Hide your IP using ssh socks proxy

Socks proxy using SSH

Tunnelling over our Internet link it sounds already exiting, isn’t it?. But how difficult is it? Do we need any complex and sophisticated configuration of hardware and software? Hmm.. it is not necessary even to involve ipsec or ssl stack to create VPN. SOCKS is built in to OpenSSH so it’s trivial to run SOCKS proxy server with ssh client running with option -D. This option configures SSH client to listen on your local Linux box on specified by us tcp port. Then  we will use SOCKS5 proxy configuration built into most of Internet browsers to connect to.

Continue reading

Cisco enable http server

Follow these steps to enable https secure web configuration on your router or switch:

#conf t
 username tech privilege 15 secret 0 userpassword '<-- create user tech with the highest privileges'
 ip http server '<-- enable http access'
 ip http access-class 23
 ip http authentication local '<-- enable local authentication'
 ip http secure-server
 ip http timeout-policy idle 60 life 86400 requests 10000

VLANs on Cisco switch or EtherSwitch card


VLANs concept is very well known to separate network traffic on single switch to increase security. This allows more clearer network design minimizing needs for an additional hardware to deployed. The below example has been tested on Cisco 1900 series router eqquipped with EHWIC-4ESG-P EtherSwitch card. This configuration supports up to 16 VLANs but higher end devices can support up to 4096 VLANs. Please refer to your device documentation for more details. Continue reading

Cisco weird interfaces, nvi, svi, bvi

NVI – NAT Virtual Interface

Not everyone knows that from IOS version 12.3(14)T, Cisco has introduced a new feature called NAT Virtual Interface; NVI removes the requirements to configure an interface as either NAT inside or NAT outside. An interface can be configured to use NAT or not use NAT.

How to use NVI? It’s easy! You must use the command ‘ip nat source …’ without specifying the inside/outside tag and enable the nat to the interfaces using the command ‘ip nat enable’. Continue reading