Firefox proxy
From BNL Physics Computing
Once you have a tunnel to the internal BNL HTTP proxy configured, you need to configure Firefox to use the tunnel. There are a number of different way you can do this and several will be discussed.
Contents |
Simplest Method - Emulating the Behavior of a VPN
The simplest way to use the ssh tunnel to the internal proxy is to send all web traffic through it. To set this up, open the "Preferences" (Mac or Linux) or "Options..." (Windows) GUI from Firefox and select the "Network" tab on the "Advanced" page. On the "Network" tab, select the "Settings..." button and something like the following should appear:
You should select the "Manual proxy configuration:" radio button, put "localhost" in the "HTTP Proxy:" box and the port selected for the tunnel (3128) in the "Port:" box. Check the box for "Use this proxy server for all protocols." You should clear out the "No Proxy for:" box and all requests will go through the tunnel to the BNL proxy. You can use this proxy setting anywhere (on-site, on Corus or off-site) without changing any setting, you just have to remember to start the tunnel before trying to access the web.
Location Dependent Method
Modifying the proxy setting depending on where you are can be more efficient, but it requires changing the Firefox preference settings in addition to knowing when to start the ssh tunnel. For a discussion of using a "Proxy auto-config" or PAC file to have your browser automatically select the proper proxy settings, see the "Semi-automatic and automatic BNL internal HTTP proxy tunnel" discussion.
Outside BNL
You can use the BNL proxy for everything, but, if you are outside of BNL, it can be more efficient to only send .bnl.gov addresses through the tunnel. The Firefox proxy interface was not designed for this type of usage so you will have to list all domains that you want to directly access or use a PAC file (see above). So you could put ".com, .edu, .net" etc. in the "No proxy for:" box and Firefox would go directly to the Internet for these domains. You would have to remove these entries from the "No proxy for:" box when you go onto the Corus network.
Corus Network
Since all web traffic except that to BNL servers with conduits has to go through a proxy on Corus, and since you can only have a single proxy within Firefox, you need to send everything through the tunnel on the Corus, if you do not use a PAC file (see above).
Inside BNL
Inside BNL you can select the "Auto-detect proxy settings for this network" option and bnl.gov traffic will go directly to the servers and all other traffic will go through the BNL proxy.
Using a Proxy Manager
A better solution would be to use a proxy manager such as the FoxyProxy addon to Firefox. This method requires configuring multiple proxies within the proxy manager and then selecting the appropriate one or ones for your location. The proxy managers have a simpler method of switching proxies than going into the preferences menu, and they can be configured to work with PAC files to further control the proxy on an address by address basis.
