Re: How to apt-get over ssh tunnel through a firewall?
On Fri, Oct 03, 2008 at 12:02:22 -0400, Mitchell Laks wrote:
> Hi,
>
> I have a number of debian machines that live behind a firewall.
>
> Debian Machine A is granted internet access and can browse
> the internet. However machines B-D were not granted internet access and live on the general internal network,
> and were originally installed with Debian by utilizing a private network with machine A
> 192.168.4.x, and getting internet access via NAT through A.
>
> Now machines B-D no longer live on the private network but can ssh into machine A.
>
> Now I know how to browse the internet on B-D
> by creating a ssh tunnel to A and utilizing the Iceweasel Browser settings to use a
> local Socks proxy.
>
>
> Can I do something similar with apt-get so that I can apt-get update and apt-get upgrade
> over ssh without
> physically moving the machines B-D to the private network 192.168.4.x with machine A?
Can you run a proxy on machine A? You can secure it very tightly, both
via its own configuration and via your firewall, so that it only accepts
local connections on machine A. Then you can do this on machines B-D:
ssh -N -L 31280:localhost:3128 $HOSTNAME_OR_IP_OF_MACHINE_A
This will tunnel port 31280 on B-D to machine A, from where it will be
forwarded to localhost (i.e. machine A itself) port 3128. This assumes
that your proxy on A listens for local connections on port 3128 (the
standard squid port). Then it will be as if the proxy was running on B-D
listening on port 31280, so you can set "http://localhost:31280"; as the
http_proxy variable on these machines.
If you cannot run a proxy on machine A then you can try to use tsocks on
machines B-D:
http://tsocks.sourceforge.net/
(Debian packages are available in main.)
--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |
Reply to: