Summersault
Home About Us Services Portfolio Community Support
Database Driven Websites
community home
local community
partner community
online community
blog


Archives: Categories: Authors:

 

Summersault Blog

« Welcome to the Summersault Weblog!
Solving layout issues created by <form> tags »

Automatic proxy configuration and SSH tunneling

Posted by Chris Hardie on February 19th, 2005

After not having much luck creating a reliable VPN connection from my home office to the Summersault office network, I was looking for a middle-ground solution that would at least let me access internal website addresses that are otherwise protected by our firewall (e.g. corporate intranet, system status monitoring pages, etc.).

I already knew how to create an SSH tunnel so that my web browser's requests could be directed through the tunnel:

ssh -l sumsault -L 8080:ourproxy:80 ourproxyhost.summersault.com

This redirects all local port 8080 traffic to port 80 on "ourproxyhost", which runs an Apache web server with mod_proxy enabled.

The last piece of glue was to find a way to avoid having to manually activate and deactivate the proxy every time I went home. It was only a few clicks in my browser's preferences, but it was always enough to be at least a psychological barrier to making efficient use of this method.

The solution is a very standard one that I just hadn't dabbled with yet: automatic proxy configuration. This is where you tell your browser to automatically configure its proxy settings based on the contents of a javascript-like proxy configuration file (typically named proxy.pac). Here's the contents of my proxy.pac file:

function FindProxyForURL(url, host)
{
        if (isInNet(myIpAddress, "12.161.105.128", "255.255.255.192")) {
                return "DIRECT";
        } else {
                if(shExpMatch(host, "intranet.summersault.com")) return "PROXY localhost:8080; DIRECT";
                return "DIRECT";
        }
}
 

This says "if my current IP address is in the Summersault office network IP block, don't use a proxy. If it's not in that block, I'm connecting remotely, and so for certain website addresses (in this case, our intranet website), try to use the proxy first, and then try to connect directly.

In my Firefox "Connection Settings" menu, I've selected "Automatic Proxy Configuration" and pointed it to "file:///Users/chris/Library/proxy.pac", which is just a file on my laptop. As long as my SSH tunnel is active, my browser will automatically use the proxy to connect to our intranet when I'm out of the office.

(It looks like there's a tool called autossh which will let me further automate the process by automatically re-establishing the tunnel when I need it. This is getting too easy.)

This entry was posted on Saturday, February 19th, 2005 at 2:31 pm and is filed under Internet / Networking. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Did you find this entry interesting or useful? Please tell us about it!

One Response to “Automatic proxy configuration and SSH tunneling”

  1. Mark Stosberg Says:
    February 19th, 2005 at 4:35 pm

    Another way to make this even easier is to add the tunnelling details to .ssh/config, where you can forget about them:

    Host shortname shortname.companyname.com
    Hostname shortname.companyname.com
    User myuser
    LocalForward 8000 webproxy:80

Leave a Reply

The opinions expressed by individuals posting in the Summersault Blog are not necessarily those of Summersault, LLC. While we try to insure the quality and accuracy of the information presented here, we make no guarantees about its suitability for any particular purpose.
email us info@summersault.com      call us 765.939.9301 Print This Page search go