0

I have a command-line application on linux that uses a specific port to talk to a remote server. Unfortunately, at work, that port is blocked.

I am able to connect my laptop via VNC to the network, and the laptop is on a wifi connection that does have port access to the remote server. I am able to ssh to my laptop from the secure network when it is connected.

Is there a way of using ssh port tunnelling to work around this? Can I port tunnel to my laptop and have my laptop act as a middle-man between the firewalled network and the remote server?

Firewalled Linux Box ---ssh---> Mac OSX Laptop ---wifi---> Remote Server

Some specifics:

  • The command-line application is a wrapper to pip. The command line doesn't have the option to specify a proxy or an alternative ip/server for it to use.
  • To my understanding, Pip might be communicating with a number of different servers, but most likely pypi.python.org.
  • According to a source I found, Pip communicates over port 3128

I have tried the following:

ssh -v -f -4 -N -L 3128:pypi.python.org:3128 [email protected]

(The xx.x.xx.xxx is standing in for the laptop ip address)

When it runs, it says:

Remote connections from LOCALHOST:3128 forwarded to local address pypi.python.org:3128

That seems backwards to me, but I'm new to this so who knows! Either way, it doesn't seem to work. FYI, as a test I'm using:

telnet pypi.python.org 3128

to check to see if the firewalled machine now has access, but it doesn't.

Any thoughts?

Improve this question
3
  • telnet localhost 3128
    – Ipor Sircer
    Commented Nov 22, 2017 at 15:31
  • Hi @IporSircer, note the sentence in bold. I can't change how pip tries to find the server, so I can't point it at localhost 3128.
    – AndyN
    Commented Nov 22, 2017 at 15:55
  • Then use proxyhack or httppc
    – Ipor Sircer
    Commented Nov 22, 2017 at 16:14

1 Answer 1

Reset to default
1

General note: Tying secure networks to unsecured networks is not strictly a techical concern. It can get you fired or worse. Get up-chain permission.

On to the technical:

To accomplish:

telnet pypi.python.org 3128

you will need to alter your /etc/hosts file to include "pypi.python.org" as part of the localhosts line.

In my case, accessing remote code repositories via ssh tunnel, so that the development tool configs stay consistent (always referencing the same host name) even when remote, I just use something like the following sample script to config hosts (could be called by cron or manually).

Backup your /etc/hosts file before using the script.

triggerport=1234
servname="myserver"
if [ `netstat -nl | grep :631 | wc -l ` -gt 0  ]
  then 
    awk -v serv=$servname  '/127.0.0.1/ {print $0 " " serv;next} 1' /etc/hosts > /etc/hosts
 else
    awk -v serv=$servname '{gsub(serv,"")};1' /etc/hosts > /etc/hosts
fi

As I stated, you could setup a cron job to trigger this script and establish the tunnel-hostname mapping automatically. I've typically only done that on system-to-system connections that will bring up and down ssh tunnels as needed.

Improve this answer
1
  • Thanks for the answer John. Good advice about getting up-chain permission! Hehe! I'll be sure to do that.
    – AndyN
    Commented Nov 23, 2017 at 9:20

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .