Practitioner Level

Design a Container to Run a Proxy

Pricing
1.5 hours
  • 5 Learning Objectives

About this Hands-on Lab

For this lab, the aim is to design a container to run a proxy. We need to connect to the server, create our configuration there, and test it out from a client. We recommended opening two terminals for this lab, one for connecting to the server and one to the client. The client is a playground instance of our choice. Once that is set, we need to create a container with a CentOS 7 image on the server. Within the container, we must install and configure the open ssh server so that it cannot allow `root` login and allows only key-based authentication. After that, we must change it to run on the nonstandard port 61613. After that, we need to copy the public key generated on the client over to the container on the server. Next, we have to create a proxy tunnel from the client and run tests to see if the tunnel works properly. For testing this, we need Proxychains 4.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a Container from a CentOS 7 image and Access It
lxc launch images:centos/7/amd64 SOCKS5-Proxy
lxc exec SOCKS5-Proxy bash
Configure SSH to not Allow root Login and Only Allow Key-Based Authentication
adduser tunnel -m
passwd tunnel
yum install openssh-server vim
vim /etc/ssh/sshd_config
PermitRootLogin no
PubkeyAuthentication yes
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM yes
ESC
:wq
ENTER
su tunnel
mkdir /home/tunnel/.ssh
touch /home/tunnel/.ssh/authorized_keys
chmod 700 /home/tunnel/.ssh
chmod 600 /home/tunnel/.ssh/authorized_keys
On the Client, Generate a Key Pair and Copy the Public Key to /home/tunnel/.ssh/authorized_keys

Set the path to /home/cloud_user/.ssh/SOCKS5.

ssh-keygen
cat /home/cloud_user/.ssh/SOCKS5.pub

Copy the client public key to the server into authorized_keys

/home/tunnel/.ssh/authorized_keys
Configure SSH for Port 61613 and Expose the Container to the Outside World

If under a diffrent user in the container, just exit to root.

exit
vim /etc/ssh/sshd_config
Port 61613
ESC
:wq
ENTER
systemctl restart sshd 
exit

Create a redirect on the host server.

lxc list
lxc config device add SOCKS5-Proxy myport443 proxy listen=tcp:0.0.0.0:443 connect=tcp:Container_IP:61613
Run Tests to Confirm the Proxy Works on the Client (Refer to Lab Instructions for proxychains)
ssh tunnel@SERVER_IP -i /home/cloud_user/.ssh/SOCKS5 -p 443
exit
ssh -D 65535 -q -C -N -f tunnel@SERVER_IP  -i /home/cloud_user/.ssh/SOCKS5 -p 443
sudo apt install proxychains4 
vim /etc/proxychains.conf

Change the last line to:

socks5  127.0.0.1 65535
curl 'https://api.ipify.org?format=json'
proxychains4 curl 'https://api.ipify.org?format=json'
Contact SalesSee Pricing

Additional Resources

In this lab, we need to configure an LXC container to function as a SOCKSv5 Proxy that we will use from another host (e.g. a PC, a playground instance, or from wherever else).

For this lab, the best approach is to open two terminals, one for the lab server and the other for the client. The client can be your personal computer if you are using Linux or OS X, or you can create a playground Ubuntu 18.04 instance and connect to it to use it as a client

We recommend using the playground server to run a test on and the lab as proxychains are needed on the client to make it work. Later, you can use different clients such as your computer, phone, or something else!

Install proxychains4 on the Client.

On Debian-Based Systems

sudo apt install proxychains4

On CentOS

sudo yum install proxyxhains4

After all the objectives are completed, we can run tests from the client with the following commands:

proxychains4 curl 'https://api.ipify.org?format=json'
curl 'https://api.ipify.org?format=json'

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Don't have an account?

Get Started
Who’s going to be learning?
MyselfMy Organization