Last active
June 30, 2016 18:42
-
-
Save xriss/65cacf9d55a444d69eeac66205bd570d to your computer and use it in GitHub Desktop.
Use ssh to run a socks proxy, locked down by IP, probably running on a NAT VPS.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Use ssh to run a socks proxy, locked down by IP, probably running on a NAT VPS. | |
# note that this script shouid be run inside byobu for longterm proxying | |
# beware that you will need to stop and then run this script again if your IP changes. | |
# the port to share on must be in valid range for your nat vps | |
# use this combined with the public ip to connect a browser to this socks server | |
PORT=1001 | |
# find your public ip here-> https://www.google.com/search?q=what+is+my+ip | |
# pass it in as the first argument to this script, or hardcode it here. | |
MYIP=$1 | |
# on a nat vps this is not going to be 22, so set it correctly for your machine | |
SSHPORT=22 | |
# protect the port, so only people from your IP can connect to it VERY IMPORTANT! | |
# this resets old iptables junk | |
iptables -F | |
iptables -X | |
iptables -t nat -F | |
iptables -t nat -X | |
iptables -t mangle -F | |
iptables -t mangle -X | |
iptables -P INPUT ACCEPT | |
iptables -P FORWARD ACCEPT | |
iptables -P OUTPUT ACCEPT | |
# this adds a new chain which will only allow connections from #MYIP | |
iptables -X xxx | |
iptables -N xxx # create a new chain | |
iptables -A xxx --src $MYIP -j ACCEPT # who to allow | |
iptables -A xxx -j DROP | |
iptables -I INPUT -m tcp -p tcp --dport $PORT -j xxx | |
# use ssh to connect back into ourselves and start a proxy server at the same time (HAXTBH) | |
# this may ask for a password, use " ssh-copy-id root@localhost " to stop it doing that | |
ssh -p $SSHPORT -D *:$PORT root@localhost "bash" | |
# type exit in that new connection to shut this proxy down | |
# this makes it easier to control than having it run a proxy headless | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment