SSH tunneling for bypassing firewall (http and socks)

I'm having problems setting up the following:

I am on Linux on machine LOCAL (my notebook).

I ssh into a company machine REMOTE which is behind a firewall and ONLY allows incoming ssh connections (port 22), no outbound connections whatsoever. I do have full root access on both, LOCAL and REMOTE, REMOTE is however a VPS and behind a hardware firewall.

I now need network access on REMOTE (HTTP and other protocols) for downloading and building some software. I also need to access to NON HTTP protocols such as git.

I was hoping to set up a reverse SSH tunnel for using my LOCAL machine, where I could be running a socks server. So that network access on REMOTE would be redirected over the SSH tunnel to a socks server running on machine LOCAL.

How would I go about setting something like this up?

Thanks

Baffled Geek

Posted 2010-08-04T16:49:27.063

Reputation: 51

Answers

This turned out to be much easier than I thought, what I was doing wrong was trying to do everything with one single command (which should actually be possible, given that I only need to run commands on LOCAL).

The only thing that needed to be done was 1) setting up a reverse tunnel between LOCAL and REMOTE, and then starting dynamic port forwarding on LOCAL.

I have now working internet access on REMOTE which is tunneled through LOCAL, socks applications are set up to use the forwarded port, which redirects to the dynamic port forwarding running on LOCAL.

LOCAL:> ssh -D SOCKS_PORT local_user@localhost -p LOCAL_SSH_PORT

LOCAL:> ssh -R SOCKS_PORT:localhost:SOCKS_PORT remote_user@REMOTE -p REMOTE_SSH_PORT

Baffled Geek

Posted 2010-08-04T16:49:27.063

Reputation: 51

On Unix, SSH already bundles a socks server. Just use the DynamicForward setting to set its port and there you are. For example:

Host REMOTE
  Hostname remote.yourcompany.com
  User you
  ServerAliveInterval 110
  ForwardAgent yes
  DynamicForward 9000

Then in Firefox, you can setup the proxy to socks 5, host: localhost, port: 9000

You might also be interested by tsocks that is a transparent proxy support for socks. Want to run "svn update" as if you were in the remote network ? just run "tsocks svn update".

My tsocks.conf looks like this:

# We can access 192.168.0.* directly
local = 127.0.0.1/255.255.255.0

# Otherwise we use the server
server = 127.0.0.1

server_port = 9000

And it works with SSH socks, I just tried it.

Eric Darchis

Posted 2010-08-04T16:49:27.063

Reputation: 1 178

thanks for your response, I am really having problems getting this to work, so I would appreciate if you could add details to your response, using LOCAL and REMOTE for illustration purposes. – Baffled Geek – 2010-08-04T16:56:39.277

the socks FAQ says that tsocks does not work for SSH and I am not sure if/how it could be used to reuse an existing SSH connection? – Baffled Geek – 2010-08-04T17:05:18.730

well, like I said already, REMOTE cannot make any outbound connection attempts, it has to reuse an existing connection - that's why I was thinking of using a reverse tunnel – Baffled Geek – 2010-08-04T17:31:10.833