How to do complex port forwarding (sort of)

2

1

I have a very different situation. My laptop named A, another machine B(ip-172.16.28.3) with ssh server installed and i have an account on that machine, the third machine C(ip-172.16.24.3) is a proxy server. All the machines are within a LAN, but

1- Machine B can connect to A as well as C

2- Machine A i.e.my pc, it can only connect to B and not C

Now to use internet, i do the following:

ssh -X user@172.16.28.3

Then i type firefox and i use the firefox of machine B with proxy setings as 172.16.24.3:3128

Instead of using firefox of B, i want to use my local firefox. Is there a way through which i can connect to C via B and use my local firefox for browsing

adnan kamili

Posted 2012-03-25T21:12:05.210

Reputation: 441

Answers

0

Since laptop A has ssh access to B, and B has access to port 3128 on machine C, you can set up port forwarding to bind port 3128 on machine C to port 3128 on your local computer (A). Then you can set up firefox proxy settings on your laptop to localhost:3128 and it will be using port 3128 on machine C for proxy services.

ssh -L 3128:172.16.24.3:3128 user@172.16.28.3

Explanation:

-L = Take a remote port and bind it to some local port
3128 = The local port to bind to
172.16.24.3 = The remote host (proxy server) who's port you want access to.
3128 = The port on the remote host (proxy server) that you want access to.
user@172.16.28.3 = the ssh server

This method can be used to gain access to any port on any machine that the ssh server can see on the network (one port at a time).

Once a connection is established, you can set up firefox on your laptop just as it is on machine B except use localhost:3128 instead of 172.16.24.3:3128 in the proxy settings.

("localhost" should be the same thing as 127.0.0.1)

James T

Posted 2012-03-25T21:12:05.210

Reputation: 8 515

Thanks for such a detailed answer, but it is not working because i don't have an ssh account on 172.16.24.3. I can't even connect to 172.16.24.3 directly. You have used user@172.16.24.3 instead of user@172.16.28.3, as a result the above request simply times out! – adnan kamili – 2012-03-26T00:04:14.853

@adnan kamili Sorry I mixed up the addresses. I think I fixed it. – James T – 2012-03-26T00:07:02.303

172.16.28.3 is the ssh server and 172.16..24.3 is the proxy server, you made a mistake! but ssh -L 3128:172.16.24.3:3128 user@172.16.28.3 also does not work. – adnan kamili – 2012-03-26T00:11:28.197

@adnan kamili At what point does it fail to work? Are you able to connect to the ssh server? Does it fail when you try to use firefox? Do you get any error messages? – James T – 2012-03-26T00:14:48.720

Yes it connects to ssh server. When i put proxy 127.0.0.1:3128 in firefox the request simply times out. – adnan kamili – 2012-03-26T00:21:25.237

@adnan kamili What do the proxy settings on machine B look like (screen shot)? – James T – 2012-03-26T00:22:23.703

I traced the error using proxychains for one proxy: |DNS-request| google.com |S-chain|-<>-127.0.0.1:3128-<><>-4.2.2.2:53-|DNS-request| scl2-sync1317.services.mozilla.com |S-chain|-<>-127.0.0.1:3128-<><>-4.2.2.2:53-<--timeout Everytime it shows that 4.2.2.2:53 – adnan kamili – 2012-03-26T00:24:37.293

I'm unfortunately not familiar with proxychains. I would try to do nmap localhost to make sure that port 3128 shows up. If it does not, maybe you don't have privileges on your computer to bind to local ports... maybe try a different port or use sudo. You could try using localhost instead of 127.0.0.1 in the firefox settings. Make sure that all the proxy settings are exactly the same as the proxy settings on machine B (except replacing localhost for 172.16.24.3). – James T – 2012-03-26T00:36:48.753

I use tor sometimes, so obviously i have privileges to bind to local ports on my laptop. Nevertheless, thanks for your effort. I will try look for some workaround. – adnan kamili – 2012-03-26T00:45:13.803

@adnan kamili It might be that its just not able to resolve names since socks uses the local DNS server by default. You can change it in firefox's about:config if your using socks5 (network.proxy.socks_remote_dns = true). http://www.outflux.net/blog/archives/2006/12/07/paranoid-browsing-with-squid/ Good luck.

– James T – 2012-03-26T01:12:32.797

It still times out. I tried using ip address of google instead of url again a time out! – adnan kamili – 2012-03-26T01:25:38.760

It is working in my friend's laptop but not mine, I have lamp server installed in my system, can that be the reason – adnan kamili – 2012-03-27T15:55:23.670

my nmap 127.0.0.1 output: PORT STATE SERVICE 80/tcp open http 139/tcp open netbios-ssn 445/tcp open microsoft-ds 631/tcp open ipp 902/tcp open iss-realsecure 2002/tcp open globe 3128/tcp open squid-http 3306/tcp open mysql 8080/tcp open http-proxy 9050/tcp open tor-socks – adnan kamili – 2012-03-27T16:19:44.280

It worked atlast, i was using 127.0.0.1:3128 as socks proxy in firefox, i should have used it as http proxy, since there is a http-squid proxy installed on 172.16.24.3. Thank you very much! – adnan kamili – 2012-03-27T16:28:12.413

0

The -D argument allows ssh to create a SOCKS proxy which you can then connect to with Firefox.

Example:

ssh -D 127.0.0.1:9051 user@172.16.28.3

Then you open Firefox and set 127.0.0.1 with port 9051 as a SOCKS5 proxy.

For more information, see man ssh.

Ignacio Vazquez-Abrams

Posted 2012-03-25T21:12:05.210

Reputation: 100 516

It doesn't work, if i use ssh -D 9999 user@172.16.28.3 and use 127.0.0.1:9999 as proxy in local firefox, nothing happens because 172.16.28.3 is not a proxy server – adnan kamili – 2012-03-25T21:29:35.063

I also tried proxychains, to chain the local proxy server created using ssh -D with 172.16.24.3 and results are somewhat weird. |DNS-request| www.google.com |S-chain|-<>-127.0.0.1:9999-<>-172.16.24.3:3128-<><>-4.2.2.2:53-<--denied – adnan kamili – 2012-03-25T21:32:25.373

ssh -D 127.0.0.1:9051 user@172.16.28.3 , still the same – adnan kamili – 2012-03-25T22:44:35.423

Asked: 2012-03-25T21:12:05.210

Viewed: 429 times

Active: 2012-03-27T19:15:08.493