[Bug 3614] add setting to redirect all Network access over client
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Sep 14 12:25:02 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3614
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at dtucker.net
--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
> to do updates and other configuration.
I did something like this, but at the application instead of the
network layer. I had a HTTP proxy (I used Squid, but you could use
anything, or in a pinch you could use another ssh -D as a SOCKS proxy),
then when I logged in I had a remote port forward to that proxy ("ssh
-L 3128:127.0.0.1:3128 device"), and configured the device's package
manager to use 127.0.0.1:3128 as a HTTP proxy.
To use ssh itself as the proxy without a separate proxy server, you
could probably do something like this (admittedly it's bit Rube
Goldberg):
Host sandbox-device
ProxyCommand ssh -D 1080 localhost netcat %h %p
RemoteForward 1080 127.0.0.1:1080
The ProxyCommand would make an SSH connection to itself and establish a
SOCKS server on 1080 then connect from there to your device, and the
RemoteForward would forward port 1080 on that device to the SOCKS
server, which would relay out to the world. Your package manager would
need to be configured to use a SOCKS proxy, though.
There are also tools like http://darkk.net.ru/redsocks/ which act as an
adapter between iptables transparent redirects and a SOCKS server such
as ssh -D. There is a bunch of related discussion on bug#1295 and
bug#2526.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list