1

I have a local laptop that needs to connect to the company VPN to access our staging environment and private repositories.

I have a remote machine that I am using for development that I SSH into and run build commands.

That remote machine does not have access to the VPN (because we use some weird VPN that requires MFA and is unauthenticatable via non gui session).

Is it possible to SSH into the remote machine and resolve network traffic from my client's network? or even better, only resolve certain URLs with my client's network?

I know I can use a SOCKS 5 proxy to resolve URLs on the client using the remote's network, can that be reversed?

ssh -D 1337 [email protected]
Improve this question

1 Answer 1

Reset to default
1

I know I can use a SOCKS 5 proxy to resolve URLs on the client using the remote's network, can that be reversed?

ssh -D 1337 [email protected]

Like the reverse of -L is -R, the reverse of -D is… -R. See man 1 ssh [emphasis mine]:

-R [bind_address:]port:host:hostport  
-R [bind_address:]port:local_socket
-R remote_socket:host:hostport
-R remote_socket:local_socket
-R [bind_address:]port

Specifies that connections to the given TCP port or Unix socket on the remote (server) host are to be forwarded to the local side. This works by allocating a socket to listen to either a TCP port or to a Unix socket on the remote side. Whenever a connection is made to this port or Unix socket, the connection is forwarded over the secure channel, and a connection is made from the local machine to either an explicit destination specified by host port hostport, or local_socket, or, if no explicit destination was specified, ssh will act as a SOCKS 4/5 proxy and forward connections to the destinations requested by the remote SOCKS client.

[…]

Then on the SSH server side you either use something like proxychains or configure each relevant program separately to use the proxy. Note a program may or may not support DNS through a proxy. Even if it does, proper configuration may be required.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .