How to access Intranet servers from the Internet and Intranet servers

How to access Intranet servers from the Internet and Intranet servers

Assume that your computer A (running Win7) has an intranet, and you want to use another computer B (running Win7) at home to access intranet resources.

 

Prerequisites

1. access the Internet on host A and install virtual machines.

2. having an Internet VPS server S (running Debian), you can buy BandWagon cheap servers (http://bandwagonhost.com/), more than 100 yuan a year.

Principle

Initiate A connection to S from host A and keep the connection. Establish A tunnel from s to a based on this connection. Then, all requests from S to port 80 (HTTP requests) are forwarded to server A through A tunnel, and server A acts as the HTTP proxy of server S. The Internet machine B establishes A tunnel from B to S, and the machine S acts as the proxy of the machine B, thus implementing the second-level proxy structure of B-> S-> A-> intranet.

 

Main software and commands used

• Ssh: Linux Command to establish a connection;
• Curl: Linux Command, capture URL;
• Delegate: Linux software, used to convert HTTP requests to the proxy server of SOCKS requests;
• Iptables: Linux Command, route table configuration;
• VirtualBox: Windows software, virtual machine;
• Ubuntu Server: virtual machine operating system;
• Bitvise: Windows software, SSH tunnel proxy;
• Privoxy: the proxy server used to convert HTTP requests to SOCKS requests.

 

1. Establish a reverse tunnel

1.1. Install the ttuserver VM on machine.

Download VirtualBox: https://www.virtualbox.org/wiki/Downloads

Ubuntu Server: http://www.ubuntu.com/download/server

1.2. A reverse tunnel connection from A to S is established initiated by server A. The command format is as follows:

ssh -R [NPORT]:localhost:22 -p [RPORT] [SUSER]@[S_IP]

NPORT: port on the S server for listening. Packets sent to "localhost: NPORT" on server S will be directly forwarded to port 22 (default SSH service port) on server ).

RPORT: the SSH service port of the S server.

SUSER: the username used to log on to the S server. Generally, it is root.

S_IP: The public IP address of the S server.

After executing this command, you may need to enter the password of the SUSER on the S machine. After the reverse tunnel connection is established, it can be used as the terminal of S (remotely log on to S on host ).

Command example:

ssh -R 876:localhost:22 -p 26131 root@14.12.83.20

1.3. Initiated by server S, the SSH dynamic forwarding from server S to server A is established, that is, the SOCKS proxy service from server S to server A. Command Format:

ssh -f -N -D [SPORT] -p [NPORT] [LUSER]@localhost

SPORT: the port on which the SOCKS proxy service listens. All packets sent on host S with "localhost: SPORT" as the SOCKS proxy will be directly forwarded to host.

NPORT: the reverse tunnel port listening on S, which is specified in Step 1.2.

LUSER: the user name used to log on to server.

After executing this command, you may need to enter the password of the LUSER on host. So far, the SOCKS Proxy from server S to server A has been established successfully.

Command example:

ssh -f -N -D 1080 -p 876 devymex@localhost

1.4. Run the curl command to test the connection. Command Format:

curl --socks4 localhost:[SPORT] [URL]

SPORT: port for listening by the SOCKS proxy service on the S server. Set this parameter in step 1.

URL: Any URL.

Command example:

curl --socks4 localhost:1080 www.baidu.com

 

2. Install delegated on the server

Log on to the S server and perform the following operations.

2.1. If there is no g ++, install g ++ first. command:

apt-get install g++

2.2. Download and decompress the delegate (DeleGate Support Site) command:

cd ~wget ftp://ftp.delegate.org/pub/DeleGate/delegate9.9.13.tar.gztar -xzf delegate9.9.13.tar.gz

2.3. Compile the delegate command:

cd ~/delegate9.9.13make

2.4 run the delegate command in the following format:

cd ./srcdelegated -P[HPORT] SERVER=http SOCKS=localhost:[SPORT]

DPORT: the port on which the HTTP proxy service listens.

SPORT: the port on which the SOCKS proxy service listens. Set this parameter in step 1.

Command example:

delegated -P8118 SERVER=http SOCKS=localhost:1080

2.5. Run the curl command to test the connection. Command Format:

curl -x localhost:[HPORT] [URL]

HPORT: Specifies the port on which the HTTP proxy service listens.

URL: Any URL.

Command example:

curl -x localhost:8118 www.baidu.com

 

3. Create port forwarding on the server

Log on to the S server and perform the following operations.

3.1 clear existing nat rules by running the following command:

iptables -t nat -F

3.2 Create port forwarding for http protocol. Command Format:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports [HPORT]

HPORT: Specifies the port on which the HTTP proxy service listens.

After the command is executed, all HTTP requests (port 80) sent by server S will be forwarded to the HPORT.

Command example:

iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-ports 8118

3.3. Run the curl command to test the connection. Command Format:

curl [URL]

HPORT: Specifies the port on which the HTTP proxy service listens.

URL: Any URL.

Command example:

curl www.baidu.com

 

4. Connect to the server through an SSH tunnel from an Internet host

1. Install Bitvise SSH client software on machine B

: Https://www.bitvise.com/ssh-client

2. Configure the Login page of Bitvise SSH

Host: IP address of the server on the S server; Port: SSH service Port; Username: logon Username; Initial method: password; Password: logon password.

3. Configure the Services page: SOCKS/HTTP Proxy Forwarding: Enabled; Listen interface: 127.0.0.1; Listen port: 1080.

4. Install Privoxy on machine B.

: Http://sourceforge.net/projects/ijbswa/files/

5. Configure the config.txt file in the privoxydirectory and run Privoxy:

listen-address  0.0.0.0:1984forward-socks5   /  127.0.0.1:1080 .

6. Any program on machine B can use localhost: 1984 as the HTTP proxy to access intranet resources through machine.

 

Remarks

1. kill the delegate process to terminate the HTTP proxy service on S. Delete the delegate directory to completely uninstall the DeleGate.

2. Run the following command to cancel packet forwarding on port 80:

iptables -t nat -F

3. Disconnect from server A to server S to terminate the SOCKS proxy service on server S.

4. view the process ID of the specified listening port. Command Format:

fuser -un tcp [PORT]

5. We recommend using Firefox + AutoProxy to access server B.
AutoProxy: AutoProxy extension 20131215 update for Firefox


If you have any questions or problems, please comment or send a private message to help me improve this solution. Thank you!