My problem: I have a bunch of Raspberry Pi computers, all connected via a network switch and USB ethernet port to a "gateway" Raspberry Pi. However, I don't particularly want them all to be internet-connected all of the time, because (1) it's possible there is a slight security risk and (2) my IT folk at work might not like it. OK, I should also mention (3) I tried and failed to get NAT and dnsmasq
to work, and don't have time to finish debugging it.
My solution:
I SSH in to my "gateway" Pi (is it ok to call it a gateway even though it's resolutely failing to route any traffic? Never mind...), and from there I can connect to my hidden Pi(s), let's say for arguments sake it's called hiddenpi.local
.
Now, I can SSH back again, setting up a SOCKS proxy:
ssh -D 8123 -f -C -q -N [email protected]
This will ask for a password and then look like it quits - it's still running in the background, though. You can check it's working with:
curl --socks5-hostname localhost:8123 binfalse.de
You can then add the proxy to APT's settings to allow you to install stuff. Create a new config file with:
sudo bash -c "echo 'Acquire::http::Proxy "socks5h://localhost:8123/";' > /etc/apt/apt.conf.d/99socksproxy"
Or you can do it manually by first making a file:
sudo nano /etc/apt/apt.conf.d/99socksproxy
then entering the following line:
Acquire::http::Proxy "socks5h://localhost:8123/";
NB the socks5h
matters - without the h
it will fail on DNS resolution, unless you've done a better job than me of proxying that!
You can then install the tsocks
utility, which allows you to forward anything you like through the socks proxy:
sudo apt-get update
sudo apt-get install tsocks
Edit /etc/tsocks.conf
and make sure you specify at least the server type (5), server address (127.0.0.1), and port (8123).