SSH Socks Proxy wiith iptables REDIRECT

Posted by Radium on Server Fault See other posts from Server Fault or by Radium
Published on 2011-12-02T23:36:02Z Indexed on 2012/10/06 21:40 UTC
Read the original article Hit count: 302

Filed under:
|
|

I have googled and haven`t found the answer on my question. Help me please. There are two servers:

serverA with public IP 12.0.0.10 and an private IP 10.0.0.5
serverB with public IP 20.0.0.11

I have setup SOCKS proxy on serverB to serverA:

ssh -D20.0.0.11:2222 [email protected]

So when on my local machine in a browser i specify SOCKS proxy 20.0.0.11:2222 (serverB:2222) as external IP while browsing i get 12.0.0.10 (serverA IP). That is ok.

As well if i go onto http://10.0.0.5 (serverA private IP) it is also reachable. That is what i need. I want to make servers A private IP to be available through servers B public IP on certain ports but without specifying SOCKS in my browser.

I could use ssh port forward but the problem is - i need to forward many ports and do not know which exactly - i know only the range.

So when i connect to 20.0.0.11 to any port , for example, from 3000:4000 range, i want that traffic to be redirected to 10.0.0.5 on the same port. That is why i`ve decided maybe SOCKS proxy via SSH and iptables REDIRECT could help me.

Client -> serverBPublicIP (any port from range 3000:4000) -> serverAPublicIP -> serverAPrivateIP (the port was requested on serverBPublicIP)

On serverB i do:

ssh -D20.0.0.11:2222 [email protected]
iptables -t nat -A PREROUTING -d 20.0.0.11 -p tcp --dport 3000:4000 -j REDIRECT --to-port 2222

But that does not work - when i telnet on 20.0.0.11:3001 for example i do not see any proxied traffic on the serverA. What should i do else? I have tried tcpsocks like this (in example i am telneting to 20.0.0.11:3001)

Client -> 20.0.0.11:3001 -> iptables REDIRECT from 3001 --to-port 1111 -> tcpsocks from 1111 to 2222 -> SOCKS proxy from serverB to serverA on port 2222 -> serverA

But i do not know what to do with the traffic on serverA. How to route it to its private IP. Help me please. I know, VPN removes all the hell i am trying to create, but i have no ability to use tun/tap device. It is disabled.

© Server Fault or respective owner

Related posts about iptables

Related posts about proxy