Archway Surgery. Archway Development & Consulting Ltd
MAIN MENU
Prison Services
SSH Essay
NHS Organisations impacting Primary Care
Foundations of Iraq
 ENQUIRE 

 

 


Revised 12/2015

                $ How to reduce Internet traffic when every byte costs$

                                    Controlling Data Charges

Summary:
Fix the IP address of your PC to same network as your router/satellite device, but put in a false gateway IP or none.   Define one fixed route to an external proxy server, this could be your machine at home, and use that external machine as a proxy server for the internet connections you want. Use a different browser that can set and use the proxy server for its connection.

Why?
I have been travelling to where internet is very limited, such as by slow boat to Tristan Da Cunha and working there, and worked in the Antarctic and in remote Australia and Africa.  I required my own Satellite Data connection and phone.   I bought from http://www.toowaydirect.com/ a  BEGAN Thrane 300   It uses Inmarsat satellites and is  PAYG.  It is excellent.  But of course every byte up or download costs a lot.

When I first turned on my firewalled PC and connected it to satellite internet it sent up 700kb of nothing within a couple of minutes. That costs $$.  I had not asked for a single web page or email.  A windows update would cost a fortune.

I needed a way to block all traffic except that I want. An outgoing firewall will not work.  I quickly gave up on that idea.  Many programmes seem to use common essential ports such as port 80 for their background communications, and you need those.   

How:
The best option is to use an external proxy server instead of a direct connection to the internet make just one route in the routing tables to that server.

The speed penalty of using an offshore proxy/gateway to the internet is insignificant when dealing with the high latency and relatively low speeds of satellite systems. I already have a UK based server (VPS) a server at home. The VPS has 100mbs connections (EUKHOST) is quicker and very stable and has fixed IP, but my UK home system works pretty well. Cheap options include using private proxy server server such as myprivateproxy.net for only $2.50 a month for https proxy, and no lock-in contract, giving you fast ( you can ask for UK IP  server)  connections.

Stop the  PC that is using the satellite connection knowing the route to the internet. Turn off DCHP. As far as the Windows PC, or a MAC for that matter,  are concerned there is no internet connection.

Fix  the IP of the network card on the PC to the same network as your satellite device (aka router), remove any gateway IP in the field that pointed to the router/satellite device and put in  some other non-used local IP address instead,  or could leave the gateway field blank.  You have to turn off DCHP as that will make your satellite or low bandwidth router the PC's default route to the internet.  Fixed IP, remember to put it back when you go on ordinary networks!

Set the DNS as per your internet provider or use your favourite DNS as normal (8.8.8.8    8.8.4.4 etc).

The computer cannot talk to the internet as there is no route.   Google  and its apps are thwarted.  So is Microsoft and the rest that might want to download an update and chatter. Not one byte is transmitted to the satellite in a background.

Now put in a fixed route to your external  https proxy server that goes via your satellite device or router.  This is the only route the pc knows and is only to one place, one IP.

CMD (as Adminstrator)

route add -p 123.123.123.1  192.168.0.1 

That is route add –p 123.123.123.1 (IP of  proxy server)  192.168.0.1 where 192.168.0.1 is the IP of the router/Satellite device.     Check with route print command.

Now you can set some programmes such as Skype, Messenger apps,  Firefox, Sea Monkey or Opera to use the https or socks proxy. Sea monkey and Opera have inbuilt email clients.   Do not set internet explorer to use the  proxy in "internet options" as that will give the game away and too many other services will use it and updates might start being pulled down at great expense.  Keep Internet explorer as your default browser (which now will not work as it must not know the route to the internet; when it does the WHOLE PC will knows); we are keeping all windows things fooled that there is no internet connection.    

Google chrome cannot define its proxies independently of internet explorer so avoid that browser.  I use Seamonkey from mozzila as it has an email client.

To tell those programmes you want to use your external proxy, either https or socks proxy via the programmes options/configs.  Put in the IP and Port of your poxy, and if socks via SSH you put in localhost and port.   The fields have to be an IP address, not your http proxy domain name, as you do not have DNS lookup, you are not connecting to the internet, so the name would not be resolved to an IP address.

Now you can use the internet, but only those programmes that can connect via the proxy.  You are in control and only you send and ask for goes up and down.

There are some programmes which do not have the option of defining network connections.  If there was anything else you have to fiddle with a proxyfier.  Not easy.

 
Using SSH PROXY:
It is simpler is to use a private http proxy server but that is not encrypted, so I use SSH proxy.

On my home and also my VPS server I have SSH running as more secure than an open http proxy. If  your server is Linux then SSH is out of the box, while with windows server install Bitvise SSH server .  SSH is can be a socks proxy server once logged in to it.  Use your favoured port for SSH communication, but of course 22 is the default.  Make sure the server’s firewall is open to the port you use. Allow tunnelling.

On the travelling PC that is using the expensive connection, the satellite connection, install tunellier or myentunnel.    You need to enable it to run dynamic socks and set a sensible port such as 1080, 7080.   Log into your server using the server’s IP, not domain name.  You can of course as the computer knows this route to that one connection, you have put in the fixed route.  

By the way with SSH you hardly ever have to configure the server end once set up, as when you are logging in it is issuing commands from the client side to the server.

To use the SSH tunnel proxy on your programmes,  go to the  networking options of each programme and tick use socks proxy, and set in the IP of the listening dynamic port of the LOCAL machine  eg 127.0.0.1  7070   or as localhost 7080 (1080 of whatever)

Another approach would be to use Softethervpn server as that can make all its connections on a single tcp port, and can even be proxied, so you could connect to your home or office network as a VPN. Do not lef it create a gateway to the internert!

Email, when using limited expensive connections is best used as web pages, or if, as I do, you prefer proper email client use IMAP, not POP, and set the client to download headers or minimal data and no attachments by default, thus avoiding downloading that 7mb picture of a baby or cat.

 Gerry Bulger