SSH Socks Proxy wiith iptables REDIRECT
Posted
by
Radium
on Server Fault
See other posts from Server Fault
or by Radium
Published on 2011-12-02T23:36:02Z
Indexed on
2012/10/06
21:40 UTC
Read the original article
Hit count: 302
I have googled and haven`t found the answer on my question. Help me please. There are two servers:
serverA with public IP 12.0.0.10 and an private IP 10.0.0.5
serverB with public IP 20.0.0.11
I have setup SOCKS proxy on serverB to serverA:
ssh -D20.0.0.11:2222 [email protected]
So when on my local machine in a browser i specify SOCKS proxy 20.0.0.11:2222 (serverB:2222) as external IP while browsing i get 12.0.0.10 (serverA IP). That is ok.
As well if i go onto http://10.0.0.5 (serverA private IP) it is also reachable.
That is what i need. I want to make servers A private IP to be available through server
s B public IP on certain ports but without specifying SOCKS in my browser.
I could use ssh port forward but the problem is - i need to forward many ports and do not know which exactly - i know only the range.
So when i connect to 20.0.0.11 to any port , for example, from 3000:4000 range, i want that traffic to be redirected to 10.0.0.5 on the same port. That is why i`ve decided maybe SOCKS proxy via SSH and iptables REDIRECT could help me.
Client -> serverBPublicIP (any port from range 3000:4000) -> serverAPublicIP -> serverAPrivateIP (the port was requested on serverBPublicIP)
On serverB i do:
ssh -D20.0.0.11:2222 [email protected]
iptables -t nat -A PREROUTING -d 20.0.0.11 -p tcp --dport 3000:4000 -j REDIRECT --to-port 2222
But that does not work - when i telnet on 20.0.0.11:3001 for example i do not see any proxied traffic on the serverA. What should i do else? I have tried tcpsocks like this (in example i am telneting to 20.0.0.11:3001)
Client -> 20.0.0.11:3001 -> iptables REDIRECT from 3001 --to-port 1111 -> tcpsocks from 1111 to 2222 -> SOCKS proxy from serverB to serverA on port 2222 -> serverA
But i do not know what to do with the traffic on serverA. How to route it to its private IP. Help me please. I know, VPN removes all the hell i am trying to create, but i have no ability to use tun/tap device. It is disabled.
© Server Fault or respective owner