IPTables redirection
 

Ok here is my situation:

1. I work 2 weeks on 2 weeks off
2. I have my own Linux server at home that I can access using ssh
3. I pay for web site hosting on a shared host
4. The web site allows configuration via the web browser
5. It uses at https connection to port 8443
6. My work location blocks just about every port, port 8443 is blocked.

What I would like to is use my home Linux server to bounce the traffic to the web site host. Port 80 is not being used for anything on my server and it is not blocked by work.

Would it be possible to create an iptables rule to redirect anything coming into port 80 from the external interface to my web host? Will the fact that it uses https make a difference?

Bind your home SSH to port 80 on your home linux box.

Install squid proxy server on your home linux box and bind to localhost (127.0.0.1).

From work, SSH to your home box on port 80 and use port forwarding to access your squid proxy. (-L 8080:localhost:<squid listening port here>)

Set your browser proxy settings to (localhost:8080) that forwards to squid at home.

I have bound ssh to both port 80 and port 443.

Squid was already installed on the server at home.

SSH using what? The work PC is MS Windows and I use putty to ssh home. Can it be done using that?

I have Firefox portable installed on my external HDD. Can I configure it to only use the squid proxy at home for certain domains?

yes, putty can do ssh port forwarding. It can be done either through plink or putty.

You'll have to get the ssh tunnel up before you try and use your firefox portable, but yes... configure the firefox portable proxy settings to the local side of the tunnel to get the traffic to your squid proxy at home.

You can configure firefox to only use the proxy settings for certain domains but once the request gets to the squid proxy, there isn't much choice but for it to handle the request.

Ha ha... it is even easier than I thought, here is how I did it:

1. Started putty
2. Loaded the 'home' session
3. Went to 'Connections -> SSH -> Tunnels'
4. Entered '8443' in the source port
5. Entered 'mydomain:8443' as the destination
6. Saved the putty session
7. Connected the ssh session
8. Entered 'https://localhost:8443' in Firefox

Any connection to port 8443 on the local host is tunneled by putty to my home server, this then connects to my web host on port 8443.

I could have used any port number in step 4 but decided to keep it easy to remember. The other good thing is that I do not need to change my proxy settings in Firefox.

Now I just need to figure out how to use this so I can use Pidgin to connect to all the IM networks....

same thing... create (another ??) tunnel to your proxy server and in pidgin, set the (http) proxy settings for the account - or you can change the global network settings to use the http proxy and all accounts will use that.

Hmmmm I tried that, in Putty I have port 8080 tunneled to localhost:3128. I have Pidgin using HTTP proxy 'localhost:8080' but I am getting en error message:

My squid server has the following in it's conf file:

I have searched for the answer to this but can't find what is wrong or what I need to do so that squid will allow the port tunneling.

I got it working, I found this web page that gave me the answer to what I needed to change in squid.

I wanted to connect to all the IM networks so I added the needed sections to the conf file. All I had to do was add lines similar to these: