Ssh – how to tunnel SOCKS proxy

PROXYreverse-proxysockssshssh-tunnel

I have a distant server, that is not accessible from the outside world. I would like to turn it into a proxy nonetheless. I was thinking I could use server (that I fully own) to achieve my goal.

Apologies if the following is not clear enough, for I have very little knowledge about networking.

What I can do:

I know I can open a reverse ssh connexion from distant to server, and use it to access distant from the local computer. For instance, from local I can ssh server, then when logged in, use ssh localhost -p 12345 to finally access distant via ssh.
I also know about ssh -D 1080 server, that will allow me to use server as a SOCKS proxy from my computer

What I would like to do

I would like to open a SOCKS proxy from local, that uses the ip of distant. I have no idea wether this is possible, but in naive words, I'd say I'm trying to open a socks connexion to the server, while telling the server to use its own localhost:12345 to access internet.

In other words, I'm trying to funnel a SOCKS proxy from localto distant, thanks to server that is accessible via a public IP address.

Any idea/direction on how to do this, provided it is even possible ?

Best Answer

On local:

ssh -L 1080:localhost:1080
# now 1080 is listening on `local`

On server:

ssh -D 1080 -p 12345 localhost
# now 1080 is listening on `server`

Switch to autossh so the connections would persist.

Related Solutions

Ssh – setting up a proxy to mirror an SSH SOCKS connection

nylon supports SOCKS mirroring with ACL's

http://monkey.org/~marius/pages/?page=nylon

SSH Tunnel – Reverse Tunnel Web Access via SSH SOCKS Proxy

I finally managed to accomplish this with ssh only:

start a local SOCKS proxy on your client machine (using ssh -D) EDIT: not necessary with SSH>7.6
connect to remote server and setup a reverse port forwarding (ssh -R) to your local SOCKS proxy
configure the server software to use the forwarded proxy

1. Start local socks proxy in the background

EDIT SSH>7.6 allow a simpler syntax to start the proxy. Skip this and continue with step 2!

Connect to localhost via SSH and open SOCKS proxy on port 54321.

$ ssh -f -N -D 54321 localhost

-f runs SSH in the background.

Note: If you close the terminal where you started the command, the proxy process will be killed. Also remember to clean up after yourself by either closing the terminal window when you are done or by killing the process yourself!

2. connect to remote server and setup reverse port forwarding

Bind remote port 6666 to local port 54321. This makes your local socks proxy available to the remote site on port 6666.

$ ssh root@target -R6666:localhost:54321

EDIT SSH>7.6 allows a simpler syntax to start the proxy! Step 1 is not needed then:

$ ssh root@target -R6666:localhost

3. configure the server software to use the forwarded proxy

Just configure yum, apt, curl, wget or any other tool that supports SOCKS to use the proxy 127.0.0.1:6666.

Voilá! Happy tunneling!

4. optional: install proxychains to make things easy

proxychains installed on the target server enables any software to use the forwarded SOCKS proxy (even telnet). It uses a LD_PRELOAD trick to redirect TCP and DNS requests from arbitrary commands into a proxy and is really handy.

Setup /etc/proxychains.conf to use the forwarded socks proxy:

[ProxyList]
# SSH reverse proxy
socks5  127.0.0.1 6666

Tunnel arbitrary tools (that use TCP) with proxychains:

$ proxychains telnet google.com 80
$ proxychains yum update
$ proxychains apt-get update

Best Answer

Related Solutions

Ssh – setting up a proxy to mirror an SSH SOCKS connection

SSH Tunnel – Reverse Tunnel Web Access via SSH SOCKS Proxy

Related Topic