Proxy Tunnel
Please be aware that you have to configure your web browser to use the proxy tunnel as below. Just setting up the tunnel does not improve security at all. To test whether you do, simply try to access a web page that is only accessible from within your university or company, for example in DCU:
- MT Server 1
(should show a Fedore Core test page) - Maia OpenSuSE Mirror (should show a directory listing)
Setting up a direct tunnel if you can reach a server that allows it
The following Putty dialog and ssh command show how you set up a tunnel if you have access to a server within you organisation that allows port forwarding. Note that vinson.computing.dcu.ie does NOT allow this, i.e. the example will NOT work with vinson.
Windows Putty / WinSCP
Linux
ssh -L 8080:proxy1.dcu.ie:8080 vinson.computing.dcu.ie
Setting up a reverse tunnel
This works even if the server in your organisation does not allow port forwarding.
However, you need a machine outside your organisation that does allow ssh to open a port for listening. In the simplest case, it can be your laptop / PC at home running Linux.
In the example below, this machine is pc12345.your-isp.com. If you don't know your address, the output of the command 'who' on vinson may help. If the tunnel ends at a third machine
(pc12345.your-isp.com is not your local computer), you have to set 'GatewayPorts' to 'yes' in '/etc/ssh/sshd_config'.
- ssh or putty to your organisation as usual, for example to vinson in DCU.
- ssh -R 8080:proxy1.dcu.ie:8080 pc12345.your-isp.com
- start 'top' to prevent the ssh connecting to break down during a long period of inactivity.
Setting Your Webbrowser to Use the Tunnel
Internet Explorer: Tools (menu) - Internet Options (menu entry) - Connections (tab) - LAN Settings... (button) - Use a proxy server (checkbox) - Address: localhost - Port 8080
Firefox: Edit (menu) - Preferences (menu entry) - Advanced (category bar) - Network (tab) - Settings... (button) - Manual proxy configuration: localhost Port 8080
Note that some versions have the preferences dialog in the tools menu.
If you set up a reverse tunnel ending at some other machine (not your local computer), replace localhost with the address of that machine.
Funded by
