msgbartop
MAC OS X, Linux, Windows and other IT Tips and Tricks
msgbarbottom

17 Jul 15 Proxy Internet access via SSH tunnels and and tsocks

Description:
I came across a situation where I needed to install software on a server that didn’t have internet access, except for the apt-get commands which are only reaching specific Internet addresses (allowed by the firewall).
So in our network there is a Linux server that does have full Internet access. The idea here is to use that server as a Socks5 proxy for all needed Internet access. Since not all the Linux command line programs do support the setting of http_proxy bash variable, I want a proxy setup that allows any program to access internet via the ‘proxy’ server in the following fashion:
Server-without-internet(ServerA) ==>> Server-with-internet(ServerB) ==>> Internet

Method:
The method used here is to set-up an SSH-Socks5 tunnel in ServerA and ServerB and use the wrapper program tsocks to start the programs that need Internet access. Why a wrapper? Because not all the programs can deal with Socks5 proxying. tsocks does the handling and strarts any command we want which should access Internet. A good example of this in the Installation of the complex GitLab system. In those examples we assume that your are logged-in as superuser root in both servers.

Steps:
Setup a backwards tunnel in ServerB
ssh -f -N -R 2222:localhost:22 ServerA
Setup a Socks5 tunnel using SSH in ServerA
ssh -f -N -A -D 8888 root@localhost -p 2222
Install tsocks package
apt-get install tsocks
Rename the original config file
mv /etc/tsocks.conf /etc/tsocks.conf.orig
touch /etc/tsocks.conf

Edit tsocks configuration file
vim /etc/tsocks.conf
Content:
server = 127.0.0.1
server_port = 8888
server_type = 5

Access the internet for programs via the wrapper tsocks.
Examples:
tsocks wget //google.de
tsocks gem install bundler

etc.

GIT special use of Socks5


For unknown reasons my test with the above method happen to fail with the git command. Although it was easy to use the git command on my desktop and then transfer the results to the needed server I’ve got the following suggestion from a colleague. I didn’t try it yet but looks promising.
git config --global http.proxy 'socks5://127.0.0.1:8888'
git config --global https.proxy 'socks5://127.0.0.1:8888'

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: