[SOLVED] forward all http/https requests

vigilandy · 05-12-2010, 12:01 AM

It seems I'm a little over my head here so I'm hoping to get some help with setting up a way to forward all http and https requests for a particular server.

Here's the low down:
I have a server (Fedora 12) setup at a client's datacenter and the network is setup to allow me ssh access into the server, but prevents me from opening any connections from the server. However, I need to make http and https request from the server. What I'd like to do is forward all http/https traffic through another machine outside the network.

I've been looking at the documentation for ssh and the various options there and have gotten so far as to enable initiating an ssh connection from the client network back to my machine, but am not sure where to take it from there.

Here are some of the commands I've used so far:

Code:

# from my local machine
ssh -R 9022:localhost:22 remoteuser@clientserver

# from the remote machine, open normal ssh connection, works ok
ssh -p 9022 user@localhost

# from remote machine, no error, but http requests still fail
sudo ssh -p 9022 -R 80 user@localhost

I'm attempting to bind port 80 to be forwarded through the local machine. I assume I use "ssh -R" to create a dynamic tunnel to forward requests but I must be missing something.

By the way, root login via ssh is disabled.

I'd appreciate any input anyone might have. Thanks

vikas027 · 05-12-2010, 12:22 AM

Hi,

If I got your question right, may be this can help you out.

Take this example.

Code:

ssh -gL 1234:10.247.134.106:90 smsc@112.110.32.203

Here,
we need to open a web page on 10.247.134.106 on port 90.
and 10.247.134.106 is only accessible from 112.110.32.203.

vigilandy · 05-12-2010, 12:59 AM

vikas027, thank you for the reply.

Your solution seems to only forward requests for a specific IP. I don't know ahead of time what the IP/url will be requested, so I need a dynamic solution where all port 80 and port 443 requests are sent through the tunnel.

vikas027 · 05-12-2010, 02:09 AM

Quote:

Originally Posted by vigilandy

vikas027, thank you for the reply.

Your solution seems to only forward requests for a specific IP. I don't know ahead of time what the IP/url will be requested, so I need a dynamic solution where all port 80 and port 443 requests are sent through the tunnel.

I think IPTABLES could help you out, but I am not proficient in that.

vigilandy · 05-12-2010, 06:05 AM

I may have found the solution, but will have to wait until tomorrow to test it.

The http traffic I need to send through the ssh tunnel is from a java tool were providing to a client. The tool needs to make http(s) requests to upload data to a website. The trouble I was having was that the java code wasn't using the socks proxy server I had in effect created using the ssh -D flag. I set the system properties with:

Code:

System.setProperty("socksProxyHost", host);
System.setProperty("socksProxyPort", port);

host is set to "localhost" and port is the port number set with the -D flag in the ssh command. The java code is now using the tunnel as desired. However this is all on my test server, so we'll see how it goes tomorrow.

The only drawback is that this sends all traffic through the proxy, so if there's a local address you want to connect to, you have to clear the system property and then restore it when you're done.

vigilandy · 05-12-2010, 11:56 PM

Yes, that solution worked. Here's the ssh commands I used:

Code:

# forward port on server to local machine
[vigilandy@home ~]$ ssh -R 9022:localhost:22 user@server

# create proxy on port 9999 back through forwarded port
[user@server]$ ssh -p 9022 -D 9999 vigilandy@localhost

and then in in my java code I have the following:

Code:

System.setProperty("socksProxyHost", "localhost");
System.setProperty("socksProxyPort", "9999");