Home / server / Questions / 19563
Accepted
Heinrich Filter
Asked: 2009-06-05 02:09:24 +0800 CST

Use YaST through a SOCKS5 proxy

  • 772

I am ssh'ing into a server (SLES 10 sp2) that does not have access to the internet. I need to run updates and install new software on this server, preferably using Yast.

So my idea was:

  1. Create a proxy using ssh to a box that has access to the outside.
  2. Setup Yast to use this proxy.

The ssh command I run on the isolated server looks as follows:

ssh -D 9999 username@ip-of-box-with-internet-access

In Yast I go to Network Service > Proxy and enter the following as the HTTP Proxy URL:

http://localhost:9999

When I go to Test proxy settings it fails.

I suspect that Yast does not know it is a SOCKS5 proxy.

Could anyone tell me how I can setup Yast to use a proxy created with ssh?

Any help would be appreciated!

ssh proxy

2 Answers

  1. Ok, so you have a machine on the network that does not have it's traffic routed through a gateway to the internet, but it is on a network with other machines that DO have their traffic routed through a gateway to the internet.

    1.) Why is the box isolated? Is it a security risk or is it paranoia? Firewall rules should be sufficient to keep the box isolated from the network while still allowing outbound connections and respondents to those connections.

    2.) The easier way may be to use a VPN software as opposed to a proxy. YAST uses a variety of protocols and subtools (i.e. curl) to fetch patches, most of which ignore other systemwide settings.

    3.) Instead of a proxy, you may consider using a VPN solution or setting up a local mirror using Novell's patch mirroring application (called 'SMT') and your mirror credentials (both available from the Novell customer center.)

    • 0
  2. Best Answer

    An "HTTP Proxy" and a "SOCKS5 Proxy" aren't the same thing. That's why YAST doesn't get it :)

    A quick fix would be to install Squid or some other HTTP proxy on ip-of-box-with-internet-access , and then do something like ssh -L 12345:localhost:8080 user@ip-of-box-with-internet-access from the server. I do this all the time.

    An example of a quick HTTP proxy would be micro proxy, but I haven't used that and thus can't give a recommendation. Squid isn't too bad to set up.

    • 0