On Fri, Oct 03, 2008 at 12:02:22 -0400, Mitchell Laks wrote: > Hi, > > I have a number of debian machines that live behind a firewall. > > Debian Machine A is granted internet access and can browse > the internet. However machines B-D were not granted internet access and live > on the general internal network, > and were originally installed with Debian by utilizing a private network with > machine A > 192.168.4.x, and getting internet access via NAT through A. > > Now machines B-D no longer live on the private network but can ssh into > machine A. > > Now I know how to browse the internet on B-D > by creating a ssh tunnel to A and utilizing the Iceweasel Browser settings > to use a > local Socks proxy. > > > Can I do something similar with apt-get so that I can apt-get update and > apt-get upgrade > over ssh without > physically moving the machines B-D to the private network 192.168.4.x with > machine A?
Can you run a proxy on machine A? You can secure it very tightly, both via its own configuration and via your firewall, so that it only accepts local connections on machine A. Then you can do this on machines B-D: ssh -N -L 31280:localhost:3128 $HOSTNAME_OR_IP_OF_MACHINE_A This will tunnel port 31280 on B-D to machine A, from where it will be forwarded to localhost (i.e. machine A itself) port 3128. This assumes that your proxy on A listens for local connections on port 3128 (the standard squid port). Then it will be as if the proxy was running on B-D listening on port 31280, so you can set "http://localhost:31280" as the http_proxy variable on these machines. If you cannot run a proxy on machine A then you can try to use tsocks on machines B-D: http://tsocks.sourceforge.net/ (Debian packages are available in main.) -- Regards, | http://users.icfo.es/Florian.Kulzer Florian | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]