Difference between revisions of "Port Forwarding"

From FreekiWiki
Jump to navigation Jump to search
(→‎Firefox: Added instructions for enabling Remote DNS querying)
Line 31: Line 31:
 
Now we need to configure our web browser to route its traffic through the SSH connection.  The location of the configuration option to do this depends on your browser, but the concept remains the same.
 
Now we need to configure our web browser to route its traffic through the SSH connection.  The location of the configuration option to do this depends on your browser, but the concept remains the same.
 
===Firefox===
 
===Firefox===
# Select '''Edit >> Preferences''' from the menu bar.
+
* Select '''Edit >> Preferences''' from the menu bar.
# In the preferences windows, select the '''Advanced''' tab, then the '''Network''' tab underneath that, and finally the '''Settings''' button.
+
* In the preferences windows, select the '''Advanced''' tab, then the '''Network''' tab underneath that, and finally the '''Settings''' button.
# Now choose '''Manual Proxy Configuration''', and enter the following:
+
* Now choose '''Manual Proxy Configuration''', and enter the following:
 
  '''SOCKS Host''': localhost    '''Port''': 5678
 
  '''SOCKS Host''': localhost    '''Port''': 5678
# Make sure '''SOCKS v5''' is selected underneath that.  Now click '''OK''', and close the preferences window.  You should now be able to access the FGDB.  Try putting 'data' into your address bar.
+
* Make sure '''SOCKS v5''' is selected underneath that.  Now click '''OK''', and close the preferences window.  You should now be able to access the FGDB.  Try putting 'data' into your address bar.
 +
 
 +
 
 +
'''Note''': Firefox appears to, by default, avoid resolving remote DNS requests (to wit:  entering <code>http://data/</code> in the address bar results in an unwanted Google search).  To fix this, follow these steps:
 +
* Enter <code>about:config</code> in the address bar.
 +
* You should see a scary screen threatening ''"This might void your warranty!"'' (Warranty?  I hardly knew thee!)  Click the button labelled ''"I'll be careful, I promise!"''
 +
* In the ''Search'' bar, search for <code>remote_dns</code>.  You should see something like:
 +
    network.proxy.socks_remote_dns                      default    boolean  false
 +
* Double click the above listing so that the ''Value'' column shows '''true'''
 +
* You should know be able to visit internal sites as if you were connected to the LAN!
 +
 
 
===Chromium (Google Chrome)===
 
===Chromium (Google Chrome)===
 
# Click the '''Wrench''' icon and select '''Preferences'''.
 
# Click the '''Wrench''' icon and select '''Preferences'''.

Revision as of 20:27, 19 February 2013

Preliminaries

In order to access our database from outside the LAN, you need to have an account on our outward facing server. Speak with an ASS or the Technocrats to see about getting one.

You will also need to have an SSH or VPN client installed on your computer. By default, Ubuntu comes with OpenSSH, and NetworkManager supports VPN connections.

A word of warning: Routing your web traffic through a proxy means that the sites you visit, and the unencrypted information you send will generally be logged on the proxy server. Additionally, things you send from the proxy server can be traced back to the proxy server. This means, in particular, that you should absolutely not do anything illegal while routing through our network, including torrenting copyrighted materials among other things.

Note: Segments of code will look like this: 

$> su -
#> echo FOO
FOO
#>

Where the '$>' indicates a standard user prompt, '#>' indicates a super user prompt, and lines without a prompt indicate messages to the standard output.

SSH

Connecting to the Server

Open a terminal and enter the following: 

$> ssh -vND 5678 USER@foyer.freegeek.org

Where 'USER' is your Free Geek account name. You should be prompted for your password. After successfully authenticating, you should see a lot of output that looks something like this: 

debug1: Local connections to LOCALHOST:5678 forwarded to remote address socks:0
debug1: Local forwarding listening on ::1 port 5678.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 5678.
debug1: channel 1: new [port listener]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.

This window will print information regarding your SSH connection. Make sure to leave this terminal open while moving on to the next section!

Configuring your Browser

Now we need to configure our web browser to route its traffic through the SSH connection. The location of the configuration option to do this depends on your browser, but the concept remains the same.

Firefox

  • Select Edit >> Preferences from the menu bar.
  • In the preferences windows, select the Advanced tab, then the Network tab underneath that, and finally the Settings button.
  • Now choose Manual Proxy Configuration, and enter the following:
SOCKS Host: localhost    Port: 5678
  • Make sure SOCKS v5 is selected underneath that. Now click OK, and close the preferences window. You should now be able to access the FGDB. Try putting 'data' into your address bar.


Note: Firefox appears to, by default, avoid resolving remote DNS requests (to wit: entering http://data/ in the address bar results in an unwanted Google search). To fix this, follow these steps:

  • Enter about:config in the address bar.
  • You should see a scary screen threatening "This might void your warranty!" (Warranty? I hardly knew thee!) Click the button labelled "I'll be careful, I promise!"
  • In the Search bar, search for remote_dns. You should see something like:
   network.proxy.socks_remote_dns                      default    boolean   false
  • Double click the above listing so that the Value column shows true
  • You should know be able to visit internal sites as if you were connected to the LAN!

Chromium (Google Chrome)

  1. Click the Wrench icon and select Preferences.
  2. Select Under the Hood, and then Change Proxy Settings.
  3. Now choose Manual Proxy Configuration, and enter the following:
SOCKS Host: localhost    Port: 5678
  1. Now click Close and close the preferences tab. You should now be able to access the FGDB. Try putting 'data' into your address bar.

Closing the Tunnel

  • When you're ready to close the tunnel, return to the Proxy Configuration window, and select No proxy or Direct Internet Connection, depending on your browser.
  • Pull up the terminal window with the SSH connection, and either close the terminal, or enter Ctrl+C to close the connection.

Making Shortcuts

You can do this in either an elegant, enlightened way (command-line) or a brutish, uncultured way (GUI).

CLI

Enter the following into a terminal: 

$> cat >> ~/.bash_aliases
alias fg-tunnel='ssh -vND 5678 $USER@foyer.freegeek.org'
alias fg-browser='chromium-browser --proxy-server="socks://localhost:5678"'
^d

Where ^d means Ctrl+D. If you're exceptionally lazy, you could also do this: 

$> cat >> ~/.bash_aliases
alias fg-lazy='fg-tunnel && fg-browser'
^d

Firefox doesn't directly allow proxy configurations from the command-line (booo). Instead, you can create different profiles for each proxy setting, and use the following command to switch between profiles when running Firefox (per StackOverflow): 

firefox -no-remote -P <profilename>

GUI

  1. Right-click your desktop, and select Create Launcher...
    • Under Type, choose Application in Terminal.
    • Under Name, enter something like FG-SSH or FG-TUNNEL.
    • Under Command, enter ssh -vND 5678 $USER@foyer.freegeek.org
  2. Click OK, and create another launcher.
    • Under Type, choose Application.
    • Under Name, enter something like FG-chromium or Proxy,
    • Under Command, enter chromium-browser --proxy-server="socks://localhost:5678"

Now you can indulge in your barbaric clicky-ness to your heart's content.

VPN

To be written...

Retrieved from "http://wiki.freegeek.org/index.php?title=Port_Forwarding&oldid=66301"