SSH Gateway?

RandomLinuxNewb · 11-24-2004, 11:03 AM

I'm trying to setup a box that I can place in my network that will transparently forward ALL connections though SSH.

My situation is like this I'm the Computer tech at work, when a client machine comes in updates need to be installed (virus, adaware, service packs, etc). BUT client machines are not allowed on the company network... So I spend the majority of my day downloading software and buring it to cd. What I would like to do is create my own network in the tech area and install this magic SSh box in between my network and the company. The idea behind this would allow all machines on my side to connect to the internet without me having to worry about spreading viruses on the company network. By pushing all connections on my side though the SSH box and then out to my house, the boxes in the tech area would not really be on the company network. I'm already doing this to some extent but I end up installing putty on every machine, then using port forwarding and then I have to configure every program to connect though a proxy (local host port 8080). If I could remove these steps and just have it done by a box life would be great

AUSanders79 · 11-24-2004, 11:34 AM

Well what it sounds like you really need is a proxy/gateway of sorts. Why not put a little linux box in between your Tech area network and the company network and have it run IPTables and allow nothing to leave from your tech area unless it's destined for the Internet and NOT your company network. Basically just putting a gateway/router between your tech net and corp network. This way you can control who and what can go where from your tech net. That make sense?

RandomLinuxNewb · 11-24-2004, 12:52 PM

Basicly that's what I want to do except everything on the company's network is HEAVLY filtered, and sometimes sites that I need to get updates from are blocked so by having everything goto my network at home this problem is resolved.

AUSanders79 · 11-24-2004, 01:11 PM

Then it sounds like you would need to setup some type of site to site VPN tunnel from a box on your tech_net to a box on your home internal LAN. Then maybe point all your tech_net machines to a gateway that would push the traffic through the encrypted VPN to your box at the house. I think there might be a proxy involved here somewhere. Not really sure. I know it can be done for sure, just not exactly sure what all you would need to install as I personally have never done any kind of setup like this before....

PS - I may be way off and not be right about anything I just said, so no promises...