View source for Tinyproxy


== Description == 

Tinyproxy is a fast light-weight HTTP proxy for POSIX operating systems. Designed from the ground up to be fast and small, it is an ideal solution for sites where a full featured HTTP proxy is required, but resources for a larger proxy are unavailable.

On SourceForge

http://sourceforge.net/projects/tinyproxy/

TinyProxy Website

https://banu.com/tinyproxy/

== Useage ==

Installs on a host with Internet connectivity that is reachable from the host with only LAN connectivity.

=== RedHattish ===
[via Twinkster, please update] These instructions assume you want/need to use yum to install software on a server that does not otherwise have Internet access, possibly due to retired "space planners" that have taken up network security and aren't confident and/or haven't proven their skills.

* Install tinyproxy.  By default it chooses port 8888 to listen on.
* Update the /etc/yum.conf file on the target host with this:
**	proxy=http://localhost:8888
*	From the host with Internet connectivity, ssh into the remote server with these command args (and just let it sit there). This just re-points port 8888 over the ssh tunnel to your tiny proxy install
<pre>
ssh -N -R 8888:127.0.0.1:8888 1.2.3.4  (1.2.3.4 = host w/o connectivity)
</pre>

Unresolved questions: what if sshd has a non-vanilla config (on first check, sshd has ''#AllowTcpForwarding yes'' and ''#X11Forwarding no'' so if X11 is needed, it must be turned on from a vanilla install.

<pre>connect_to 127.0.0.1 port 8888: failed. </pre>
... indicates that tiny proxy is probably not running on the Internet connected host (''service tinyproxy stat'')

=== Debianish ===

== Installation ==

=== RedHat and Fiends ===
Install Tinyproxy from the [http://fedoraproject.org/wiki/EPEL EPEL repository] by running
<pre> yum install tinyproxy</pre>
on the Internet connected host.

<pre>yum install epel-release</pre>

Will be necessary to get to the repo if it hasn't alredy been done. On Cthulhu (CentOS 6.4) I found that I had to download the epel-release...rpm file from the website (see EPEL link above to ''get the correct RPM'')

From there, the following should work:

<pre>[root@cthulhu tmp]# service tinyproxy start
Starting tinyproxy:                                        [  OK  ]
[root@cthulhu tmp]#</pre>

... don't forget to set reboot status with 'chkconfig' as desired (probably 'off' for security)

=== Debian and Fiends ===

<pre>
apt-get install tinyproxy
</pre>
Once installed, start it as a service...
<pre>
root@mom:/etc# service tinyproxy start
Starting tinyproxy: tinyproxy.
root@mom:/etc#
</pre>

= Use with ssh =

Beware! The more you do, the less secure you get.

== ssh server config ==
Don't be dumb and just cut and paste this in (please)! These are things to look at and consider,
not blindly turn on. This is not a tutorial, these are notes.
<pre>
Tunnel yes
TunnelDevice any:any
PermitLocalCommand yes
PermitLocalCommand yes
ProxyCommand ssh -q -W %h:%p gateway.example.com
</pre>
== ssh client config ==

== Resources ==
SSHmenu App - manage multiple hops
http://sshmenu.sourceforge.net/articles/transparent-mulithop.html

netcat - network plumbing and piping tool
http://netcat.sourceforge.net/


http://unix.stackexchange.com/questions/13896/set-up-password-less-ssh-tunneling-from-home-computer-behind-nat-to-inside-compu