Have you ever needed to access a site that had an IP restriction, or one inside your remote network? Recently I need to access a customers remote monitoring site, but its restricted to a small subnet of IPs. They had no VPN setup for me, so I had to come up with something new…
The answer was creating an ssh connection to their network firewall, which happened to be a custom Linux box I had access to. The setup is actually quite simple, and requires no changes to the remote host. The following command will create a local proxy for your machine to use on port 8080.
hackpro:~# ssh -q2nCTN -D 8080 user@hostname
The only caveat to this setup is that you will need key authentication setup, it will not work with standard password authentication. The following is a list of the options used..
- -q = Quiet
- -2 = SSHv2
- -n = Do not read from stdin (This is why you need to have private key authentication set up!)
- -C = Compression
- -T = Disable pseuto-tty allocation
- -N = Do not execute a remote command or launch a shell. Uses the ssh connection for port forwarding
- -D = Allocate a socket to listen on the locally. Whenever a connection is made to this port,
the connection is forwarded over the secure channel. ( Requires root )
The only thing left to configure is your browser. Set it to use localhost:8080 as a SOCKS proxy. Quick, simple, and perfect! As usual, if you have any questions please feel free to leave a comment below.
Network engineer turned management currently servicing the enterprise data center market. I started working on networks in the ’90s and still feel like that was just a few years ago. Jack of all trades, master of none; I love to learn about everything. Feel free to ask me about photography, woodworking, nhra, watches, or even networking! — For feedback, please leave a comment on the article in question, and I’ll respond as soon as I can. For everything else including fan mail or death threats, contact me via twitter.
