Opening a proxy via SSH behind NAT (router), with a middle man (Server ) to broker the connection between clients and proxy providers.
 

PC2 (Linux) – Router – Server (Linux CentOS 7) –Router – PC1

In regard to the simple image above, this is what I would like to do.

1. Open up an SSH proxy on PC2 so that the PC1 can use it as a proxy

2. Since both PC1 and PC2 are behind NAT they will need some sort of a middle man with a public IP. For that purpuse I have a Server with a public IP in-between.

I can open up an SSH proxy on the server quite easily and use it with PC1 and PC2.

Question:
How can a PC1 use PC2 as a SSH proxy.

If there is anything unclear please feel free to ask I will gladly provide you with additional information.

Thank you all for your time and effort.

If the middle server has an SSH server running that is reachable from both PC1 and PC2, then :

The gist is that you would open a reverse tunnel from PC2 to the middle server, forwarding some port (maybe a high port) on the middle server to port 22 on PC2. Then connect from PC1 to PC2 using the middle server as a jump host (aka bastion). That helps if PC1 has the latest OpenSSH client on it and thus can use -J aka ProxyJump. Otherwise you'll have to use -W for stdio forwarding, which is more complex.

Once you can do that, make the connection from PC1 to PC2 (via the middle) using your proxy options, such as dynamic port forwarding with -D

Thank you very much. I have managed to succeed to an extent but it seams that the configuration is faulty as far as I can see.
This is what I have done:

ME -> NAT -> SERVER -> NAT - SSH Proxy PC

ServerIP: 1.1.1.1
SSH configured to port 60002
Keybased authentication only

Quote:

SSH Proxy PC: ssh -N -R 1.1.1.1:10022:localhost:22 root@1.1.1.1 -p 60002 ME: ssh -N -D 10022 [User_On_SSH_Proxy_PC]@46.101.169.43 -p 10022

Then I configured firefox socks5 proxy settings to:

Quote:

localhost 10022

And it works in a sense that I can use the "SSH Proxy PC" as a proxy I can connect via it to the net.
But there seams to be a problem with the headers.
It is adding a HTTP_VIA header and is revealing that I am behind a proxy and leaking information.

Do you know of any way I can rectify this problem with this configuration.

Your previous link was extremely helpful, and I have managed to connect but the connection as I have stated does not seam to be properly configured.

Thank you for your time and effort.

Which version of the SSH client are you running on the machine "ME" in your map? It makes a difference if it is OpenSSH older than OpenSSH version 7.3p because prior to that it will lack the ProxyJump option.

On "SSH Proxy PC" make a new account, and make another on SERVER. Please do not use remote access to root for this or anything else. There is no need. An unprivileged user will be safer and give you more options. Think of the principle of least privilege. Anyway ...

From "SSH Proxy PC" do something like this:

When you know it works, you can add in a -f option too.

Then from "ME" do something like this:

Then you should be able to use port 10024 on the localhost when on ME with Firefox as your proxy.

When it works you can make it a shortcut in ~/.ssh/config

Edit: condensed second part into one step