Access the internet from a server without outbound internet access

September 9, 2013


  • This procedure assumes that you’re running a debian based OS, on your local machine. It might work from MacOSX too, possibly using Homebrew to install Privoxy, and from Windows, using the .exe installer for Privoxy and a *nix-like terminal like Mingw or Git Bash.
  • The server OS needs to be unix based for this to work, and you’ll need root access over SSH.
  • We will not have to install anything on the server.

How this works

To allow the server to access the internet, we’ll tunnel the server’s internet traffic through our local computer. To do this, we’ll need to run a simple proxy on our own computer. This proxy usually listens only for local connections. We’ll then port-forward the local port to a port on the server. From the server’s point of view, it then looks as if a proxy server is available on a local port. We can then tunnel certain server’s application’s traffic through that proxy.

Setting up the proxy over SSH

Install Privoxy proxy server and run it

On your local machine
sudo apt-get install privoxy
sudo service restart privoxy

Privoxy should now be running and accepting connections from localhost only, on port 8118.

Log in to the server over ssh and port-forward the privoxy port (8118) over that connection

ssh -R 8118:localhost:8118 root@{server}
This makes the server open port 8118 for connections, which will be forwarded to port 8118 on your local machine, on which privoxy will be listening. Privoxy will then handle the request.

Forwarding traffic over the Proxy


Create or edit the /etc/apt/apt.conf file to set proxy settings for APT
On the server:
vim /etc/apt/apt.conf

Insert this line:
Acquire::http::Proxy "";

At this point, apt will work over the proxy.

The problem now is that we can’t resolve DNS requests over the proxy (We can’t use a SOCKS5 proxy because apt doesn’t work with SOCKS5 out of the box). To solve that problem we’ll edit the /etc/hosts file to contain the repository record.
On the server:
vim /etc/hosts

Insert this line (replace the x’s with the actual ip):

If you don’t know how to get the ip address for
On your local machine:

Now you should be able to use apt to update or install packages.
apt-get install git

Other programs

If you want to use the proxy for other programs on the server, like wget or git use this:
http_proxy= {command}

This way you’re setting the proxy as an environment variable, while running the command {command}. Most (well-written) command line software will use that variable, but sometimes this won’t work.

http_proxy= wget

That’s it!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: