Port forwarding with proxy server

forwardingporttunnelingweb

I'm behind a firewall with incoming connections blocked on all ports. I'd like to run an Apache Web Server on my machine. Is it possible to configure a free public proxy server to forward the incoming connections to my local server through the firewall?

Best Answer

If outgoing connections are relatively open, you can ask ssh(1) to create tunnels for you.

ssh -R *:8888:localhost:80 username@proxyserver.example.com

Now, connections to proxyserver.example.com:8888 should be forwarded to your local port 80. The details from the ssh(1) manpage:

 -R [bind_address:]port:host:hostport
         Specifies that the given port on the remote (server) host
         is to be forwarded to the given host and port on the
         local side.  This works by allocating a socket to listen
         to port on the remote side, and whenever a connection is
         made to this port, the connection is forwarded over the
         secure channel, and a connection is made to host port
         hostport from the local machine.

         Port forwardings can also be specified in the
         configuration file.  Privileged ports can be forwarded
         only when logging in as root on the remote machine.  IPv6
         addresses can be specified by enclosing the address in
         square braces or using an alternative syntax:
         [bind_address/]host/port/hostport.

         By default, the listening socket on the server will be
         bound to the loopback interface only.  This may be
         overridden by specifying a bind_address.  An empty
         bind_address, or the address ‘*’, indicates that the
         remote socket should listen on all interfaces.
         Specifying a remote bind_address will only succeed if the
         server's GatewayPorts option is enabled (see
         sshd_config(5)).

         If the port argument is ‘0’, the listen port will be
         dynamically allocated on the server and reported to the
         client at run time.

Related Solutions

Proxy mail to different smtp server with Postfix

Postfix is extremely flexible (and therefore, complex) in its configuration, so there are various ways to achieve this. The simplest way would probably be to use a transport(5) table.

First, enable the use of a transport table in postfix:

/etc/postfix/main.cf:
    transport_maps = hash:/etc/postfix/transport

You'll also have to make sure that Postfix accepts mails for the addresses that will be handled by Lamson. Have a look at permit_auth_destination for the rules Postfix will apply to determine valid recipient addresses. For the following example, assuming "example.com" is a domain not otherwise known to Postfix, it's probably easiest to simply add it as relay domain:

/etc/postfix/main.cf:
    relay_domains = example.com

Then, create an appropriate table. E.g. to redirect all mail for the domain "example.com" as well as mail for "user@mydomain.org" to your local Lamson listening at port 10025:

/etc/postfix/transport:
    example.com          smtp:127.0.0.1:10025
    user@mydomain.org    smtp:127.0.0.1:10025

After that (and then once after every update to the transport table file) don't forget to run:

$ postmap /etc/postfix/transport

This should get you going. Be sure to read the transport(5) man page, which will give you more ideas on how to use this powerful facility.

Ssh – VPN connection over SSH

Yes, piece of cake!

Your WindowsXP box would need to become the default route for all your other computers. I do this often using a similar technique to tunnel traffic through an HTTP proxy firewall.

Couple things you need to do:

On your ubuntu server, locate the sshd.conf file and enable, if not already GatewayPorts yes
Install Putty on your WinXP computer and configure a connection from WinXP to your Ubuntu server and under the Tunnels section, create some tunnel entries making sure to check the box "Local ports accept connections from other hosts", then use some random unprivledged ports. You should have a list like so:

L5000 1.2.3.4:443 where 5000 is the local port you listen on and 1.2.3.4 is your ubuntu server.

Now you need to enable Routing and Remote Access service under the services (right click My Computer, manage & navigate to services section). Once enabled, need to edit the following RegKey: HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > Tcpip > Parameters and look for something like “IPEnableRouter”. Double click on it and turn the value from 0 to 1 and reboot your computer.
After the reboot, pop open a command prompt and type some commands:

netsh routing ip nat install netsh routing ip nat add interface "if-public" full (where if-public is the interface used to connect to ubuntu server) netsh routing ip nat add interface "if-private" private

It should be obvious that your WinXP machine cannot be using DHCP; you'll need static IP assignments here.

Best Answer

Related Solutions

Proxy mail to different smtp server with Postfix

Ssh – VPN connection over SSH

Related Topic