Difference between revisions of "Tinyproxy"
From WA2IAC Wiki
(→Useage) |
m |
||
| Line 17: | Line 17: | ||
=== RedHattish === | === RedHattish === | ||
| − | [via Twinkster, please update] | + | [via Twinkster, please update] These instructions assume you want/need to use yum to install software on a server that does not otherwise have Internet access, possibly due to retired "space planners" that have taken up network security and aren't confident and/or haven't proven their skills. |
* Install tinyproxy. By default it chooses port 8888 to listen on. | * Install tinyproxy. By default it chooses port 8888 to listen on. | ||
* Update the /etc/yum.conf file on the target host with this: | * Update the /etc/yum.conf file on the target host with this: | ||
** proxy=http://localhost:8888 | ** proxy=http://localhost:8888 | ||
| − | * From the | + | * From the host with Internet connectivity, ssh into the remote server with these command args (and just let it sit there). This just re-points port 8888 over the ssh tunnel to your tiny proxy install |
| − | + | <pre> | |
| + | ssh -N -R 8888:127.0.0.1:8888 1.2.3.4 (1.2.3.4 = host w/o connectivity) | ||
| + | </pre> | ||
Unresolved questions: what if sshd has a non-vanilla config (on first check, sshd has ''#AllowTcpForwarding yes'' and ''#X11Forwarding no'' so if X11 is needed, it must be turned on from a vanilla install. | Unresolved questions: what if sshd has a non-vanilla config (on first check, sshd has ''#AllowTcpForwarding yes'' and ''#X11Forwarding no'' so if X11 is needed, it must be turned on from a vanilla install. | ||
| Line 53: | Line 55: | ||
=== Debian and Fiends === | === Debian and Fiends === | ||
| − | + | <pre> | |
| + | apt-get install tinyproxy | ||
| + | </pre> | ||
| + | Once installed, start it as a service... | ||
| + | <pre> | ||
| + | root@mom:/etc# service tinyproxy start | ||
| + | Starting tinyproxy: tinyproxy. | ||
| + | root@mom:/etc# | ||
| + | </pre> | ||
| + | |||
| + | = Use with ssh = | ||
| + | |||
| + | Beware! The more you do, the less secure you get. | ||
| + | |||
| + | == ssh server config == | ||
| + | Don't be dumb and just cut and paste this in (please)! These are things to look at and consider, | ||
| + | not blindly turn on. This is not a tutorial, these are notes. | ||
| + | <pre> | ||
| + | Tunnel yes | ||
| + | TunnelDevice any:any | ||
| + | PermitLocalCommand yes | ||
| + | PermitLocalCommand yes | ||
| + | ProxyCommand ssh -q -W %h:%p gateway.example.com | ||
| + | </pre> | ||
| + | == ssh client config == | ||
| + | |||
| + | == Resources == | ||
| + | SSHmenu App - manage multiple hops | ||
| + | http://sshmenu.sourceforge.net/articles/transparent-mulithop.html | ||
| + | |||
| + | netcat - network plumbing and piping tool | ||
| + | http://netcat.sourceforge.net/ | ||
| + | |||
| + | |||
| + | http://unix.stackexchange.com/questions/13896/set-up-password-less-ssh-tunneling-from-home-computer-behind-nat-to-inside-compu | ||
