Proxy access to the intranet from the outside: two methods of SSH tunneling through corporate firewalls

Penetrating the underlying logic of fire protection: how proxy IPs work with SSH

Enterprise firewalls often restrict outbound requests on specific ports, but it is more common to open the SSH port (22) for remote management. Taking advantage of this feature, we can use theproxy IPCreate encrypted tunnels to disguise other protocol traffic as SSH communications. This solution maintains compliance with network activities while enabling access to specific business systems.

Method 1: Local port forwarding in practice

Scenario: need to access the intranet database from outside (assuming running at 192.168.1.100:3306)

Operational Steps:
1. Obtain the address of a high stash proxy server (e.g. 45.76.123.88:30001) via ipipgo.
2. Local execution of orders:
ssh -L local port:destination address:destination port proxy username@proxy IP
Example: ssh -L 3307:192.168.1.100:3306 user@45.76.123.88 -p 30001
3. When the local database tool connects to 127.0.0.1:3307, the traffic will be forwarded to the intranet database through a proxy server

Method 2: Dynamic port forwarding scheme

Scenario: need to access multiple services on different ports on the intranet

Operational Steps:
1. Selection of ipipgo proxy nodes that support the SOCKS5 protocol
2. Local execution of orders:
ssh -D local listening port proxy username@proxy IP
Example: ssh -D 1080 user@45.76.123.88 -p 30001
3. Configure the browser/application proxy setting to SOCKS5://127.0.0.1:1080
4. All traffic is forwarded through the SSH tunnel via a proxy server

Frequently Asked Questions

Q: Why is the access slow after connection?
A：建议更换ipipgo代理节点的地理位置，选择低于150ms的节点。动态转发建议使用住宅代理而非数据中心代理。

Q: How do I ensure connection stability?
A: The long-time static residential IP provided by ipipgo, together with the TCPKeepAlive parameter setting of SSH, can maintain a non-stop connection for more than 8 hours.

Q: What if I need to use both methods?
A: This can be realized by opening multiple SSH sessions. It is recommended to use different proxy nodes for different forwarding methods to avoid single point of failure.

Points for choosing agency services

The key to successful SSH tunneling implementation lies in three features of the proxy service:
1. protocol integrity：ipipgo支持SSH/SOCKS5多协议栈
2. IP purity: Residential IPs are not easily fire-marked as risky nodes
3. port diversity: Provide non-standard port access capability (e.g., 30001-30050)

By rationalizing ipipgo'sStatic Residential IPtogether withDynamic IP rotationIt can meet the long-term stable operation and maintenance requirements, as well as cope with special scenarios that require frequent changes of export IP. The node resources covering 240 countries are especially suitable for the distributed network architecture of multinational enterprises.