How Reverse Proxy with Squid or other tool when source box has no external connection?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How Reverse Proxy with Squid or other tool when source box has no external connection?
Here's the config. No, I can't change it so don't ask.
Server <--- Internal Box <----> Resources
My server is protected via a firewall. I can make connections into to the server... but server can't talk to anything outside.
From the server I want to be able to connect to resources on the network.
Current solution is ssh tunnel from internal box to server and allow server to curl -x <localhost:3128> to connect to squid on Internal Box to access resources. Calling it a reverse proxy for lack of a better name.
My problem is ssh has a forced timeout or something and the ssh connection keeps hanging over time. Any attempts to see if ssh is still active return "yes". Sends traffic no problem but the server only sends a heartbeat back nothing else.
What I want to know is there a way to run squid (or other proxy server) then get the the squid on internal to make a bridge, monitor it for stability and reset if down? I can have a connection open to connect to squid on the server from the internal box. Just not the other way around. Any way to make a two way connection and have two squid (or other proxy) talk to each other?
Then I connect to local squid and it finds a route to get to the resources?
Here's the config. No, I can't change it so don't ask.
Server <--- Internal Box <----> Resources
Why not set the Internal Box to be a SSH vpn and gateway for the server?
let ssh setup the taps and assign it an ip and on the Internal box setup ip forwarding, then on the server side of things add a route to your resources via Internal Box ip (gateway).. do the same route on the resources and now you have a ssh vpn that can talk to the resources without mumbojumbo
Why not set the Internal Box to be a SSH vpn and gateway for the server?
let ssh setup the taps and assign it an ip and on the Internal box setup ip forwarding, then on the server side of things add a route to your resources via Internal Box ip (gateway).. do the same route on the resources and now you have a ssh vpn that can talk to the resources without mumbojumbo
SSH is proving to be problematic on the network. Solution right now is just to ssh tunnel the proxy from the internal box, and it keeps hanging in such away that ssh says it's still running but no traffic is coming back. Looking for a way that the network guys will let me get away with too... vpn isn't an option.
If there is a legitimate operational or business case, I would try to reason with the network people or go to management. If you can create an SSH tunnel, for all practical purposes, the server you mention has equivalent network access as the internal box. If you have control over two hosts and they can ping each other, you can actually send data between them with ICMP echo request (ping) packets. It requires a lot of skill to implement, but it is possible. Ping packets can be 64k - 1 - the protocol overhead, so there is plenty of room to encrypt the payload with a block cipher if you need it.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.