Access the internet from a server without outbound internet access

September 9, 2013

Important

  • This procedure assumes that you’re running a debian based OS, on your local machine. It might work from MacOSX too, possibly using Homebrew to install Privoxy, and from Windows, using the .exe installer for Privoxy and a *nix-like terminal like Mingw or Git Bash.
  • The server OS needs to be unix based for this to work, and you’ll need root access over SSH.
  • We will not have to install anything on the server.

How this works

To allow the server to access the internet, we’ll tunnel the server’s internet traffic through our local computer. To do this, we’ll need to run a simple proxy on our own computer. This proxy usually listens only for local connections. We’ll then port-forward the local port to a port on the server. From the server’s point of view, it then looks as if a proxy server is available on a local port. We can then tunnel certain server’s application’s traffic through that proxy.

Setting up the proxy over SSH

Install Privoxy proxy server and run it

On your local machine
sudo apt-get install privoxy
sudo service restart privoxy

Privoxy should now be running and accepting connections from localhost only, on port 8118.

Log in to the server over ssh and port-forward the privoxy port (8118) over that connection

ssh -R 8118:localhost:8118 root@{server}
This makes the server open port 8118 for connections, which will be forwarded to port 8118 on your local machine, on which privoxy will be listening. Privoxy will then handle the request.

Forwarding traffic over the Proxy

APT

Create or edit the /etc/apt/apt.conf file to set proxy settings for APT
On the server:
vim /etc/apt/apt.conf

Insert this line:
Acquire::http::Proxy "http://127.0.0.1:8118";

At this point, apt will work over the proxy.

The problem now is that we can’t resolve DNS requests over the proxy (We can’t use a SOCKS5 proxy because apt doesn’t work with SOCKS5 out of the box). To solve that problem we’ll edit the /etc/hosts file to contain the repository record.
On the server:
vim /etc/hosts

Insert this line (replace the x’s with the actual ip):
{xx.xx.xx.xx} archive.debian.org

If you don’t know how to get the ip address for archive.debian.org
On your local machine:
nslookup archive.debian.org

Now you should be able to use apt to update or install packages.
Example:
apt-get install git

Other programs

If you want to use the proxy for other programs on the server, like wget or git use this:
http_proxy=127.0.0.1:8118 {command}

This way you’re setting the proxy as an environment variable, while running the command {command}. Most (well-written) command line software will use that variable, but sometimes this won’t work.

Example:
http_proxy=127.0.0.1:8118 wget github.com

That’s it!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: