HTTP Tunnels

Firewalls, of various forms, block access to internal machines. A web server running on an internal machine is therefore protected from external browsers. This can be an inconvenience and is circumvented by directing the external browser to work through a tunnel to a proxy machine.

     ---> localhost:1080 (http via socks)
              ---> localhost:*  (ssh tunnel, client endpoint)
                       ---> proxy_server:22  (ssh tunnel, server endpoint)
                               ---> proxy_server:1080 (socks server, demux'd)
                                       ---> proxy_server:* (http client)
                                                ---> web_server:80 (http server)

Consider three machines,

the user's machine, w/ a socks enabled browser
the proxy_server, running sshd and socks and accessible through the filewall
the targer server, running httpd, and behind the firewall
Do the following:
  1. Setup socks to permit the connection from proxy_host to web_server.
  2. Setup user's machine to tunnel port 1080 through ssh. Edit the file ~/.ssh/config, host section proxy_host. Include the line:
    LocalForward 1080 localhost:1080
  3. Test the socks tunnel. Ssh to proxy_host and telnet to the socks port: telnet localhost 1080 You should not get a connection reject, although there isn't much you can do with the connection using telnet text.
  4. Configure U's browser to use socks. Eg: for Mozilla, properties -> advanced -> proxies -> manual proxy configuration
    properties -> advanced -> proxies -> socks host := localhost
    properties -> advanced -> proxies -> port := 1080
    properties -> advanced -> proxies -> socks v5
    and apply.
  5. Put the IP address of web-server as the URL in the browser on localhost and go.
    Generally, the raw IP will be required since the name my be unresolvable from outside the firewall.