Ssh – Making proxy available on remote server through ssh tunneling

PROXYsshssh-tunnel

I know I can use ssh tunneling to create a "proxy" on my machine so that I can make all the traffic generated locally go through a remote server. Like this:

$ ssh -D 12345 myuser@remote_ssh_server

But what about if I need to create a "proxy" on the remote server, so that all the traffic that I send it will go through my local machine? Is this possible with ssh?

Essentially, I want to use my local internet connection with some specific commands to run remotely, as the server does not have direct access to the internet.

Best Answer

The simplest way to do this is one port and host at a time. For example, to forward traffic from remote:8001 to intraserver:80,

ssh -R 8001:intraserver:80 myuser@remote

But if you want to forward all traffic from remote, and you have an ssh server running on your local host,

ssh -R 2200:localhost:22 myuser@remote ssh -D 10800 -p 2200 localhost

Unwrapping that:

-R 2200:localhost:22 sets up a forward from remote:2200 to localhost:22.
ssh -p 2200 localhost runs ssh on remote, to connect to remote:2200, and so back to localhost:22 (tunneled over the first ssh connection).
-D 10800 tunnels SOCKS from remote:10800, over the connection from remote back to localhost.

Related Solutions

Sql-server – Why can’t I connect to remote Microsoft SQL Server through SSH tunnel

When upgrading to a newer Dlink Router, I had the problem of no longer being able to connect to SQL SVR between computers on my network (plugged into the Dlink Router).

I found the solution on this forum.

Disabling "Advanced DNS Service". Enabled is the default.

(Setup > Internet > Manual Internet Connection Setup > Advanced DNS Service)

According to the post that I found, it also resolves difficulties connecting RDP. The was some speculation that the SQL SVR connection requests were being sent out to OpenDNS thus preventing the desired connection.

For SQL SVR 2008, there is some additional Surface area configuration needed to allow connections including connections to named instances.

Note that with Open DNS turned on, you can enable local SQL SVR connections using the port forwarding settings of the Dlink Router. If you turn off Open DNS, the port forwarding settings are not required for connections between computers on your network. If you want to allow SQL SVR connections from the Internet to computers on your DLink Network, you need to configure this in Virtual Server settings (not Port Forwarding). Both Port forwarding and Virtual Server are found on the advanced tab.

My Router is less than a year old (DIR 655)

Ubuntu – SSH Through Reverse Proxy

If the pound server is a firewall, I'm assuming it will be running iptables, set up iptables to forward from external port X to internal port Y. Pound is designed to proxy http and https, port forwarding for non web traffic should be done by the appropriate software, which is not pound in this case.

Something like this might work

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 222 -j DNAT --to 192.168.1.2:22
iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 22 -j ACCEPT

iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 223 -j DNAT --to 192.168.1.3:22
iptables -A FORWARD -p tcp -d 192.168.1.3 --dport 22 -j ACCEPT

And so on, adjust to your situation, etc.

Best Answer

Related Solutions

Sql-server – Why can’t I connect to remote Microsoft SQL Server through SSH tunnel

Ubuntu – SSH Through Reverse Proxy

Related Topic