Port Forwarding
Preliminaries
In order to access our database from outside the LAN, you need to have an account on our outward facing server. Speak with an ASS or the Technocrats to see about getting one.
You will also need to have an SSH or VPN client installed on your computer. By default, Ubuntu comes with OpenSSH, and NetworkManager supports VPN connections.
A word of warning: Routing your web traffic through a proxy means that the sites you visit, and the unencrypted information you send will generally be logged on the proxy server. Additionally, things you send from the proxy server can be traced back to the proxy server. This means, in particular, that you should absolutely not do anything illegal while routing through our network, including torrenting copyrighted materials among other things.
Note: Segments of code will look like this:
$> su - #> echo FOO FOO #>
Where the '$>' indicates a standard user prompt, '#>' indicates a super user prompt, and lines without a prompt indicate messages to the standard output.
SSH
Connecting to the Server
Open a terminal and enter the following:
$> ssh -vND 5678 USER@foyer.freegeek.org
Where 'USER' is your Free Geek account name. You should be prompted for your password. After successfully authenticating, you should see a lot of output that looks something like this:
debug1: Local connections to LOCALHOST:5678 forwarded to remote address socks:0 debug1: Local forwarding listening on ::1 port 5678. debug1: channel 0: new [port listener] debug1: Local forwarding listening on 127.0.0.1 port 5678. debug1: channel 1: new [port listener] debug1: Requesting no-more-sessions@openssh.com debug1: Entering interactive session.
This window will print information regarding your SSH connection. Make sure to leave this terminal open while moving on to the next section!
Configuring your Browser
Now we need to configure our web browser to route its traffic through the SSH connection. The location of the configuration option to do this depends on your browser, but the concept remains the same.
Firefox
- Select Edit >> Preferences from the menu bar.
- In the preferences windows, select the Advanced tab, then the Network tab underneath that, and finally the Settings button.
- Now choose Manual Proxy Configuration, and enter the following:
SOCKS Host: localhost Port: 5678
- Make sure SOCKS v5 is selected underneath that. Now click OK, and close the preferences window. You should now be able to access the FGDB. Try putting 'data' into your address bar.
Note: Firefox appears to, by default, avoid resolving remote DNS requests (to wit: entering http://data/
in the address bar results in an unwanted Google search). To fix this, follow these steps:
- Enter
about:config
in the address bar. - You should see a scary screen threatening "This might void your warranty!" (Warranty? I hardly knew thee!) Click the button labelled "I'll be careful, I promise!"
- In the Search bar, search for
remote_dns
. You should see something like:
network.proxy.socks_remote_dns default boolean false
- Double click the above listing so that the Value column shows true
- You should now be able to visit internal sites as if you were connected to the LAN!
Chromium (Google Chrome)
- Click the Wrench icon and select Preferences.
- Select Under the Hood, and then Change Proxy Settings.
- Now choose Manual Proxy Configuration, and enter the following:
SOCKS Host: localhost Port: 5678
- Now click Close and close the preferences tab. You should now be able to access the FGDB. Try putting 'data' into your address bar.
Closing the Tunnel
- When you're ready to close the tunnel, return to the Proxy Configuration window, and select No proxy or Direct Internet Connection, depending on your browser.
- Pull up the terminal window with the SSH connection, and either close the terminal, or enter Ctrl+C to close the connection.
Making Shortcuts
You can do this in either an elegant, enlightened way (command-line) or a brutish, uncultured way (GUI).
CLI
Enter the following into a terminal:
$> cat >> ~/.bash_aliases alias fg-tunnel='ssh -vND 5678 $USER@foyer.freegeek.org' alias fg-browser='chromium-browser --proxy-server="socks://localhost:5678"' ^d
Where ^d means Ctrl+D. If you're exceptionally lazy, you could also do this:
$> cat >> ~/.bash_aliases alias fg-lazy='fg-tunnel && fg-browser' ^d
Firefox doesn't directly allow proxy configurations from the command-line (booo). Instead, you can create different profiles for each proxy setting, and use the following command to switch between profiles when running Firefox (per StackOverflow):
firefox -no-remote -P <profilename>
GUI
- Right-click your desktop, and select Create Launcher...
- Under Type, choose Application in Terminal.
- Under Name, enter something like FG-SSH or FG-TUNNEL.
- Under Command, enter ssh -vND 5678 $USER@foyer.freegeek.org
- Click OK, and create another launcher.
- Under Type, choose Application.
- Under Name, enter something like FG-chromium or Proxy,
- Under Command, enter chromium-browser --proxy-server="socks://localhost:5678"
Now you can indulge in your barbaric clicky-ness to your heart's content.
VPN
To be written...