How to proxy http from a secured site via a reverse-tunnel? - openssh

This is a discussion on How to proxy http from a secured site via a reverse-tunnel? - openssh ; I am a newbie at this and so I am not quite sure how to ask this question. But here goes... Two networks exist: engineering and corporate. The engineering network is firewalled so that NO traffic can go out (but ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: How to proxy http from a secured site via a reverse-tunnel?

  1. How to proxy http from a secured site via a reverse-tunnel?

    I am a newbie at this and so I am not quite sure how to ask this
    question. But here goes...

    Two networks exist: engineering and corporate. The engineering network
    is firewalled so that NO traffic can go out (but SSH can go in); these
    computers cannot connect to the internet. The corporate network is
    firewalled but those computers may connect to the internet, and they may
    connect to computers on the engineering network by using an SSH tunnel
    (more than often through PuTTY).

    internet <---- corporate ----> engineering

    internet <---- mod_proxy --<-- reverse-proxy-initiated-from-corporate

    On the engineering network there exists a engineering linux machine that
    I want to temporarily provide internet access to so that I can update
    the OS. This is the goal.

    Is it possible to setup a apache server to act as a web proxy for
    computers on the engineering network? Would a reverse tunnel need to be
    set up from the corporate machine to the engineering machine?

    How would I make this work?

    I already got so far as to prove that I can proxy corporate-network
    computers through the mod_proxy enabled Apache server via:


    ProxyRequests On

    Order deny,allow
    Allow from all

    ProxyVia On


    But I cannot quite figure out how to get the engineering computer to use
    a reverse-tunnel as the proxy.

    I could be going about this all wrong too I suppose. How might I get a

    Thanks,

    /b


  2. Re: How to proxy http from a secured site via a reverse-tunnel?

    On Tue, Oct 14, 2008 at 01:46:34PM -0400, Buck, Robert wrote:
    > Two networks exist: engineering and corporate. The engineering network
    > is firewalled so that NO traffic can go out (but SSH can go in); these
    > computers cannot connect to the internet.


    > On the engineering network there exists a engineering linux machine that
    > I want to temporarily provide internet access to so that I can update
    > the OS. This is the goal.


    Well, the "obvious" way to do it would be to put the machine on the
    corporate network temporarily, then move it back when the OS upgrade
    is finished. Please don't dismiss that solution prematurely.

    Beyond that, a reverse tunnel would be the first thing that comes to mind,
    for me. I don't know all these fancy ssh -D options and things, so let's
    assume you have a squid proxy running on host 'squid' port 3128. This
    machine is reachable from host 'corporate', which can also reach machine
    'linux' which is the machine you want to upgrade.

    From a shell on 'corporate', you could issue a command like this:

    ssh -R 3128:squid:3128 root@linux

    This gives you an interactive shell on 'linux' with a tunnel to the
    squid proxy on 'squid' accessible at localhost:3128.

    You can configure apt-get (or your flavor's equivalent) to use the
    squid proxy, with something like:

    export http_proxy=http://127.0.0.1:3128/
    apt-get update
    etc.


+ Reply to Thread