Opening a proxy via SSH behind NAT (router), with a middle man (Server ) to broker the connection between clients and proxy providers.
PC2 (Linux) – Router – Server (Linux CentOS 7) –Router – PC1
In regard to the simple image above, this is what I would like to do. 1. Open up an SSH proxy on PC2 so that the PC1 can use it as a proxy 2. Since both PC1 and PC2 are behind NAT they will need some sort of a middle man with a public IP. For that purpuse I have a Server with a public IP in-between. I can open up an SSH proxy on the server quite easily and use it with PC1 and PC2. Question: How can a PC1 use PC2 as a SSH proxy. If there is anything unclear please feel free to ask I will gladly provide you with additional information. Thank you all for your time and effort. |
If the middle server has an SSH server running that is reachable from both PC1 and PC2, then :
The gist is that you would open a reverse tunnel from PC2 to the middle server, forwarding some port (maybe a high port) on the middle server to port 22 on PC2. Then connect from PC1 to PC2 using the middle server as a jump host (aka bastion). That helps if PC1 has the latest OpenSSH client on it and thus can use -J aka ProxyJump. Otherwise you'll have to use -W for stdio forwarding, which is more complex. Once you can do that, make the connection from PC1 to PC2 (via the middle) using your proxy options, such as dynamic port forwarding with -D |
Thank you very much. I have managed to succeed to an extent but it seams that the configuration is faulty as far as I can see.
This is what I have done: ME -> NAT -> SERVER -> NAT - SSH Proxy PC ServerIP: 1.1.1.1 SSH configured to port 60002 Keybased authentication only Quote:
Then I configured firefox socks5 proxy settings to: Quote:
And it works in a sense that I can use the "SSH Proxy PC" as a proxy I can connect via it to the net. But there seams to be a problem with the headers. It is adding a HTTP_VIA header and is revealing that I am behind a proxy and leaking information. Do you know of any way I can rectify this problem with this configuration. Your previous link was extremely helpful, and I have managed to connect but the connection as I have stated does not seam to be properly configured. Thank you for your time and effort. |
Which version of the SSH client are you running on the machine "ME" in your map? It makes a difference if it is OpenSSH older than OpenSSH version 7.3p because prior to that it will lack the ProxyJump option.
Quote:
From "SSH Proxy PC" do something like this: Code:
ssh -N -R 10022:localhost:22 proxyuser@1.1.1.1 -p 60002 Then from "ME" do something like this: Code:
ssh -D 10024 -o ProxyCommand="ssh -W %h:%p -p 60002 proxyuser@1.1.1.1" -p 10022 proxyuser@localhost When it works you can make it a shortcut in ~/.ssh/config Edit: condensed second part into one step |
All times are GMT -5. The time now is 04:12 AM. |