Originally Posted by mitchtaydev
It looks like you've set up a successful SSH tunnel as opposed to a reverse proxy. Effectively 3128 is being tunneled over port 22 which is why it doesn't need to be configured on the firewall.
My whole solution is based around this and entails.
Forwarding port 443 on my WAN to port 22 on a server within my network (my corporate firewall blocks all ports but 80/443 ... I can't even use FTP).
Then set up a SOCKS proxy with putty (It's the dynamic setting on the screenshot you have above.)
Then configure firefox to connect to a socks proxy on localhost, and configure it to forward all DNS queries through the proxy.
That way I can access any web based services in my lan, as DNS queries are resolved by my router. Because Firefoxs' settings are segregated from other browsers I can still use both Chrome and IE as normal browsers to access our internal intranet and other services as normal.
Also, you I can use SSH tunneling to forward port 3389 to localhost 3390+ and do a remote desktop connection via mstsc /v 127.0.0.1:3390 etc which can be useful if I need that also.
Yeah, I'm pretty happy with this solution. I got around the need for SOCKS proxy, as well. I do need to make a few changes to this (re-enable IPTables, change my SSH back to port 22 and use PAT for port 80 instead of having SSH set to 80 and forwarding that through, create a user account to use instead of using root, configure PuTTY to autoconnect at logon, etc).
Thanks for the tip about mstsc, however that is unneccesary. I have a Microsoft RD Gateway in place, which allows me to RDP to any Windows device on my network over HTTPS, with the use of a self-signed cert which is imported on my work computer. This is my primary means of remoting in, instead of using VPN. As a plan B, I use an application called Guacamole which runs on a CentOS box. It's a Gateway of it's own kind, giving me RDP, SSH, and VNC access via HTML5 clients. It's web based, and I can have RDP/SSH/VNC connections in different Chrome tabs (pretty cool -- I wrote a blog about it
). So no need for remote desktop woes.
I'm also using Proxy SwitchySharp
which allows me to configure rules for proxying traffic. Default rule uses no proxy, but if a website contains "MyDomain" it will use my squid proxy, so it's a turn it on and never have to worry about it, thing. The only sites blocked for me at work are porn and gambling (I can keep up to date on my booze, guns, games, and social media though -- perks of working in IT), and if something is blocked that I want to see then I'd do it on my home computer via RDP. Since I have my Chrome highly configured with Speed Dial 2 and groups for work, personal, and home network stuff, I didn't want to have to deal with Firefox and recreating bookmarks and finding a way to sync all that to my work laptop as well. Now I can seemlessly continue using Chrome for 98% of the day, like normal, and IE for the rest (SharePoint and our NetScalers-- go figure). It may seems complicated, but all in all, it does exactly what I want in a way that's seemless once configured.
FWIW, I do plan to do some write-ups on my home network one of these days (network diagrams, VMs/specs, configurations, software I run, automation, etc, etc).Edited by tycoonbob - 10/22/13 at 1:21pm