Re-Route network calls to multiple domains through SSH tunnel in windows 10












1














I have the following situation: There are some hosts that are only accessible through an ssh tunnel. Lets say its




  • https://example.com

  • https://other.com


I can establish the SSH tunnel and bind the 443 ports needed for the connection to local ports:



ssh -L 1443:example.com:443 -L 2443:other.com:443 -A -l username myproxy.com


This works fine so far - when I call https://localhost:1443, I can open example.com, if I call https://localhost:2443, I can call other.com



The problem: There are some apps that are not aware of this and still try to connect via the regular hostname and port.



Adding the following lines to my hosts file, I can get a step closer to the final solution:



127.0.0.1 example.com
127.0.0.1 other.com


This enables me to call https://example.com:1443 and https://other.com:2443 in my browser - but the port is still a problem. I would need to map BOTH domains to my local port 443 to make it work for other applications.



I guess I will need to have a local proxy server listening on port 443 and forwarding traffic based on hostname to either 1443 or 2443 but this is where I'm lost.



What can I do to enable all apps on my machine to just use the hostname/port but let the traffic go over my SSH tunnel?










share|improve this question






















  • SSH can create a TAP device, and you could route the ips through that.
    – davidbaumann
    Dec 5 at 10:49










  • Do you have a document at hand which describes how I can do that?
    – Christian Engel
    Dec 5 at 11:04
















1














I have the following situation: There are some hosts that are only accessible through an ssh tunnel. Lets say its




  • https://example.com

  • https://other.com


I can establish the SSH tunnel and bind the 443 ports needed for the connection to local ports:



ssh -L 1443:example.com:443 -L 2443:other.com:443 -A -l username myproxy.com


This works fine so far - when I call https://localhost:1443, I can open example.com, if I call https://localhost:2443, I can call other.com



The problem: There are some apps that are not aware of this and still try to connect via the regular hostname and port.



Adding the following lines to my hosts file, I can get a step closer to the final solution:



127.0.0.1 example.com
127.0.0.1 other.com


This enables me to call https://example.com:1443 and https://other.com:2443 in my browser - but the port is still a problem. I would need to map BOTH domains to my local port 443 to make it work for other applications.



I guess I will need to have a local proxy server listening on port 443 and forwarding traffic based on hostname to either 1443 or 2443 but this is where I'm lost.



What can I do to enable all apps on my machine to just use the hostname/port but let the traffic go over my SSH tunnel?










share|improve this question






















  • SSH can create a TAP device, and you could route the ips through that.
    – davidbaumann
    Dec 5 at 10:49










  • Do you have a document at hand which describes how I can do that?
    – Christian Engel
    Dec 5 at 11:04














1












1








1







I have the following situation: There are some hosts that are only accessible through an ssh tunnel. Lets say its




  • https://example.com

  • https://other.com


I can establish the SSH tunnel and bind the 443 ports needed for the connection to local ports:



ssh -L 1443:example.com:443 -L 2443:other.com:443 -A -l username myproxy.com


This works fine so far - when I call https://localhost:1443, I can open example.com, if I call https://localhost:2443, I can call other.com



The problem: There are some apps that are not aware of this and still try to connect via the regular hostname and port.



Adding the following lines to my hosts file, I can get a step closer to the final solution:



127.0.0.1 example.com
127.0.0.1 other.com


This enables me to call https://example.com:1443 and https://other.com:2443 in my browser - but the port is still a problem. I would need to map BOTH domains to my local port 443 to make it work for other applications.



I guess I will need to have a local proxy server listening on port 443 and forwarding traffic based on hostname to either 1443 or 2443 but this is where I'm lost.



What can I do to enable all apps on my machine to just use the hostname/port but let the traffic go over my SSH tunnel?










share|improve this question













I have the following situation: There are some hosts that are only accessible through an ssh tunnel. Lets say its




  • https://example.com

  • https://other.com


I can establish the SSH tunnel and bind the 443 ports needed for the connection to local ports:



ssh -L 1443:example.com:443 -L 2443:other.com:443 -A -l username myproxy.com


This works fine so far - when I call https://localhost:1443, I can open example.com, if I call https://localhost:2443, I can call other.com



The problem: There are some apps that are not aware of this and still try to connect via the regular hostname and port.



Adding the following lines to my hosts file, I can get a step closer to the final solution:



127.0.0.1 example.com
127.0.0.1 other.com


This enables me to call https://example.com:1443 and https://other.com:2443 in my browser - but the port is still a problem. I would need to map BOTH domains to my local port 443 to make it work for other applications.



I guess I will need to have a local proxy server listening on port 443 and forwarding traffic based on hostname to either 1443 or 2443 but this is where I'm lost.



What can I do to enable all apps on my machine to just use the hostname/port but let the traffic go over my SSH tunnel?







networking windows-10 ssh proxy tunnel






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 5 at 10:46









Christian Engel

151125




151125












  • SSH can create a TAP device, and you could route the ips through that.
    – davidbaumann
    Dec 5 at 10:49










  • Do you have a document at hand which describes how I can do that?
    – Christian Engel
    Dec 5 at 11:04


















  • SSH can create a TAP device, and you could route the ips through that.
    – davidbaumann
    Dec 5 at 10:49










  • Do you have a document at hand which describes how I can do that?
    – Christian Engel
    Dec 5 at 11:04
















SSH can create a TAP device, and you could route the ips through that.
– davidbaumann
Dec 5 at 10:49




SSH can create a TAP device, and you could route the ips through that.
– davidbaumann
Dec 5 at 10:49












Do you have a document at hand which describes how I can do that?
– Christian Engel
Dec 5 at 11:04




Do you have a document at hand which describes how I can do that?
– Christian Engel
Dec 5 at 11:04










1 Answer
1






active

oldest

votes


















0














Use ssh -D. This will create a SOCKS 5 proxy server on the specified port (usually 1080 or 9050), which you can configure in the browser and access everything through the SSH tunnel.



This works identically with OpenSSH, PuTTY (plink), Bitvise Tunnelier; and does not depend on any operating system-level features.



For example, with ssh -D 9050 running, you can configure Firefox like this:



enter image description here



(Chrome might need a command-line option instead.)






share|improve this answer





















    Your Answer








    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "3"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1380968%2fre-route-network-calls-to-multiple-domains-through-ssh-tunnel-in-windows-10%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Use ssh -D. This will create a SOCKS 5 proxy server on the specified port (usually 1080 or 9050), which you can configure in the browser and access everything through the SSH tunnel.



    This works identically with OpenSSH, PuTTY (plink), Bitvise Tunnelier; and does not depend on any operating system-level features.



    For example, with ssh -D 9050 running, you can configure Firefox like this:



    enter image description here



    (Chrome might need a command-line option instead.)






    share|improve this answer


























      0














      Use ssh -D. This will create a SOCKS 5 proxy server on the specified port (usually 1080 or 9050), which you can configure in the browser and access everything through the SSH tunnel.



      This works identically with OpenSSH, PuTTY (plink), Bitvise Tunnelier; and does not depend on any operating system-level features.



      For example, with ssh -D 9050 running, you can configure Firefox like this:



      enter image description here



      (Chrome might need a command-line option instead.)






      share|improve this answer
























        0












        0








        0






        Use ssh -D. This will create a SOCKS 5 proxy server on the specified port (usually 1080 or 9050), which you can configure in the browser and access everything through the SSH tunnel.



        This works identically with OpenSSH, PuTTY (plink), Bitvise Tunnelier; and does not depend on any operating system-level features.



        For example, with ssh -D 9050 running, you can configure Firefox like this:



        enter image description here



        (Chrome might need a command-line option instead.)






        share|improve this answer












        Use ssh -D. This will create a SOCKS 5 proxy server on the specified port (usually 1080 or 9050), which you can configure in the browser and access everything through the SSH tunnel.



        This works identically with OpenSSH, PuTTY (plink), Bitvise Tunnelier; and does not depend on any operating system-level features.



        For example, with ssh -D 9050 running, you can configure Firefox like this:



        enter image description here



        (Chrome might need a command-line option instead.)







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Dec 5 at 12:00









        grawity

        232k35490546




        232k35490546






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Super User!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.





            Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


            Please pay close attention to the following guidance:


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1380968%2fre-route-network-calls-to-multiple-domains-through-ssh-tunnel-in-windows-10%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            Сан-Квентин

            8-я гвардейская общевойсковая армия

            Алькесар