6

I have SSH access to a jump box on my work. This jump box gives access to the complete network infrastructure at work. This is great to work from home.

I am able to run a SOCKS5 proxy on the jump box (via ssh -D) and successfully managed to configure my browser to use that SOCKS5 proxy for work hosts (via https://getfoxyproxy.org). Foxyproxy seems to forward DNS requests to that SOCKS5 proxy, so all is working fine.

My problem is that other tools, such as Maven (for building Java), is able to use a SOCKS5 proxy, but unable to forward DNS over it, unfortunately. This is a known limitation, as far as I know. So I ended up adding my work servers to /etc/hosts.

I am looking for a more dynamic and definite solution, to remove the burden of having to maintain /etc/hosts. In essence, I would like to keep using my ISPs DNS server as of now, but I want to forward DNS requests for my work servers (and only for them) to that jump box (either via SSH or that SOCKS5 proxy).

Is that possible?

Pritzl
  • 305

2 Answers2

6

Partial answer:

You can't selectively forward DNS requests for specific hosts in general (like Foxyproxy can handle specific requests for specific hosts or paths).

The only thing you can do is to run a DNS proxy somewhere that would answer requests for specific hosts itself, or forward requests following specific patterns to specific servers.

One popular DNS proxy is dnsmasq. You can configure it to forward DNS requests to different servers based on a pattern.

So you'd have to run dnsmasq on your local machine, use it for DNS resolution on your local machine, and configure it to use both your ISP's DNS server and the jump host DNS server as upstream DNS servers. That will require a bit of fiddling to get the configuration right, in particular to make it pickup both a dynamically given DNS your server (from your ISP) and a statically given one.

dirkt
  • 17,461
1

That's exactly what sshuttle is made for

Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.

piec
  • 655
  • 5
  • 7