SSH tunneling for bypassing firewall (http and socks)

ssh linux firewall tunnel socks-proxy

I'm having problems setting up the following:

I am on Linux on machine LOCAL (my notebook).

I ssh into a company machine REMOTE which is behind a firewall and ONLY allows incoming ssh connections (port 22), no outbound connections whatsoever. I do have full root access on both, LOCAL and REMOTE, REMOTE is however a VPS and behind a hardware firewall.

I now need network access on REMOTE (HTTP and other protocols) for downloading and building some software. I also need to access to NON HTTP protocols such as git.

I was hoping to set up a reverse SSH tunnel for using my LOCAL machine, where I could be running a socks server. So that network access on REMOTE would be redirected over the SSH tunnel to a socks server running on machine LOCAL.

How would I go about setting something like this up?

Thanks


This turned out to be much easier than I thought, what I was doing wrong was trying to do everything with one single command (which should actually be possible, given that I only need to run commands on LOCAL).

The only thing that needed to be done was 1) setting up a reverse tunnel between LOCAL and REMOTE, and then starting dynamic port forwarding on LOCAL.

I have now working internet access on REMOTE which is tunneled through LOCAL, socks applications are set up to use the forwarded port, which redirects to the dynamic port forwarding running on LOCAL.

LOCAL:> ssh -D SOCKS_PORT local_user@localhost -p LOCAL_SSH_PORT

LOCAL:> ssh -R SOCKS_PORT:localhost:SOCKS_PORT remote_user@REMOTE -p REMOTE_SSH_PORT


On Unix, SSH already bundles a socks server. Just use the DynamicForward setting to set its port and there you are. For example:

Host REMOTE
  Hostname remote.yourcompany.com
  User you
  ServerAliveInterval 110
  ForwardAgent yes
  DynamicForward 9000

Then in Firefox, you can setup the proxy to socks 5, host: localhost, port: 9000

You might also be interested by tsocks that is a transparent proxy support for socks. Want to run "svn update" as if you were in the remote network ? just run "tsocks svn update".

My tsocks.conf looks like this:

# We can access 192.168.0.* directly
local = 127.0.0.1/255.255.255.0

# Otherwise we use the server
server = 127.0.0.1

server_port = 9000

And it works with SSH socks, I just tried it.

Related

How can I use CUPS' basic authentication from a windows client?
bash: variable name not being expanded with Tab completion
Word 2010 template with automatically updated fields
What's the best way to archive my DVD library? [closed]
how to create VMDK file in Virtualbox for adding USB as a new OS?
How do I connect to internet from command prompt?
How to customize screen resolution reported to a JavaScript application by a web browser?
WUDFHost.exe constantly on 12-20% CPU
chrome socks proxy through ssh forwarding timeouts
Using secure proxies with Google Chrome
Install OS over network [closed]
Restoring from Time Machine - Permissions Error