Client –ssh only–> Jumpbox00 –ssh only–> Jumpbox01 —http only-> Internal network
Here is how to ssh to jumpbox01, and visit websites in internal networks from Client.
1) Ensure you have a private key that is trusted by both jumpbox00 and jumpbox01. For example, jb.pem under ~/.ssh/, then run the following command:
ssh-add ~/.ssh/jb.pem
2) Add the following two lines in ~/.ssh/config
Host jumpbox01
ForwardAgent yes
3) For convenience, create a command or alias. For example, I created a command /usr/local/bin/double_jump
ssh -i ~/.ssh/jb.pem -A -t jchen@jumpbox00 -L 12345:localhost:12345 ssh -A -t jchen@jumpbox01 -D 12345
4) Make the above command executable
sudo chmod a+x /usr/local/bin/double_jump
Now run double_jump, it will open a ssh session to jumpbox01. Set socks proxy in your browser to localhost:12345, it allows client to visit the websites in the internal network.