Access internal pages through SSH tunnels

From BNL Physics Computing

You can remotely access internal web pages in a transparent way using SSH tunnels and configuring your browser's proxy settings.

Contents 1 The tunnel 2 The proxy 3 Firefox users 3.1 Only use tunnel for bnl.gov pages 3.2 Proxy management 4 Credits

The tunnel

You will need to make a tunnel that forwards a local port (the first 3128 in the example) to the proxy port (second 3128) of BNL's web proxy. You do this with a command like:

ssh -L 3128:192.168.1.130:3128 USERNAME@gateway.phy.bnl.gov

The proxy

In your browser, set the proxy to

localhost:3128

Firefox users

Only use tunnel for bnl.gov pages

If you use Firefox or a Firefox derived broweser such as Debian's "iceweasle" (and if you aren't, why not?) then you can configure your proxy setting to only use the tunnel for bnl.gov addresses.

To do this, first copy these contents to a "wpad.dat" file on your local computer:

function FindProxyForURL(url, host)
{
  if (
      shExpMatch(host, "130.199.*") ||
      dnsDomainIs(host, ".bnl.gov")
     )
    return "PROXY localhost:3128";
  else
    return "DIRECT";
}

Then, enter Firefox's proxy (or "connection") settings dialog, select "Automatic proxy configuration URL:" and enter

 file:///path/to/where/you/saved/wpad.dat

This file tells Firefox to use the tunnel for just bnl.gov addresses.

With this in place, you should now be able to browse internal web pages.

Proxy management

You may also consider using Firefox add-ons such as the simple [SwitchProxy Tool] or the more feature-full [FoxyProxy] to switch between proxy setups or to assign certain proxy setups based on the pattern of the URL. In the latter case you don't need the above "wpad.dat" file.

Credits

Thanks to Matt Cowan and Martin Purscke to bringing this method to light.