laptop ssh -> laptop stunnel -> evil network -> internet -> your server -> your server ssh
Sets up a stunnel process listening externally on port 2443/tcp, forwards to localhost 22/tcp
yum install stunnel/etc/stunnel/stunnel.conf
| #!/bin/sh | |
| # chkconfig: 2345 99 01 | |
| # description: SoftEther VPN Server | |
| DAEMON=/usr/local/vpnserver/vpnserver | |
| LOCK=/var/lock/subsys/vpnserver | |
| SERVER_IP=[SERVER_IP] | |
| test -x $DAEMON || exit 0 | |
| case "$1" in | |
| start) | |
| $DAEMON start |
| #!/bin/bash | |
| # Flushing all rules | |
| iptables -F FORWARD | |
| iptables -F INPUT | |
| iptables -F OUTPUT | |
| iptables -X | |
| # Setting default filter policy | |
| iptables -P INPUT DROP | |
| iptables -P OUTPUT DROP | |
| iptables -P FORWARD DROP |
| #!/bin/sh | |
| # block torrent traffic by iptable/firewall for VPN/Proxy server | |
| # me@tartan.pro | |
| # Delete all existing rules | |
| iptables -F | |
| # Set default chain policies | |
| iptables -P INPUT DROP | |
| iptables -P FORWARD DROP |
| # Kernel sysctl configuration file for Red Hat Linux | |
| # | |
| # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and | |
| # sysctl.conf(5) for more details. | |
| # Turn on execshield | |
| # 0 completely disables ExecShield and Address Space Layout Randomization | |
| # 1 enables them ONLY if the application bits for these protections are set to “enable” | |
| # 2 enables them by default, except if the application bits are set to “disable” | |
| # 3 enables them always, whatever the application bits |