Windows – Share internet from Windows machine to a Linux machine through ssh

PROXYsshtunnelwindows

We have access to a secure linux infrastructure through a Windows machine.
The linux infra has no access to internet, but the Windows machine has.

On this windows machine, we have installed putty, and can connect to the linux infra with it. We can set up tunnels from the windows machine to the linux infra, in both directions (local and remote).

What I'm wondering is whether we could give the linux infra an internet access through the Windows host, via a remote tunnel using putty.

We only need http/https access, because this is for debian security updates and new machines provisioning (which right now cannot install any package due to lack of internet access).

The schema is quite clear in my mind, but I don't know how to implement it in practice:

I think I would need a sort of http proxy on the windows machine, that listens on the port that the remote tunnel directs to?

How to configure the frontal ssh machine so that other hosts using it as gateway connect through the ssh tunnel?

Also, how will DNS work in this case?

Thanks for pointers!

Best Answer

If the SSH server allows it (which is the default setting for most Linux distributions) you can set up TCP forwarding with PuTTY (and any other SSH client).

Determine a port on the SSH server that is available and not in use, for instance 8080.
In PuTTY set up a rule that will tunnel TCP traffic from that port 8080 on the SSH server over SSH to your Windows system and forward that to your proxy server (proxy.example.com port 8080) :

On the SSH server set the http_proxy and https_proxy environment variables and many applications will then be able to use that proxy server over the ssh port forwarding (some applications will need their own settings modified to use a proxy):
```
export http_proxy="http://username:password@localhost:8080"
export https_proxy=$http_proxy
```
and test with for instance:
```
curl -vv http://serverfault.com
```

On the other servers (firewall permitting) you can then use:

export http_proxy="http://username:password@<ip-of-ssh-server>:8080"

^{This is config has not been tested.}

Related Solutions

Windows SSH Tunnel Manager – Setup and Usage

For what you're looking for, I believe you'll be happy with either the 'Putty-tunnel-manager' ('PTM'?) project or 'Putty Tray' solutions. The two get their sessions from Putty, though you can move/copy the sessions to PTM as oppose to putty tray which uses putty all the way. Only PTM will allow you to stop and start a tunnel session from the taskbar... Putty tray will allow you to start it only. I've used Tunnelier, but it doesn't seem to be what you're looking for since I couldn't find an easy way of creating taskbar items(sessions).

I like Putty Tray better because I like having access to a terminal window/session when I load a tunnel (makes me feel more powerful by having access to Putty's configuration as oppose to the limited settings offered in PTM)... but maybe you want this as a solution for end-users, so with PTM you only create your tunnel (no terminal window opens). The nice thing about this is that if you left-click on the icon it shows you your opened sessions. A minus for PTM, it gave me a UI programming error when trying to call the taskbar when the settings page was in the background... looks like a bug.

All in all, that's my assessment for the already posted solutions.

I'd like to add another solution I found though it might be a little more bloated than putty and the above solutions. In any case, I thought it was a worthy mention since it's free and pretty full-featured:

XShell

Free for home and education

alt text http://www.netsarang.com/e_image/xsh_161.gif

This features page is pretty informative, so I won't rewrite it here. I found this client to be pretty full-feature which was something I was looking for, specially for the Tabs and easy launching of sessions/tunnels through the taskbar. Here's a couple of highlighted features listed on the site:

Using full screen view to use your entire monitor as a terminal
Using Compose bar to send a string to multiple servers at once.
Using tunneling bar for real time channel monitoring (SSH)
Using Dynamic Port Forwarding with Tunneling bar (SSH)
Using local shell interface to control Xshell

The application sessions are text-based and saved to the user's profile which could be easily scripted '\Application Data\NetSarang\Xshell\Sessions\Links'

The application comes with Xactivator.exe (276KB) which is the taskbar app that can be launched at startup, finds the sessions and allows you quick launch for them... unfortunately, it does not provide a disconnect in the taskbar.

Compatible with:

Microsoft Windows 98/ME/NT/2000/XP/2003/Vista

Microsoft Windows Terminal Server

Citrix MetaFrame for Windows

Linux – how to tunnel Windows Remote Desktop through ssh using a linux box

Assuming your linux box is accessible from the internet at 1.2.3.4 on port 23008, on an external system I would do:

external% ssh -p 23008 -L 13389:192.168.8.y:3389 username@1.2.3.4

I'd then connect to the port-forwarded RDP system with

external% rdesktop localhost:13389

If your external box isn't a linux box, there will be equivalent commands for the tools you have; the idea is still the same: to forward external's port 13389 to 192.168.8.y's port 3389, then use external's RDP client to connect to localhost:13389.

You refer to setting up the linux box's sshd correctly, but unless you've reconfigured it, the standard sshd setup is likely to support this just fine.

Best Answer

Related Solutions

Windows SSH Tunnel Manager – Setup and Usage

XShell

Linux – how to tunnel Windows Remote Desktop through ssh using a linux box

Related Topic