How to access intranet server from outside network

Suppose the intranet has its own computer A (running Win7) and wants to access the intranet resources at home with another Computer B (running Win7).

Prerequisites

1. A on-machine access to the external network and can install virtual machines.

2. With an extranet VPS server s (running Debian), you can purchase bandwagon's cheap Service (http://bandwagonhost.com/), more than 100 yuan a year.

Principle

Initiates a connection to s from a machine and maintains this connection. Based on this connection, a tunnel from S to a is established. The s all to 80 port request (HTTP request) is forwarded through the tunnel to the a machine, and a machine is used as the HTTP proxy of the S machine. The outside Network B machine establishes the tunnel from B to S, and the S machine acts as the agent of the B machine, thus realizes the two level agent structure of the intranet, B ---S.

The main software and commands used

• Ssh:linux command, establish the connection;
• curl:linux command, crawl URL;
• Delegate:linux software for translating HTTP requests into proxy servers for SOCKS requests;
• Iptables:linux command, routing table configuration;
• Virtualbox:windows software, virtual machine;
• Ubuntu Server: Virtual machine operating system;
• Putty:windows software, SSH client;
• Bitvise:windows software, SSH tunnel agent;
• Privoxy:windows software, used to convert HTTP requests to proxy servers for socks requests.

first, establish a reverse tunnel

1.1. Install the Ubuntuserver virtual machine on the a machine.

Download VirtualBox:https://www. Virtualbox.org/wiki/downloads

Download Ubuntu Server:http://www. Ubuntu.com/download/server

1.2. Initiated by a machine, establish a reverse tunnel connection from a to S, command format:

ssh -g-r [nport]:localhost: -P [Rport] [SUSER]@[S_IP]

Nport: The port on which to listen on the S machine. Packets Destined for "Localhost:nport" on the S-machine will be forwarded directly to the 22 port (SSH default service port) of machine A.

The SSH service port of the rport:s machine.

Suser: Login The user name of the s machine, usually root.

The public network IP of the s_ip:s machine.

After you execute this command, you may need to enter a password for suser on the S machine. Once the reverse tunnel connection is established successfully, it can be operated as a terminal of S (telnet to S on a machine).

Examples of commands:

SSH 876: localhost:26131 [email protected]14.12. 83.20

1.3. Initiated by S-machine, establish SSH dynamic forwarding from S to a, i.e. socks Agent service from S machine to a machine, command format:

SSH -d [SPORT]-P [nport] [Luser] @localhost

The port on which the socks Agent service on the sport:s machine listens. Packets issued on the S machine with the "Localhost:sport" as the socks agent will be forwarded directly to a machine.

The reverse tunnel port that is listening on the nport:s machine is specified in step 1.2.

Luser: Login The user name of machine A.

After you execute this command, you may need to enter the password for Luser on machine A. At this point, the socks agent from the S machine to the A machine has been established successfully.

Examples of commands:

SSH  the 876 [email protected]

1.4. Use the Curl command to test the connection, the command format:

Curl--SOCKS4 Localhost:[sport] [URL]

Sport:s on-Machine socks agent service to listen on the port, in 1.3 step development.

URL: any URL.

Examples of commands:

Curl--socks4 localhost:www.baidu.com

Second, install delegated on the server side

Another run Putty Log on S machine, perform the following actions.

Putty:http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

2.1. If no g++ is required to install g++ First, command:

Install g++

2.2. Download and decompress DeleGate (DeleGate support Site), command:

CD ~wgetFTP://ftp.delegate.org/pub/delegate/delegate9.9.13.tar.gztar -xzf Delegate9. 9.13. tar. gz

2.3. Compile delegate, command:

CD ~/delegate9. 9.13  Make

2.4. Run delegate, command format:

CD./-p[hport] server=http Socks=localhost:[sport]

The port on which the HTTP proxy service on the dport:s machine listens.

On the sport:s machine, the SOCKS Agent service is listening on the port, specified in step 1.3.

Examples of commands:

delegated-p8118 server=http socks=localhost:

2.5. Use the Curl command to test the connection, the command format:

Curl-x Localhost:[hport] [URL]

The HTTP Proxy service on the hport:s machine listens on the port, specified in step 2.4.

URL: any URL.

Examples of commands:

Curl-x localhost:8118 http://www.baidu.com/

Third, establish port forwarding on the server side

Telnet to the S machine and perform the following actions.

3.1 To clear an existing NAT rule, command:

Iptables-t nat-f

3.2 Establish port forwarding for HTTP protocol, command format:

 -j REDIRECT--to-ports [Hport]

The HTTP Proxy service on the hport:s machine listens on the port, specified in step 2.4.

After the command executes, the HTTP request (80 port) issued by the S machine is forwarded to the Hport port.

Examples of commands:

 the 8118

3.3. Use the Curl command to test the connection, the command format:

Curl [URL]

The HTTP Proxy service on the hport:s machine listens on the port, specified in step 2.4.

URL: any URL.

Examples of commands:

Www.baidu.com

Four, the external network machine through the SSH tunnel to connect to the server

1. Install bitvise SSH client software on B machine

: https://www.bitvise.com/ssh-client

2. Configure the login page for bitvise SSH

Host:s Server IP;PORT:SSH service port; Username: Login user name; Initial method:password;password: login password.

3. Configuration Services page: Socks/http Proxy forwarding:enabled;listen interface:127.0.0.1;listen port:1080.

4. Install Privoxy on machine B.

:/httpsourceforge.net/projects/ijbswa/files/

5. Configure the Config.txt file in the Privoxy directory and run the Privoxy:

Listen-address  0.0.  0.0:1984forward-socks5   /  127.0.  0.1: .

6. Any program on the B machine, with localhost:1984 as the HTTP proxy, can access the intranet resources through a machine.

Note

1. Kill the delegate process to terminate the HTTP Proxy service on the S machine and remove the delegate directory to completely uninstall delegate.

2. Perform the following command to cancel the forwarding of 80-Port packets:

Iptables-t nat-f

3. Disconnect from the A to S machine to terminate the SOCKS Agent service on the S machine.

4. View the process ID listening on the specified port, in the command format:

fuser -un TCP [PORT]

5. On the B-machine, we recommend using Firefox+autoproxy for access.
Autoproxy extension 20131215 update for Autoproxy:firefox 21-27


If you have any doubts, or have any questions, please comment or private messages to help me refine this program. Thank you!

How to access intranet servers from the extranet