Access to the internet from a firewalled server












1















I'm trying to set up a test Docker platform at work. I need pull images, but can't do so because the test server does not have direct internet access (firewalled). There is another server that can connect to the internet, but only through a proxy. Between the test server and internet-accessible server, only a handful of ports are open. I'm thinking I could set up a tunnel between both, but not sure how.



Ports open from Test server to Internet-accessible:



80/tcp

111/tcp

2049/tcp

7001/tcp

7002/tcp


Ports open from Internet-accessible to Test:



22/tcp

1720/tcp


I have http_proxy configured in .bash_profile, on the Internet-accessible server:



export http_proxy=http://username:password@internet-server:8080/





linux firewall proxy







share|improve this question

























  • What use is that http_proxy definition if port 8080 isn't accessible? Or is that the point of the question? Or is that proxy actually a third server that you haven't mentioned?

    – roaima
    Apr 14 '16 at 22:38













  • The internet-accessible server uses an authenticated proxy on port 8080. If I need to get anything from the web (eg wget) on that host, I have to use the proxy.

    – Dave
    Apr 14 '16 at 23:58













  • Just so that I'm clear; I want to be able to use wget/curl to fetch packages on the test server, through the internet-accessible server.

    – Dave
    Apr 15 '16 at 0:01


















1















I'm trying to set up a test Docker platform at work. I need pull images, but can't do so because the test server does not have direct internet access (firewalled). There is another server that can connect to the internet, but only through a proxy. Between the test server and internet-accessible server, only a handful of ports are open. I'm thinking I could set up a tunnel between both, but not sure how.



Ports open from Test server to Internet-accessible:



80/tcp

111/tcp

2049/tcp

7001/tcp

7002/tcp


Ports open from Internet-accessible to Test:



22/tcp

1720/tcp


I have http_proxy configured in .bash_profile, on the Internet-accessible server:



export http_proxy=http://username:password@internet-server:8080/





linux firewall proxy







share|improve this question

























  • What use is that http_proxy definition if port 8080 isn't accessible? Or is that the point of the question? Or is that proxy actually a third server that you haven't mentioned?

    – roaima
    Apr 14 '16 at 22:38













  • The internet-accessible server uses an authenticated proxy on port 8080. If I need to get anything from the web (eg wget) on that host, I have to use the proxy.

    – Dave
    Apr 14 '16 at 23:58













  • Just so that I'm clear; I want to be able to use wget/curl to fetch packages on the test server, through the internet-accessible server.

    – Dave
    Apr 15 '16 at 0:01
















1












1








1








I'm trying to set up a test Docker platform at work. I need pull images, but can't do so because the test server does not have direct internet access (firewalled). There is another server that can connect to the internet, but only through a proxy. Between the test server and internet-accessible server, only a handful of ports are open. I'm thinking I could set up a tunnel between both, but not sure how.



Ports open from Test server to Internet-accessible:



80/tcp

111/tcp

2049/tcp

7001/tcp

7002/tcp


Ports open from Internet-accessible to Test:



22/tcp

1720/tcp


I have http_proxy configured in .bash_profile, on the Internet-accessible server:



export http_proxy=http://username:password@internet-server:8080/





linux firewall proxy







share|improve this question
















I'm trying to set up a test Docker platform at work. I need pull images, but can't do so because the test server does not have direct internet access (firewalled). There is another server that can connect to the internet, but only through a proxy. Between the test server and internet-accessible server, only a handful of ports are open. I'm thinking I could set up a tunnel between both, but not sure how.



Ports open from Test server to Internet-accessible:



80/tcp

111/tcp

2049/tcp

7001/tcp

7002/tcp


Ports open from Internet-accessible to Test:



22/tcp

1720/tcp


I have http_proxy configured in .bash_profile, on the Internet-accessible server:



export http_proxy=http://username:password@internet-server:8080/





linux firewall proxy




linux firewall proxy






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 2 hours ago









Rui F Ribeiro

41.3k1481140




41.3k1481140










asked Apr 14 '16 at 21:37









DaveDave

219




219













  • What use is that http_proxy definition if port 8080 isn't accessible? Or is that the point of the question? Or is that proxy actually a third server that you haven't mentioned?

