We use a lot of local only ADSL accounts, especially with our VOIP customers, because they are cheap and less likely to be abused for Internet access since the Internet is pretty useless when you can only connect to machines in South Africa.
A problem with these accounts however, is when you need to update a machine from a non-local mirror or need to fetch some package to a server. Its not so bad if you can quickly swap the account out for a non local one and do what needs to be done, but sometimes, especially when working remotely, you don't have access to the modem.
Access International sites with SSH and IPTables with Local-Only ADSL Accounts
Luckily this is easily solvable with Linux :) For this to work you will need access to an external proxy server in South Africa that can reach international sites. If all you want to do is access sites via a web browser or a command line tool like wget, you just need to set the proxy settings to the external proxy. You can do this on the command line with:
export http_proxy="xx.xx.xx.xx:3128"
After this running wget http://www.google.com - will result in the request being sent to the external proxy.
You can also just use SSH port forward to create a fake proxy port locally that you forward to the external proxy as follows:
ssh -N -f -L 3128:127.0.0.1:3128 root@xx.xx.xx.xx
You then specify the local machine with port 3128 as your proxy in your browser settings.
This works great, but lets say you have a web service running on the server with local only ADSL access and that web service needs to get information from an international site. I couldn't get apache to use the proxy set on the command line, try as I might. Whenever the script was run via the browser I just got connection errors as apache tried to bypass the proxy settings. So if there is a way that I don't know please be so kind as to tell me :) I had to come up with an alternative solution.
More Advanced Way To Access International Sites or Faux Transparent Proxy
My plan was essentially trick the server into thinking it had its own transparent proxy installed and use normal IPTables redirect to route traffic transparently.
To get it to work I had to do two things. First I created the fake proxy port as above. Next you have to redirect all traffic going out on port 80 to your faux proxy port on your local server. This is done with IPTables as follows:
iptables -t nat -A OUPTUT -p tcp --dport 80 -j REDIRECT --to-port 3128
This rule is pretty similar to the one you would use with any squid transparent proxy setup but we use the output table, instead of the prerouting table, as we want to direct local traffic to the faux proxy.
With these two simple steps all services running locally can access international sites via the external proxy. This won't work for 443/https though because of transparent proxy's inherenent problems with SSL.
Yes, the solutions needs you to have root access to an external proxy that has international bandwidth but it sure beats having to travel hundreds of kilometers to a client site to change ADSL account settings :) for a simple update.