Ubuntu – How to connect to Internet through a remote server via SSH connection

internetPROXYssh

I have a problem in accessing Internet through an ssh-accessible server

Situation

EDIT: FYI, my OS is Ubuntu 16.04, and IIRC, same as the server.

Ok, here's the deal.

My company provide me a PC with network connection (through a proxy), but got limited to some resources on the net (I can neither add external PPA or apt-get update after manually adding them, nor can't access to some download section of some applications, but still can install package by using apt-get install or pip).
Besides, my (above) PC have access to some of my company's servers via ssh connection. One of them (deliberately) has unrestricted Internet access (sounds weird, but that the way it is). I asked my boss if I can somehow can make my computer connect to the Internet without restriction through that server, and he told me that's possible but he doesn't know how to. And FYI, though he doesn't encourage me to do so, I'm not forbidden.

My question

Is there any way I can do what I've just describe? From my PC, access (unrestricted) to Internet via a remote server (with unrestricted Internet access)

What I've tried so far

Not much, actually, because I don't know how to search (hard to think of a keyword) for the problem. Most of the time I tried to config the proxy, so I can (partially) solve the problem (for PPA, I tried adding to source.list and add the sign, add proxy entries to /etc/apt/apt.conf, …). Still no candy for the baby. If anyone need to see the error, tell me, but I want to solve the problem completely 🙁

I'm grateful to any suggestion. Thanks in advance!

Best Answer

Try SSH tunneling/port forwarding. There is a lot of information in Internet. Read this: SSH/OpenSSH/PortForwarding and SSH tunneling with ubuntu.

I like to use SSH socks-proxy. Install plink:

sudo apt install plink

Run command in your local computer (SSH client) with restricted access to Internet:

plink -ssh 111.111.11.111 -C -N -l user -D 127.0.0.1:8081

where 111.111.11.111 - IP-address of your remote SSH-server with unrestricted access and user - your SSH-server username.

Thats all. Now you have SOCKS proxy - all of the traffic through the proxy will be encrypted and routed through your remote SSH-server. Settings for the proxy are: host 127.0.0.1, port 8081.

Add this settings as Ubuntu system-wide proxy settings and instruct browsers, bash etc. to use system proxy. It's possible to add system proxy with Ubuntu System Settings GUI (mine has Ukrainian locale):

If you want to use the proxy for apt, read Configure proxy for APT?, only take into account you have socks-proxy, thus the proxy URLs should be socks4://127.0.0.1:8081 or socks5://127.0.0.1:8081 instead of http://127.0.0.1:8081, for example:

export http_proxy="socks4://127.0.0.1:8081"

Related Solutions

Ubuntu – No internet access when I’m connect to the company’s VPN

First, look at the company's policy on VPN connections. What you're trying to do may be disallowed. If you have a VPN to the company, and use the internet to get subverted by a Black Hat, then the Black Hat has a VPN to the company with your identity. If you access the internet through the VPN and whatever else the company requires, if you get subverted, they bear some responsibility.

Take a look at the route you have when connected and not connected to the VPN, with netstat -rn. Read man route. Be aware - when you fiddle with routes, you can end up with nowhere to send packets, if you're not careful.

Ubuntu – How to set up a local SOCKS proxy that tunnels traffic through SSH

The ssh binary that you use when you connect to a server running ssh supports running a SOCKS proxy out of the box, with the -D flag. Example:

ssh -D 1337 -f -C -q -N user@remote -p 22

-D 1337 tells ssh to launch a SOCKS server on port 1337 locally.
-f forks the process into the background.
-C Turns on compression.
-q enables "Quiet mode", since the purpose here is only to tunnel we don't really care about error output and such.
-N tells ssh that no commands will be sent (-f complains if we don’t specify this).
-p specifies what port to use; obviously this is defaulted to 22 so the statement above is pointless, but included for clarity.

When your SOCKS server is up and running, you simply need to make sure that your application (usually a web browser) is trying to connect to the local SOCKS proxy, and not the regular Internet.

In Firefox 29 (explained here as an example), this is achieved by going to the menu (the three sausages in the top right), followed by Preferences > Advanced > Network > (Connection) > Settings... - make sure you only fill out the SOCKS field! Since your proxy is on the same system, you can use localhost or 127.0.0.1 to point back at whatever port you set it to on the same system.

If you need your DNS requests to be tunneled as well (if they are not, your DNS lookups will reveal what websites you are trying to visit), you can just check on "Remote DNS" or as well do this entire configuration in about:config. In the last case, open it up and set these values:

network.proxy.socks : 127.0.0.1
network.proxy.socks_port : 1337
network.proxy.socks.remote_dns : true
network.proxy.socks_version : 5
network.proxy.type : 1

You may also need this setting to exclude certain domains or sites from tunneling:

network.proxy.no_proxies_on : localhost, 127.0.0.1, 192.168.0.0/24, .yourcompany.com

This answer was written from France, but tunneled via Sweden :)