Proxy and Port Forwarding Devices

[VanDyke82nev]

I have 30 sites behind 30 Firewalls/Gateways/ASAs.

For every site, I regularly SSH to a few boxes behind the firewalls. There are a few appliances also behind the firewalls with web-page-only information on them that would make my job much easier, but I can't access them with a browser because of the firewall.

I have been doing some reading and it looks like I can use SecureCRT to connect to the routers behind the firewalls, and then map some port on my local machine to forward through my SecureCRT connection to the router which then forwards to the appliance webpage, so I can pull up the webpage on my desktop machine.

I have read that the remote machine I'm connecting to as a proxy has to have 'remote port forwarding' enabled.
Do routers typically have this 'on' or 'off'?
I can log onto the routers. How can I tell if the router has it enabled?

No 'remote port forwarding' means, no proxy, right? Just being able to SSH to a device doesn't mean I can use it as a proxy?

What devices generally work/don't work?
Linux servers?
Windows servers?
routers?
web servers?
ASAs?
Gateways?
VMs?

thank you

[bgagnon]

Hi VanDyke82nev,

Quote:

I have been doing some reading and it looks like I can use SecureCRT to connect to the routers behind the firewalls, and then map some port on my local machine to forward through my SecureCRT connection to the router which then forwards to the appliance webpage, so I can pull up the webpage on my desktop machine.

I have read that the remote machine I'm connecting to as a proxy has to have 'remote port forwarding' enabled.

What information have you been reading?

As far as the inquiries as to the capabilities/configuration of specific devices, hopefully other members of the community can help you with that.

[VanDyke82nev]

https://www.vandyke.com/support/tips/socksproxy.html

[VanDyke82nev]

(I am unable to edit the page above)

I've been reading pages like the link on the VanDyke site (above), and as well as pages elsewhere on SSH proxy, VPNs, etc. It looks like SecureCRT and the other clients do it as well, and even just the command line can set up SSH proxy.

But what's not exactly clear is what hosts work "for connecting to".

I can first connect to any of my hosts, and then ping or SSH to any of these machines that have the logs on the web pages, but the info on these pages is only available from a web page, not SSH.

I guess another option would be if CURL or WGET, or any other CLI browser exists on the SSH host machine, I could use that (maybe) but that's a far crappier solution than just relaying traffic from Firefox.

[bgagnon]

Hi VanDyke82nev,

Quote:

I have read that the remote machine I'm connecting to as a proxy has to have 'remote port forwarding' enabled.

I am not seeing where the SOCKS proxy tip indicates remote port forwarding is needed. It talks about setting up a "regular" (ie: local, not remote) port forward with dynamic forwarding via SOCKS enabled.

[VanDyke82nev]

Hi Brenda,

https://www.vandyke.com/support/tips/socksproxy.html

I was going by this statement in the fourth paragraph.

>>Note that the term “gateway server” used here refers to any SSH server that supports port forwarding functionality.

Maybe I don't understand this topic well enough, but it's telling me that just because I can SSH to something does not mean it will forward my web traffic to another machine like I want. It has to support port forwarding.

Do I misunderstand?

I have permission to make config changes to these routers, but I have to get everything approved unless it's an outage problem, I doubt they will let me make any changes just to make my job easier.