On Tue, Oct 14, 2008 at 01:46:34PM -0400, Buck, Robert wrote: > Two networks exist: engineering and corporate. The engineering network > is firewalled so that NO traffic can go out (but SSH can go in); these > computers cannot connect to the internet. > On the engineering network there exists a engineering linux machine that > I want to temporarily provide internet access to so that I can update > the OS. This is the goal. Well, the "obvious" way to do it would be to put the machine on the corporate network temporarily, then move it back when the OS upgrade is finished. Please don't dismiss that solution prematurely. Beyond that, a reverse tunnel would be the first thing that comes to mind, for me. I don't know all these fancy ssh -D options and things, so let's assume you have a squid proxy running on host 'squid' port 3128. This machine is reachable from host 'corporate', which can also reach machine 'linux' which is the machine you want to upgrade. >From a shell on 'corporate', you could issue a command like this: ssh -R 3128:squid:3128 root@linux This gives you an interactive shell on 'linux' with a tunnel to the squid proxy on 'squid' accessible at localhost:3128. You can configure apt-get (or your flavor's equivalent) to use the squid proxy, with something like: export http_proxy=http://127.0.0.1:3128/ apt-get update etc.