    – roaima
    Apr 14 '16 at 22:38













  • The internet-accessible server uses an authenticated proxy on port 8080. If I need to get anything from the web (eg wget) on that host, I have to use the proxy.

    – Dave
    Apr 14 '16 at 23:58













  • Just so that I'm clear; I want to be able to use wget/curl to fetch packages on the test server, through the internet-accessible server.

    – Dave
    Apr 15 '16 at 0:01





















  • What use is that http_proxy definition if port 8080 isn't accessible? Or is that the point of the question? Or is that proxy actually a third server that you haven't mentioned?

    – roaima
    Apr 14 '16 at 22:38













  • The internet-accessible server uses an authenticated proxy on port 8080. If I need to get anything from the web (eg wget) on that host, I have to use the proxy.

    – Dave
    Apr 14 '16 at 23:58













  • Just so that I'm clear; I want to be able to use wget/curl to fetch packages on the test server, through the internet-accessible server.

    – Dave
    Apr 15 '16 at 0:01



















What use is that http_proxy definition if port 8080 isn't accessible? Or is that the point of the question? Or is that proxy actually a third server that you haven't mentioned?

– roaima
Apr 14 '16 at 22:38







What use is that http_proxy definition if port 8080 isn't accessible? Or is that the point of the question? Or is that proxy actually a third server that you haven't mentioned?

– roaima
Apr 14 '16 at 22:38















The internet-accessible server uses an authenticated proxy on port 8080. If I need to get anything from the web (eg wget) on that host, I have to use the proxy.

– Dave
Apr 14 '16 at 23:58







The internet-accessible server uses an authenticated proxy on port 8080. If I need to get anything from the web (eg wget) on that host, I have to use the proxy.

– Dave
Apr 14 '16 at 23:58















Just so that I'm clear; I want to be able to use wget/curl to fetch packages on the test server, through the internet-accessible server.

– Dave
Apr 15 '16 at 0:01







Just so that I'm clear; I want to be able to use wget/curl to fetch packages on the test server, through the internet-accessible server.

– Dave
Apr 15 '16 at 0:01












2 Answers
2






active

oldest

votes


















1














You could set up a ssh-based virtual private network using the tun network pseudo-device; man ssh gives an example. If you don't have admin access on the internet-accessible server you might consider sshuttle to accomplish the same thing.






share|improve this answer































    1














    I got this working.



    From the server which has internet-access:



    ssh -R any-port:proxy-ip:proxy-port user@testserver


    Then, once I'm on the test server:



    export http_prox=http://username:password@localhost:any-port/


    eg:



    ssh -R 2001:proxy-ip:8080 root@testserver
    

    
[root@testserver]# export http_proxy=http://proxyuser:proxyuser-password@localhost:2001/
    
[root@testserver]# export https_proxy=https://proxyuser:proxyuser-password@localhost:2001/





    share|improve this answer























      Your Answer








      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "106"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: false,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: null,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f276567%2faccess-to-the-internet-from-a-firewalled-server%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      1














      You could set up a ssh-based virtual private network using the tun network pseudo-device; man ssh gives an example. If you don't have admin access on the internet-accessible server you might consider sshuttle to accomplish the same thing.






      share|improve this answer




























        1














        You could set up a ssh-based virtual private network using the tun network pseudo-device; man ssh gives an example. If you don't have admin access on the internet-accessible server you might consider sshuttle to accomplish the same thing.






        share|improve this answer


























          1












          1








          1







          You could set up a ssh-based virtual private network using the tun network pseudo-device; man ssh gives an example. If you don't have admin access on the internet-accessible server you might consider sshuttle to accomplish the same thing.






          share|improve this answer













          You could set up a ssh-based virtual private network using the tun network pseudo-device; man ssh gives an example. If you don't have admin access on the internet-accessible server you might consider sshuttle to accomplish the same thing.







          share|improve this answer












          share|improve this answer



          share|improve this answer










          answered Apr 15 '16 at 0:29









          neofugneofug

          1413




          1413

























              1














              I got this working.



