Difference between revisions of "Tinyproxy"
From WA2IAC Wiki
(Created page with " == Description == Tinyproxy is a fast light-weight HTTP proxy for POSIX operating systems. Designed from the ground up to be fast and small, it is an ideal solution for sit...") |
m |
||
Line 14: | Line 14: | ||
== Useage == | == Useage == | ||
− | Installs on a host with Internet connectivity that is reachable from the host with only | + | Installs on a host with Internet connectivity that is reachable from the host with only LAN connectivity. |
=== RedHattish === | === RedHattish === | ||
− | [via | + | [via Twinkster, please update] These instructions assume you want/need to use yum to install software on a server that does not otherwise have Internet access, possibly due to retired "space planners" that have taken up network security and aren't confident and/or haven't proven their skills. |
* Install tinyproxy. By default it chooses port 8888 to listen on. | * Install tinyproxy. By default it chooses port 8888 to listen on. | ||
* Update the /etc/yum.conf file on the target host with this: | * Update the /etc/yum.conf file on the target host with this: | ||
** proxy=http://localhost:8888 | ** proxy=http://localhost:8888 | ||
− | * From the | + | * From the host with Internet connectivity, ssh into the remote server with these command args (and just let it sit there). This just re-points port 8888 over the ssh tunnel to your tiny proxy install |
− | + | <pre> | |
+ | ssh -N -R 8888:127.0.0.1:8888 1.2.3.4 (1.2.3.4 = host w/o connectivity) | ||
+ | </pre> | ||
Unresolved questions: what if sshd has a non-vanilla config (on first check, sshd has ''#AllowTcpForwarding yes'' and ''#X11Forwarding no'' so if X11 is needed, it must be turned on from a vanilla install. | Unresolved questions: what if sshd has a non-vanilla config (on first check, sshd has ''#AllowTcpForwarding yes'' and ''#X11Forwarding no'' so if X11 is needed, it must be turned on from a vanilla install. | ||
Line 29: | Line 31: | ||
<pre>connect_to 127.0.0.1 port 8888: failed. </pre> | <pre>connect_to 127.0.0.1 port 8888: failed. </pre> | ||
... indicates that tiny proxy is probably not running on the Internet connected host (''service tinyproxy stat'') | ... indicates that tiny proxy is probably not running on the Internet connected host (''service tinyproxy stat'') | ||
+ | |||
=== Debianish === | === Debianish === | ||
Line 52: | Line 55: | ||
=== Debian and Fiends === | === Debian and Fiends === | ||
− | + | <pre> | |
+ | apt-get install tinyproxy | ||
+ | </pre> | ||
+ | Once installed, start it as a service... | ||
+ | <pre> | ||
+ | root@mom:/etc# service tinyproxy start | ||
+ | Starting tinyproxy: tinyproxy. | ||
+ | root@mom:/etc# | ||
+ | </pre> | ||
+ | |||
+ | = Use with ssh = | ||
+ | |||
+ | Beware! The more you do, the less secure you get. | ||
+ | |||
+ | == ssh server config == | ||
+ | Don't be dumb and just cut and paste this in (please)! These are things to look at and consider, | ||
+ | not blindly turn on. This is not a tutorial, these are notes. | ||
+ | <pre> | ||
+ | Tunnel yes | ||
+ | TunnelDevice any:any | ||
+ | PermitLocalCommand yes | ||
+ | PermitLocalCommand yes | ||
+ | ProxyCommand ssh -q -W %h:%p gateway.example.com | ||
+ | </pre> | ||
+ | == ssh client config == | ||
+ | |||
+ | == Resources == | ||
+ | SSHmenu App - manage multiple hops | ||
+ | http://sshmenu.sourceforge.net/articles/transparent-mulithop.html | ||
+ | |||
+ | netcat - network plumbing and piping tool | ||
+ | http://netcat.sourceforge.net/ | ||
+ | |||
+ | |||
+ | http://unix.stackexchange.com/questions/13896/set-up-password-less-ssh-tunneling-from-home-computer-behind-nat-to-inside-compu |