We have access to a secure linux infrastructure through a Windows machine.
The linux infra has no access to internet, but the Windows machine has.
On this windows machine, we have installed putty, and can connect to the linux infra with it. We can set up tunnels from the windows machine to the linux infra, in both directions (local and remote).
What I'm wondering is whether we could give the linux infra an internet access through the Windows host, via a remote tunnel using putty.
We only need http/https access, because this is for debian security updates and new machines provisioning (which right now cannot install any package due to lack of internet access).
The schema is quite clear in my mind, but I don't know how to implement it in practice:
I think I would need a sort of http proxy on the windows machine, that listens on the port that the remote tunnel directs to?
How to configure the frontal ssh machine so that other hosts using it as gateway connect through the ssh tunnel?
Also, how will DNS work in this case?
Thanks for pointers!
Best Answer
If the SSH server allows it (which is the default setting for most Linux distributions) you can set up TCP forwarding with PuTTY (and any other SSH client).
Determine a port on the SSH server that is available and not in use, for instance 8080.
In PuTTY set up a rule that will tunnel TCP traffic from that port 8080 on the SSH server over SSH to your Windows system and forward that to your proxy server (proxy.example.com port 8080) :
On the SSH server set the
http_proxy
andhttps_proxy
environment variables and many applications will then be able to use that proxy server over the ssh port forwarding (some applications will need their own settings modified to use a proxy):and test with for instance:
On the other servers (firewall permitting) you can then use:
This is config has not been tested.