Showing posts with label reverse proxy. Show all posts
Showing posts with label reverse proxy. Show all posts

15 July 2013

476: Rehash: using a browser proxy via tunnel, through a router and with reverse ssh

I may have covered this at some point, but if so, I can't find the post.

Here's the situation:
You have a linux computer at work, which is behind a corporate firewall.
You have a router at home which runs an ssh server (e.g. running tomato).
You have a computer at home, which sits behind the router above.
You want to browse from home using the corporate network

In my case it's a little bit different -- I want to make a change to the router my office network (I have my own office) sits behind, and the easiest way to do that is by logging onto that router via http (it's a stock netgear router).

How to:
First, at work, connect to your home router using reverse ssh, so that all traffic on port 19999 on the router gets sent to port 22 on your work computer:
ssh -R 19999:localhost:22 root@myhomerouter

Later, at home, forward all traffic to port 8989 on your home computer to localhost:19999 on your router (which then gets sent to port 22 on your work computer):
ssh -L 8989:localhost:19999 root@192.168.2.1

We've assumed that the router sits on 192.168.2.1 from inside the LAN. Localhost here refers to your home computer, while localhost in the command before that refers to the router.

Then, in a different terminal, open a proxy through port 8989:
 ssh -D 8888 me@localhost -p 8989

Finally, you can now edit your browser/network settings to use a SOCKS proxy on port 8888 like you would with any other proxy.

15 February 2012

67. Neat trick using reverse proxy -- several http hosts behind a firewall with only one port open

The situation: I was running two wireless webcams (Airlink101 AIC 250W) in order to monitor my laboratory. Both of these were connected to a linksys router. Only port 22 and 80 were opened by the university. We were forwarding port 80 to a Debian box running apache.

The goal: We wanted to have a page, e.g.www.externalhostname.com/image.html, serve up images from both the webcams. Using apache.

The solution:
A friend came up with this neat solution.

The following is assumed:
  • The external dns name is www.externalhostname.com
  • The cameras have the LAN ips 192.168.1.121 and 192.168.1.122


First the html file -- image.html:

<html>
<head>
<title>Lab Webcams</title>
<META HTTP-EQUIV="REFRESH" CONTENT="5">
</head>
<body bgcolor="rgb(0,0,122)" text="white">
<table border="1">
<tr>
<td>
Cam 1480
</td>
<td>
Cam 1485
</td>
<tr>
<td>
<img src="http://www.externalhostname.com/cam1/image.jpg" width="320" height="240"/>
</td>
<td>
<img src="http://www.externalhostname.com/cam2/image.jpg" width="320" height="240"/>
</td>
</table>
</body>
</htm>
Next, configure apache using /etc/apache2/httpd.conf:
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /cam1 http://192.168.1.121
ProxyPassReverse /cam1 http://192.168.1.121
ProxyPass /cam2 http://192.168.1.122
ProxyPassReverse /cam2 http://192.168.1.122

Finally, copy the following from /etc/apache2/mods-available to /etc/apache2/mods-enabled:
proxy.conf
<IfModule mod_proxy.c>
</IfModule>
proxy_http.load

# Depends: proxy
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so
proxy.load


LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so


That's it.