Do you ever find yourself in need to browse the web from a network behind a firewall?
I’m curious if there’s a more direct route, but here’s what I did.
SSH Setup Reverse Tunnel
Borrowed from my post about setting this up for Remote Desktop.
On a LightSail instance on AWS (or your choice of linux servers)
sudo apt update sudo apt install openssh-server
Edit the sshd_config
sudo vim /etc/ssh/sshd_config
At the bottom. Type “i” for insert then add the following lines
#Allow SSH Tunneling GatewayPorts=clientspecified
To save: esc then “:wq” (command, wright, quit)
you can check that’s in there by running
cat /etc/ssh/sshd_config | Gate
#GatewayPorts no GatewayPorts=clientspecified
On your windows computer behind the firewall
Follow instructions from Microsoft to install OpenSSH:
Add to file ~/.ssh/config #aws server Host 22.214.171.124 User bitnami IdentityFile ~/.ssh/id_rsa IdentitiesOnly yes ServerAliveInterval 60 ServerAliveCountMax 10
Adding ServerAliveInterval sets the number of seconds the client will wait before sending a keep connection alive
ServerAliveCountMax sets the number of times the client will try to keep connection alive.
you can also add this to the server as well.
ClientAliveInterval 60 ClientAliveCountMax 10 #default is 3
Be sure to open up the correct port on your AWS firewall. I suggest restricting traffic on port 12345 only to the ip address of your client so you’re not opening up the port for nefarious actors.
In your terminal enter:
ssh 126.96.36.199 -2 -4 -T -N -C -R 0.0.0.0:12345:127.0.0.1:22
This creates an ssh tunnel, where a client can ssh into port 12345 on the AWS server which tunnels the traffic to your windows server behind the firewall.
Tunnel HTTP through SSH Tunnel with PuTTY
On your client computer, install PuTTY with the msi
Use the PuTTYgen tool that’s installed to convert the private key to PuTTY’s .ppk format
Host Name (of IP Address): 188.8.131.52 (ip of your aws server)
In the category field go to Connection -> SSH -> Tunnels
in source port: 8080
destination port: localhost:80
Navigate back to Session
name the configuration, and save, then press open.
Because all traffic coming into 12345 on the aws server is routed to port 22 on the windows server, log in with your username and password for the windows machine. Once logged in, you’ll see the command prompt on your windows server.
Firefox is the easiest to set up. From options menu (top right) select Settings
At the very bottom of GENERAL, in the Network Settings section, select Settings
From the radio buttons, select Manural proxy configuration
in SOCKS Host: localhost
Select Socks v5
Check the box next to Proxy DNS when using SOCKS V5
Test you setup
open google and search for “What is my ip”, The search result includes your IP address, it should be the IP of the WAN (Wide Area Network) of your windows server.
OpenSSH has a verbose mode. Add -v to your command for standard amount of verboseness. -vv will add even more info, -vvv will provide even more
The first tunnel is to forward all traffic from port 12345 on the AWS server to port 22 on the Windows Server
The Second tunnel forwards all traffic on port 80 (http) from your client computer (through the first tunnel), then requests the http traffic from the windows server.
Use SSH (without PuTTY)
In a terminal:
ssh -D 8080 -C -N [email protected] -p 12345
-D ::: Enables dynamic port forwarding, also known as a SOCKS proxy.
8080 is the binding port
-C ::: Enables compression
-N ::: Enables quiet mode
user ::: your windows server username
184.108.40.206 ::: Your AWS server
-p ::: Set ssh port
12345 ::: the port we want to connect to the AWS server so traffic is forwarded to the windows server
Activate Proxy on Mac
Settings -> Network -> (your network connection wifi/ethernet)
From the details screen, select Proxies menu item.
activate SOCKS proxy.