              From the server which has internet-access:



              ssh -R any-port:proxy-ip:proxy-port user@testserver


              Then, once I'm on the test server:



              export http_prox=http://username:password@localhost:any-port/


              eg:



              ssh -R 2001:proxy-ip:8080 root@testserver
              

              
[root@testserver]# export http_proxy=http://proxyuser:proxyuser-password@localhost:2001/
              
[root@testserver]# export https_proxy=https://proxyuser:proxyuser-password@localhost:2001/





              share|improve this answer




























                1














                I got this working.



                From the server which has internet-access:



                ssh -R any-port:proxy-ip:proxy-port user@testserver


                Then, once I'm on the test server:



                export http_prox=http://username:password@localhost:any-port/


                eg:



                ssh -R 2001:proxy-ip:8080 root@testserver
                

                
[root@testserver]# export http_proxy=http://proxyuser:proxyuser-password@localhost:2001/
                
[root@testserver]# export https_proxy=https://proxyuser:proxyuser-password@localhost:2001/





                share|improve this answer


























                  1












                  1








                  1







                  I got this working.



                  From the server which has internet-access:



                  ssh -R any-port:proxy-ip:proxy-port user@testserver


                  Then, once I'm on the test server:



                  export http_prox=http://username:password@localhost:any-port/


                  eg:



                  ssh -R 2001:proxy-ip:8080 root@testserver
                  

                  
[root@testserver]# export http_proxy=http://proxyuser:proxyuser-password@localhost:2001/
                  
[root@testserver]# export https_proxy=https://proxyuser:proxyuser-password@localhost:2001/





                  share|improve this answer













                  I got this working.



                  From the server which has internet-access:



                  ssh -R any-port:proxy-ip:proxy-port user@testserver


                  Then, once I'm on the test server:



                  export http_prox=http://username:password@localhost:any-port/


                  eg:



                  ssh -R 2001:proxy-ip:8080 root@testserver
                  

                  
[root@testserver]# export http_proxy=http://proxyuser:proxyuser-password@localhost:2001/
                  
[root@testserver]# export https_proxy=https://proxyuser:proxyuser-password@localhost:2001/






                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Apr 19 '16 at 2:40









                  DaveDave

                  219




                  219






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Unix & Linux Stack Exchange!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f276567%2faccess-to-the-internet-from-a-firewalled-server%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      -

                      Popular posts from this blog

                      Accessing regular linux commands in Huawei's Dopra Linux

                      Image
                      4 Backstory: I have a Huawei HG8245 router in my house and I want to change the default username/password. I've tried following this guide but the config file always gets reset. My ISP isn't helping either so I'm looking for other ways to accomplish this. The router has telnet access so this seems like a way to change the credentials. The first shell I gain access to looks like this: WAP> Pressing "?" gives me a list of available commands which I've pasted here, the two interesting ones are "su" and "shell". I can't seem to get su access, even after logging in as root (challenge password prompt, and then nothing happens), but shell gives me a proper linux shell. WAP>shell BusyBox v1.18.4 (2017-12-26 17:06:34 CST) built-in shell (ash) Enter 'hel...
                      Read more

                      Can't connect RFCOMM socket: Host is down

                      Image
                      up vote 3 down vote favorite I have bluez 5.4.3 and I am attempting to communicate with a ble device through minicom. These two deceives (my computer and a bluno nano) are alreadt paired and this has been my method so far. #bluetoothctl # pair xx:xx:xx:xx:xx:xx # exit Everything is working well so far then... #sudo rfcomm connect /dev/rfcomm0 xx:xx:xx:xx:xx:xx 1 & [1] 3665 Can't connect RFCOMM socket: Host is down Does anyone know how to resolve this issue? Any help would be very much appreciated. bluetooth bluez share | improve this question asked Feb 9 '17 at 18:46 Brandon Knape 46 2 ...
                      Read more

                      Kernel panic - not syncing: Fatal Exception in Interrupt

                      Image
                      0 Every day this error occured on my pc, kernel panic error on interrupt, what will be the problem? linux-mint share asked 6 mins ago Vinod Selvin Vinod Selvin 1 1 New contributor Vinod Selvin is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct. add a comment ...
                      Read more