[kwlug-disc] reverse tunnel? vpn over ssh?

Eric Gerlach eric+kwlug at gerlach.ca
Tue Aug 18 09:19:31 EDT 2009

On Tue, Aug 18, 2009 at 12:37:31AM -0400, unsolicited wrote:
>> I'd like to, from my desktop, say "Hi DMZ box, I'm logging in. Here is
>> a temporary connection to the internet that will disappear when I log
>> out."
>> Help me lazyweb?
> I don't have the exact answer, not having done exactly this, but I think 
> you're talking a web proxy (out) [or perhaps socks] on the web server, 
> forwarding to your ssh tunnel. No ssh tunnel, it ain't going nowhere.

Actually, what I think the best solution is to run a SOCKS proxy on the

So, assume you have a SOCKS proxy running on your desktop on port 8080,
and you ssh into the DMZ box with:

$ ssh -R 8080:localhost:8080 dmz

Now, you configure the DMZ to use a SOCKS prozy on its own port 8080.
That tunnel will only be there when you've ssh'ed in, and any other time
the machine will try to connect out, won't be able to connect to the
proxy, and will fail.

The only trick is configuring your apps on the DMZ to talk to a SOCKS
proxy.  Sounds like tsocks makes that easy:

If tsocks is more than you want, you could do it on an app-by-app basis.

Also, a quick google showed "Dante" as a promising simple socks server.



More information about the kwlug-disc mailing list