这是情况。 在远程LAN网络中有PC-1,我想从我的家用PC代理我的HTTP流量 (有公共静态IP)。 PC(PC-1)无法收听来自互联网的请求(它位于防火墙后面)。 它(PC-1)只能在端口上启动并连接到我的家用电脑。 我如何使用(修改)该连接作为代理连接?
Here's the situation. There is PC-1 in a remote LAN network which I want to proxy my HTTP traffic from my Home PC(have public static IP). The PC(PC-1) can't listen on requests from the internet (it's behind a firewall). It(PC-1) can only initiate and connect to my Home-PC on a port. How can i use(modify) that connection to act as a proxy connection?
最满意答案
第一种方法:
在PC-1上启动某种代理程序,我通常用mitmproxy(mitmdump更精确)
# on pc1 mitmdump -p 45849做到家用电脑的ssh反向隧道
# on pc1 ssh -R 45849:127.0.0.1:45849 <user>@<home_pc>配置http(s)_proxy env vars或浏览器将隧道指向socks代理http://127.0.0.1:45849
# on home pc export http_proxy=http://127.0.0.1:45849 export https_proxy=http://127.0.0.1:45849第二种方法:
反向隧道到家用电脑暴露PC1的ssh服务
# on pc1 ssh -R 45848:127.0.0.1:22 <user>@<home_pc>使用反向隧道创建“DynamicForward”隧道
# on home pc ssh -p 45848 -D 45849 <user>@127.0.0.1配置http(s)_proxy env vars或浏览器将隧道指向socks代理http://127.0.0.1:45849
# on home pc export http_proxy=http://127.0.0.1:45849 export https_proxy=http://127.0.0.1:45849当我必须安装或更新软件时,我经常使用第一种方法,以便在安全环境中的远程服务器“提供互联网”,在多层防火墙后面。
1st approach:
start some kind proxy program on the PC-1, I usually go with mitmproxy (mitmdump to be more precise)
# on pc1 mitmdump -p 45849do a ssh reverse tunnel to the home pc
# on pc1 ssh -R 45849:127.0.0.1:45849 <user>@<home_pc>configure http(s)_proxy env vars or the browser(s) to point the tunnel as socks proxy http://127.0.0.1:45849
# on home pc export http_proxy=http://127.0.0.1:45849 export https_proxy=http://127.0.0.1:458492nd approach:
reverse tunnel to the home pc exposing the PC1's ssh service
# on pc1 ssh -R 45848:127.0.0.1:22 <user>@<home_pc>use the reverse tunnel to create a 'DynamicForward' tunnel
# on home pc ssh -p 45848 -D 45849 <user>@127.0.0.1configure http(s)_proxy env vars or the browser(s) to point the tunnel as socks proxy http://127.0.0.1:45849
# on home pc export http_proxy=http://127.0.0.1:45849 export https_proxy=http://127.0.0.1:45849I use the first approach often in order to "give internet" to remote servers in secured environments, behind multiple layer of firewalls, when I have to install or update software.
更多推荐
发布评论