-   Linux - Networking (
-   -   How to tunnel out of corp VPN for yum updates? (

Mudhoney 10-23-2006 09:53 PM

How to tunnel out of corp VPN for yum updates?

I have a FC5 box inside a corporate network. I'd like to be able to get yum updates but can't make that work using the yum Proxy directives in the config file. I believe this is somehow related to the user and password directives but can't make it work. Instead, I was wondering if I could tunnel to the outside somehow. There are two possible methods of egress: HTTP proxy (requiring authentication) and SOCKS 5 proxy (no auth). I also have an Internet-connected FC4 host on the outside. I can ssh to the outside host using SOCKS.

Two methods I've thought of so far that may work:

1. use OpenVPN client and server to tunnel to outside host via either SOCKS or HTTP proxy, then set up routing rule for VPN subnet on external host to NAT to Internet. Seems possible according to OpenVPN page, however at first glance it looks you can only send all traffic, not just port 80. Is this right?

2. use ssh port forwarding to redirect a local port to the outside host, then try to work out some routing rule to forward or NAT that traffic out to the 'net.

Any further clues on these options or other ideas?



sn68 10-23-2006 10:24 PM

Check out following

Building a tunnel to bypass a firewall
Breaking Firewalls with OpenSSH and PuTTY

Mudhoney 10-25-2006 02:13 AM

Thanks. I'm already using Goto San's connect.c to cause my ssh connections to go via the SOCKS proxy. I can set up ssh port forwarding, say on port 80, to forward local connections over ssh through the SOCKS proxy then on to a specific destination. Problem is, yum needs to talk to many different URLs, so specifying a fixed destination isn't going to work. My only thoughts now are:

1. to set up a web proxy on my outside machine and set the port forwarding to talk to that, or
2. set up some fancy iptables rules on the outside machine to grab any incoming port 80 requests and forward them out to the default gateway. I guess there would also need to be a rule to handle the responses from the yum repos.

All times are GMT -5. The time now is 01:38 PM.