Re: How to proxy http from a secured site via a reverse-tunnel?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Oct 14, 2008 at 01:46:34PM -0400, Buck, Robert wrote:
> Two networks exist: engineering and corporate. The engineering network
> is firewalled so that NO traffic can go out (but SSH can go in); these
> computers cannot connect to the internet.

> On the engineering network there exists a engineering linux machine that
> I want to temporarily provide internet access to so that I can update
> the OS. This is the goal.

Well, the "obvious" way to do it would be to put the machine on the
corporate network temporarily, then move it back when the OS upgrade
is finished.  Please don't dismiss that solution prematurely.

Beyond that, a reverse tunnel would be the first thing that comes to mind,
for me.  I don't know all these fancy ssh -D options and things, so let's
assume you have a squid proxy running on host 'squid' port 3128.  This
machine is reachable from host 'corporate', which can also reach machine
'linux' which is the machine you want to upgrade.

>From a shell on 'corporate', you could issue a command like this:

  ssh -R 3128:squid:3128 root@linux

This gives you an interactive shell on 'linux' with a tunnel to the
squid proxy on 'squid' accessible at localhost:3128.

You can configure apt-get (or your flavor's equivalent) to use the
squid proxy, with something like:

  export http_proxy=http://127.0.0.1:3128/
  apt-get update
  etc.

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux