I came across a situation where I needed to install software on a server that didn’t have internet access, except for the apt-get commands which are only reaching specific Internet addresses (allowed by the firewall).
So in our network there is a Linux server that does have full Internet access. The idea here is to use that server as a Socks5 proxy for all needed Internet access. Since not all the Linux command line programs do support the setting of http_proxy bash variable, I want a proxy setup that allows any program to access internet via the ‘proxy’ server in the following fashion:
Server-without-internet(ServerA) ==>> Server-with-internet(ServerB) ==>> Internet
The method used here is to set-up an SSH-Socks5 tunnel in ServerA and ServerB and use the wrapper program tsocks to start the programs that need Internet access. Why a wrapper? Because not all the programs can deal with Socks5 proxying. tsocks does the handling and strarts any command we want which should access Internet. A good example of this in the Installation of the complex GitLab system. In those examples we assume that your are logged-in as superuser root in both servers.
Setup a backwards tunnel in ServerB
ssh -f -N -R 2222:localhost:22 ServerA
Setup a Socks5 tunnel using SSH in ServerA
ssh -f -N -A -D 8888 root@localhost -p 2222
Install tsocks package
apt-get install tsocks
Rename the original config file
mv /etc/tsocks.conf /etc/tsocks.conf.orig
Edit tsocks configuration file
server = 127.0.0.1
server_port = 8888
server_type = 5
Access the internet for programs via the wrapper tsocks.
tsocks wget http://google.de
tsocks gem install bundler
GIT special use of Socks5
For unknown reasons my test with the above method happen to fail with the git command. Although it was easy to use the git command on my desktop and then transfer the results to the needed server I’ve got the following suggestion from a colleague. I didn’t try it yet but looks promising.
git config --global http.proxy 'socks5://127.0.0.1:8888'
git config --global https.proxy 'socks5://127.0.0.1:8888'