7

I know I can use ssh tunneling to create a "proxy" on my machine so that I can make all the traffic generated locally go through a remote server. Like this:

$ ssh -D 12345 myuser@remote_ssh_server

But what about if I need to create a "proxy" on the remote server, so that all the traffic that I send it will go through my local machine? Is this possible with ssh?

Essentially, I want to use my local internet connection with some specific commands to run remotely, as the server does not have direct access to the internet.

Filipe Correia
  • 253
  • 1
  • 4
  • 9

1 Answers1

5

The simplest way to do this is one port and host at a time. For example, to forward traffic from remote:8001 to intraserver:80,

ssh -R 8001:intraserver:80 myuser@remote

But if you want to forward all traffic from remote, and you have an ssh server running on your local host,

ssh -R 2200:localhost:22 myuser@remote ssh -D 10800 -p 2200 localhost

Unwrapping that:

  • -R 2200:localhost:22 sets up a forward from remote:2200 to localhost:22.
  • ssh -p 2200 localhost runs ssh on remote, to connect to remote:2200, and so back to localhost:22 (tunneled over the first ssh connection).
  • -D 10800 tunnels SOCKS from remote:10800, over the connection from remote back to localhost.
Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47
  • Thanks! This looks promising. I couldn't quite get it to work though. After running the commands I'm back on ``localhost`` and ``wget http://www.google.com`` is able to retrieve a file, but if I ssh back to ``remote`` and try to get the same address through the proxy with ``wget http://www.google.com -e use_proxy=yes -e http_proxy=localhost:10800 `` I get only the following message on the output: ``Proxy request sent, awaiting response... No data received.``. Any thoughts? – Filipe Correia Aug 28 '14 at 13:28
  • BTW, one thing that I've noticed is that final ``... localhost:2200`` part, that has actually have to be ``localhost -p 2200`` for my ssh client version. – Filipe Correia Aug 28 '14 at 13:30
  • Nevermind, the issue is with wget, that doens't seem to support SOCKS all that well. This, on the other hand, runs flawlessly: ``curl --socks5 127.0.0.1:10800 http://www.google.com/`` – Filipe Correia Aug 28 '14 at 13:37
  • Good! Right, `ssh -D` creates a SOCKS proxy, not an HTTP proxy. – Andrew Schulman Aug 28 '14 at 13:40