具有反向连接的远程HTTP代理(Remote HTTP proxy with reverse connection)

具有反向连接的远程HTTP代理(Remote HTTP proxy with reverse connection)

这是情况。 在远程LAN网络中有PC-1，我想从我的家用PC代理我的HTTP流量 （有公共静态IP）。 PC（PC-1）无法收听来自互联网的请求（它位于防火墙后面）。 它（PC-1）只能在端口上启动并连接到我的家用电脑。 我如何使用（修改）该连接作为代理连接？

Here's the situation. There is PC-1 in a remote LAN network which I want to proxy my HTTP traffic from my Home PC(have public static IP). The PC(PC-1) can't listen on requests from the internet (it's behind a firewall). It(PC-1) can only initiate and connect to my Home-PC on a port. How can i use(modify) that connection to act as a proxy connection?

最满意答案

第一种方法：

在PC-1上启动某种代理程序，我通常用mitmproxy（mitmdump更精确）

# on pc1 mitmdump -p 45849

做到家用电脑的ssh反向隧道

# on pc1 ssh -R 45849:127.0.0.1:45849 <user>@<home_pc>

配置http（s）_proxy env vars或浏览器将隧道指向socks代理http://127.0.0.1:45849

# on home pc export http_proxy=http://127.0.0.1:45849 export https_proxy=http://127.0.0.1:45849

第二种方法：

反向隧道到家用电脑暴露PC1的ssh服务

# on pc1 ssh -R 45848:127.0.0.1:22 <user>@<home_pc>

使用反向隧道创建“DynamicForward”隧道

# on home pc ssh -p 45848 -D 45849 <user>@127.0.0.1

配置http（s）_proxy env vars或浏览器将隧道指向socks代理http://127.0.0.1:45849

# on home pc export http_proxy=http://127.0.0.1:45849 export https_proxy=http://127.0.0.1:45849

当我必须安装或更新软件时，我经常使用第一种方法，以便在安全环境中的远程服务器“提供互联网”，在多层防火墙后面。

1st approach:

start some kind proxy program on the PC-1, I usually go with mitmproxy (mitmdump to be more precise)

# on pc1 mitmdump -p 45849

do a ssh reverse tunnel to the home pc

# on pc1 ssh -R 45849:127.0.0.1:45849 <user>@<home_pc>

configure http(s)_proxy env vars or the browser(s) to point the tunnel as socks proxy http://127.0.0.1:45849

# on home pc export http_proxy=http://127.0.0.1:45849 export https_proxy=http://127.0.0.1:45849

2nd approach:

reverse tunnel to the home pc exposing the PC1's ssh service

# on pc1 ssh -R 45848:127.0.0.1:22 <user>@<home_pc>

use the reverse tunnel to create a 'DynamicForward' tunnel

# on home pc ssh -p 45848 -D 45849 <user>@127.0.0.1

configure http(s)_proxy env vars or the browser(s) to point the tunnel as socks proxy http://127.0.0.1:45849

# on home pc export http_proxy=http://127.0.0.1:45849 export https_proxy=http://127.0.0.1:45849

I use the first approach often in order to "give internet" to remote servers in secured environments, behind multiple layer of firewalls, when I have to install or update software.