进了。2.0版的功能点如下：
1.支持http及socks代理服务，socks服务兼容socks5、socks4以及socks4A。
2.不需要修改User-Agent，解决xml错误及乱码问题。
3.可以将此软件当作一个普通的http2socks的代理服务器使用，只需要在配置文件里把类型改为非cmwap，并指定一个http代理服务器。
4.如果指定了二级socks代理服务器，可支持单纯的socks数据转发。
5.空闲超过一段时间会自动连接，防止断线。
6.自动检测当前网络限制。

因为都需要通过移动的http代理出去，所以socks服务不支持udp转发，当然也不支持bind。大部分地区的cmwap网络限制不同，甚至每次拨号之后也不相同(直接导致我前面的文章改了三次...)，大部分不能connect 443以外的端口，所以会导致socks服务受到很大限制，软件启动时会自动检测是否可连接443以外的端口，如果显示limited，那就需要指定一个运行在443端口的公网socks代理服务器来突破限制了，这样这边就只作数据转发工作。无论如何，还是建议在qq中使用这个软件提供的socks代理服务，可防止假死。

下载：proxy_v2.0.rar

代理服务器地址：127.0.0.1，端口：http为2008，socks为1081。可通过修改config.ini来指定其他端口。

Proxifier is a program that allows network applications that do not support working through proxy servers to operate through an HTTPS or SOCKS proxy or a chain of proxy servers.
There are many network applications that do not support working through proxy servers and thus cannot be used behind a LAN or firewall(s). These can compromise corporate privacy and lead you to many other restrictions. Proxifier solves all of these problems and gives you the opportunity to work with your favorite software without any restrictions. Additionally, it lets you gain extra control over network security, create a proxy tunnel and add more power to network functionality.

--EOF--

http://hi.baidu.com/davyup/blog/item/229e99cb25e8b51abf09e66d.html

向隧道-隧道监听本地port,为普通活动提供安全连接

   ssh -qTfnN -L port:host:hostport -l user remote_ip

2.反向隧道----隧道监听远程port，突破防火墙提供服务

ssh -qTfnN -R port:host:hostport -l user remote_ip

3.socks代理

SSH -qTfnN -D port remotehost（用证书验证就直接主机名，没用的还要加上用户名密码）

-q Quiet mode. 安静模式，忽略一切对话和错误提示。
-T Disable pseudo-tty allocation. 不占用 shell 了。
-f Requests ssh to go to background just before command execution. 后台运行，并推荐加上 -n 参数。
-n Redirects stdin from /dev/null (actually, prevents reading from stdin). -f 推荐的，不加这条参数应该也行。
-N Do not execute a remote command. 不执行远程命令，专为端口转发度身打造。

虽然反向隧道在穿透内网放火墙的时候很好用，cron加上ssh-agent能实现无人职守下的主动连接,但是目前面临一个比较严重的问题，那就是隧道的不稳定性,基本上ssh反向隧道只能坚持10分钟左右就莫名奇妙的关闭掉了,是网路太差引起的断线？还是反向隧道本身的不完善性？我试图在网上找一个ssh社区去询问一下高手，但是我发现这样的社区是不存在的....也许有人会说可以每隔十分钟再重新发一次反向连接阿，但是经我尝试，发现即使是每隔10分钟重发一次反向隧道也不能解决问题，因为虽然反向隧道中断但反向隧道的进程还在，即使重发请求也不能将反向隧道重新接通...

http://sdfclub.cn/viewtopic.php?t=118&sid=cb71241647edd5cdc82b454bbdb9aa5c

There are two kinds of port forwarding: local and remote forwarding. They are also called outgoing and incoming tunnels, respectively. Local port forwarding forwards traffic coming to a local port to a specified remote port.

For example, if you issue the command

ssh2 -L 1234:localhost:23 username@host

all traffic coming to port 1234 on the client will be forwarded to port 23 on the server (host). Note that localhost will be resolved by the sshdserver after the connection is established. In this case localhost therefore refers to the server (host) itself.

Remote port forwarding does the opposite: it forwards traffic coming to a remote port to a specified local port.

For example, if you issue the command

ssh2 -R 1234:localhost:23 username@host

all traffic which comes to port 1234 on the server (host) will be forwarded to port 23 on the client (localhost).

It is important to realize that if you have three hosts, client, sshdserver, and appserver, and you forward the traffic coming to the client's port x to the appserver's port y, only the connection between the client and sshdserver will be secured. See Figure Forwarding to a third host. The command you use would be something like the following:
ssh2 -L x:appserver:y username@sshdserver

http://www.dd-wrt.com/wiki/index.php/Telnet/SSH_and_the_Command_Line#Remote_Port_Forwarding

Remote Port Forwarding
This is useful to tunnel things like RDP (Remote Desktop) through an encrypted SSH tunnel over the internet. For example, you want to be able to access your work computer from home.

If you had:

HomePC <-> Router <-> Internet <-> Firewall <-> WorkPC

WorkPC, which is running RDP on port 3389, issues ssh -R 5555:localhost:3389 root@router.home

HomePC can use his RDP client to connect to port 5555 on the router and this would create an SSH tunnel which will connect HomePC to port 3389 on the WorkPC

注解：

在WorkPC 执行  ssh -R 5555:localhost:3389 root@router.home

这样 localhost会解析为WorkPC

HomePC对router.home的5555端口的访问被转发到WorkPC的3389端口

--EOF--

编译安装：

socks proxy:

ss5

antinat-0.90  依赖 expat-2.0.1

ssh server:

dropbear-0.52

lsh-2.0 依赖 liboop-1.0

注意使用编译选项：

./configure CPPFLAGS="-I/path/to/expat/include" LDFLAGS="-L/path/to/expat/lib" --prefix=xxx

--EOF--

zz From http://en.wikipedia.org/wiki/Comparison_of_SSH_servers

Comparison of SSH servers

From Wikipedia, the free encyclopedia

Jump to: navigation, search

This article is incomplete and may require expansion or cleanup. Please help to improve the article, or discuss the issue on the talk page.

SSH servers is a software program which uses the secure shell protocol to accept connections from remote computers. This article compares a selection of popular servers.

Contents [hide] 1 General 2 Platform 3 Features 4 See also 5 References

[edit] General

Name	Developer	Status	Date of first release	Last release	Date of last release	License	Official web page
CopSSH	Itefix	Active	2009-01-16	3.0.1	2009-10-12	BSD	CopSSH
Dropbear	Matt Johnston	Active	2003-04-06 [1]	0.52	2008-11-12	MIT	Dropbear
F-Secure SSH Server	F-Secure	?			2004?	commercial
freeSSHD	Kresimir Petri	?		1.2.6	2009-??-??	?	[1]
KpyM	KpyM	Active		1.18	2009-08-01 [2]	BSD	[2]
lsh	Niels Möller	Active	1999-05-23 [3]	2.9-exp	2007-04-04	GPL	LSH
OpenSSH	The OpenBSD project	Active	1999-12-01	5.3	2009-10-01[4]	BSD	OpenSSH
Reflection for Secure IT	Attachmate	Active		7.1		commercial	[3]
Tectia	SSH Communications Security	Active	1995	6.1		commercial	SSH Communications Security
VShell server	VanDyke Software, Inc.	Active	1995	3.6	2009-12-10	commercial	VanDyke VShell

[edit] Platform

The operating systems or virtual machines the SSH servers are designed to run on without emulation; there are several possibilities:

• No indicates that it does not exist or was never released.
• Partial indicates that while it works, the server lacks important functionality compared to versions for other OSs but may still be under development.
• Beta indicates that while a version is fully functional and has been released, it is still in development (e.g. for stability).
• Yes indicates that it has been officially released in a fully functional, stable version.
• Dropped indicates that while the server works, new versions are no longer being released for the indicated OS; the number in parentheses is the last known stable version which was officially released for that OS.
• Included indicates that the server comes pre-packaged with or has been integrated into the operating system.

The list is not exhaustive, but rather reflects the most common platforms today.

Name	Mac OS X	Mac OS Classic	Windows	Cygwin	BSD	Linux	Solaris	Palm OS	Java	OpenVMS	Windows Mobile	IBM z/OS	AmigaOS	AIX	HPUX	iPhone† / iPod Touch	WebOS
CopSSH	No	No	Yes	Yes	No	No	No	No	No	No	No	No	No	No	No	No	No
Dropbear	Yes	No	No	Yes	Yes	Yes	Yes	No	No	No	No	No	No	No	No	No	Yes†
lsh	Yes	No	No	No	Partial†	Yes	Yes	No	No	No	No	No	No	No	No	No	No
OpenSSH	included	No	Yes†	included	included	included †	Yes	No	No	Yes	No	Yes	Yes	Yes†	Yes	Yes†	Yes†
KpyM	No	No	Yes	No	No	No	No	No	No	No	No	No	No	No	No	No	No
freesshd	No	No	Yes	No	No	No	No	No	No	No	No	No	No	No	No	No	No

• ^  lsh supports only one BSD platform officially, FreeBSD.^{[citation needed]}
• ^  The majority of Linux distributions have OpenSSH as an official package, but a few do not.
• ^  Openssh 3.4 was the first release included since AIX^{[citation needed]}
• ^  Unless otherwise noted, iPhone refers to non-jailbroken devices.
• ^  [4]
• ^  Only for jailbroken devices.
• ^  OpenSSH and Dropbear are available as optware packages installed by PreWare (maintained by WebOS-Internals.org)

[edit] Features

Name	SSH1	SSH2	Port forwarding	SFTP	SCP	Compatible with OpenSSH authorized keys	Privilege separation
CopSSH	Yes	Yes	Yes	Yes	Yes	Yes	Yes[5]
Dropbear (software)	No	Yes	Yes	No	No[6]	Yes	??
Lsh	No	Yes	Yes	Yes	Yes	??	??
OpenSSH	Yes	Yes	Yes	Yes	Yes	Yes	Yes[7]

[edit] See also

• Comparison of SSH clients

[edit] References

1. ^ Changes in Dropbear in official web page
2. ^ Changes in the official web page
3. ^ Archive of lsh releases in official web page
4. ^ OpenBSD changes in official web page
5. ^ sshd_config(5) manual page 2008-04-05. Retrieved on 2008-04-27.
6. ^ Dropbear page in nslu2-linux.org
7. ^ sshd_config(5) manual page 2008-04-05. Retrieved on 2008-04-27.

Retrieved from "http://en.wikipedia.org/wiki/Comparison_of_SSH_servers"

--EOF--

Antinat

For UNIX-like environments, Antinat uses the autoconf system to provide "./configure && make && make install" style compilation.

However, you will need to have installed expat (including expat-devel) in order to compile. If the configure script is unable to locate your installation of expat, you may need to specify it on the command line:

./configure CPPFLAGS="-I/path/to/expat/include" LDFLAGS="-L/path/to/expat/lib"
The only compiler being supported on UNIX is gcc, version 2.95.3 or newer. If you use a different compiler and encounter compilation problems, by all means send in patches or bug reports, but there is no guarantee that compilation will always work with your compiler.

If you wish to include verbose output in your build, use the --with-feedback switch to configure; if you want compilation warnings turned on (gcc only!) use --with-warnings.

IPv6 is not compiled by default. If you want to include it (and know what you're doing) use --with-ipv6. Note that IPv6 support is incomplete (no filtration) and not well tested. You have been warned.

ss5

Description
SS5 is a socks server that implements the SOCKS v4 and v5 protocol. As a proxy server, SS5 authenticates, profiles and processes network requests for clients. It establishes connections to application hosts for client applications. When the client attempts to access the network, the client connects to the SS5 daemon instead of the application host.

Following authentication, clients request that SS5 perform network activities for the client. The activities might include:
Connect
Bind
Udp Associate
The SS5 protocol is independent of application protocols, and can assist with different networking services, including telnet, ftp, finger, whois, gopher, and WWW access.

socks5-v1.0r11

--EOF--

HttpAnalyzer：

HTTP协议分析工具，相比HttpWatch，有时候方便很多，特别是不仅仅针对IE等浏览器的HTTP数据包进行分析，而是对整个机器的HTTP数据包进行分析的时候。之前一直还在使用的EffeTech HTTP Sniffer则相比之下快要退出历史舞台了。

GoodSync：

多机数据备份和同步工具，速度非常快，而且用着很顺手很方便。我主要是USB硬盘，几台笔记本，台式机之间互相备份。另外小众软件这里也提供了很多其它的软件介绍，我也还都没有试验过，因为GoodSync已经让我很喜欢了。

FreeRapid：

下周RapidShare网站上的文件，相比之前使用IE下载，方便太多了。

EyesRelax：

强制定时休息眼睛的小软件，之前测试使用了好几款，最后留下了它，觉得很不错。

F-SecureSSHServe：

Windows下的SSHD服务器，之前介绍通过代理上网时也介绍过。

Proxifier：

和SocksCap32一起，现在是我最喜欢的socks代理软件。工作环境每天都用，所有的网络流量基本都通过它。

GGhost ：

这个是上周5才第一次使用，也是生平第一次自己GGhost备份自己的系统，虽然后来没进行恢复，但也算是自己折腾了一次。为啥要GGhost呢？是因为R50p上MIE查看即时报价窗口的图形总是不能出来，分析后发现有个http请求得到的数据总不正确，但通过WPE Pro查看又找不出啥问题，可能是某个算法有错？不能通过重新安装解决，没办法，直接把XP重新安装了，还好解决了问题，磁盘空间也大块省出来了。

TED Notepad：

这个记事本的升级软件相信使用的人不多？大家都去使用Notepad++或者NoteTab Pro 或者EditPlus或者UE或者gVIM去了？

在使用TotalCommand时，我现在主要使用gVIM编辑，TED Notepad查看，因为TED Notepad速度真的非常快，而且，而且按ESC就可以直接退出，很爽。

--EOF--

主机A可以上网，但ICS连接共享被禁用，一般的代理软件也不允许安装，怎么给主机B也提供上网呢？

我使用的办法：

主机A上安装F-SecureSSHServer，开启ssh tunnel功能，安装另外一块网卡，和主机B直连。

主机B上的设置：

使用putty开启ssh连接做socks代理，再使用代理软件来服务，注意需要代理软件支持Remote DNS服务。

若使用全局代理需要注意设置的代理规则：

往127.0.0.1和192.168.0.1的所有连接不使用代理，其它无要求。

使用中发现Proxifier的Portable版本对某些Java可执行程序(如aastocks的MIE)的代理有失效的情况，使用安装版则无此问题。

如果只是希望某些程序上网，则使用SocksCap32更方便。

--EOF--