Getting Started

• The Basics
• The SSH Account
• Starting and Stopping
• Known Issues

VPN Usage

• Server Setup
• Windows Networking

Privacy Usage

• General Privacy
• Behind a Firewall

Advanced Usage

• Exclude Mode
• Include Mode
• Save Settings
• Block non-tunnel traffic
• Proxy Settings
• Using a Private Key

Home      Download     SSH Accounts     How To      Uses      Specs     FAQ     Forums     Contact     Advanced Usage > > Using the Privacy Settings Motivation: Many organizations (schools, companies, etc) use port-scanners and other probing methods to determine what software and services you are using (we used to call these people hackers, now they're called "administrators".) A packet-blocking feature (firewall) would likely thwart the organization's attemted probes, yet still allow normal connectivity through SSH tunnels. (Note - SSH Tunneled traffic cannot be analyzed...it's encrypted :) Properly configuring your "Privacy Settings" causes any non-tunneled traffic you choose to be blocked. This includes any local-network or other traffic that is not to be tunneled by Safe Passage via your SSH host. This allows you to be sure that ALL traffic (TCP, UDP, DNS, ICMP, etc.) is either tunneled (TCP or DNS) or is ignored by your computer. Use the Privacy Settings dialog to select which ports you wish to be blocked and which ports you would like to leave open. Selecting Include Standard Open Ports will leave open those ports most commonly used for local network applications and web applications. Selecting Allow a response (Stealth Mode) forces Safe Passage to respond to any connection attempts with the proper response given by closed ports. This makes the Safe Passage firewall transparent to any network diagnostics like port scanners. This feature will cause loss-of-connection to your local network/printers/etc. It will also protect you from port-scanners (no-one will be able to tell which, if any, software you are using.) Note - even without this feature enabled, Safe Passage blocks any non-TCP traffic to tunnel targets, so protocols such as UDP, ICMP (ping/traceroute), and others will be blocked to your "secured" hosts. Setting up remote port forwarding for P2P filesharing Some applications need to receive connections on dedicated ports, for instance most P2P filesharing applications use these dedicated ports to connect to each other. It generally isn't "required" for those P2P applications to work, but they do work faster if you set up remote port forwarding while using Safe Passage. To use this feature set up your P2P Application to use a port number between 1025 and 64000. You should choose a random port number to use since there may be other users on the SSH server you connect to with Safe Passage already using the standard ports used by these applications. Be sure that the port number you set the P2P application to use (for instance on Kazaa you change the port it listens to under the Tools --> Options menu as shown below: Example using Kazaa: Then enter a RANDOM NUMBER between 1025 and 64000: Now to set up remote port forwarding simply add the same port number in the safe passage dialog that you used for the P2P application as shown: as VPN for Privacy Through Firewall as VPN for Privacy Through Firewall