How to set up that specific domains are tunneled to another server

ubuntu ssh http tunnel

10,572

Solution 1

This is really easy to do. I use it all the time to access the database behind our production webserver.

1) The first part was a question I asked a bit ago.

You can alias it in you ~/.bashrc.

Add that line
alias university_ssh="ssh -L 1234:proxyserver.university.fi:8080 publicsshserver.university.fi" 
And reload the bashrc file with source ~/.bashrc

And now you only have to type university_ssh to ssh to your database server.

2) Next you need to edit your /etc/hosts file to add university.loc (.loc is a fake TLD) and have it point to localhost::1234. For example, my hosts file looks like this:

127.0.0.1       localhost
127.0.1.1       ubuntu-64-desktop
127.0.0.1       code2design.loc    localhost

and Now I can type code2design.loc to access my local version of code2design.com on my PC.

3) Last change your browser proxy back to nothing as you don't need it anymore. Since typing university.loc now is setup to use that tunnel.

Updated

I would try adding the port to the hosts file (127.0.0.1:port or localhost:port) and you could also change the .loc TLD to the real .fi TLD if you are worried about virtual hosts breaking.

So for you it might look like this:

127.0.0.1       localhost
127.0.1.1       ubuntu-64-desktop
127.0.0.1       university.fi    localhost:1234

Solution 2

I use a Proxy Auto-Config (PAC) file for this. I'd paste mine here, but Wikipedia has a nice example file.

In your browser, point the "Use proxy auto-configuration from" to said file (maybe hosted on a shared web server). Works in pretty much every half-decent browser.

Note that you still need to set up your SSH tunnels, though. (Or use a ssh -D SOCKS proxy for certain hosts only, defined in your PAC – but SOCKS does not work in Opera.)

EDIT: Right, since there does not seem to be much interest from your side, I will expand my answer a bit. :-)

To automatically set up your SSH tunnel, sudo apt-get install autossh and put this in your crontab:

@reboot autossh -L 1234:proxyserver.university.fi:8080 publicsshserver.university.fi

Alternatively, you can put the ssh command in your ~/.bash_profile or ~/.bashrc.

Now, as for determining which domains to proxy and which to connect to directly, create a PAC like this:

function FindProxyForURL(url, host)
{
    var httpProxy = 'PROXY 127.0.0.1:1234';
    var noProxy = 'DIRECT';
    var default_ = noProxy;

    // Host matches that use the HTTP proxy.
    var httpProxyMatches = [
        'intranet.university.fi',
        'webmail.university.fi',
        '*yourwildcard*'
    ];
    // Check all host patterns and network masks.
    for (var i = 0; i < httpProxyMatches.length; i++) {
    if (shExpMatch(host, httpProxyMatches[i])) {
        alert('HTTP ' + httpProxy + ' match for host: ' + host + '; url: ' + url);
        return httpProxy;
    }
    alert('DEFAULT ' + default_ + ' for host: ' + host + '; url: ' + url);
    return default_;
}
alert('PAC loaded at ' + new Date() + '.');

Then, go to Firefox's advanced network settings and point it to that file. If succesful, you will see the "PAC loaded" message in your JavaScript console (Ctrl+Shift+J). If you are not using Firefox, remove the "alert" lines.

This is a pretty basic PAC, but it should help you on your way. Mine also looks at IP netmasks to determine internal/external services, etc.

Let us know how you are getting along.

Solution 3

Disclaimer: haven't tested this, just an idea.

Perhaps you could force the private domains to use the 'proxy' by simply editing the host configuration on your local system. If you manually point all the domains to localhost, and had the tunnel established, wouldn't:

http://privateaccess.tld:1234

Send a request to:

localhost:1234

Which is really a port forward to the internal network proxy server. The request should still be for the same domain, so the proxy server should respond correctly.

Or so it seems to me. Again, just an idea.

Solution 4

FoxyProxy (http://foxyproxy.mozdev.org/) solves the automatic proxy selection problem. It's designed for exactly this purpose, but is, of course, specific to firefox.

View more solutions

10,572

Maksim Kondratyuk

Currently working as Doctoral Student in the Speech Group of the Department of Signal Processing and Acoustics of the Aalto Univerity School of Electrical Engineering (formerly TKK / Helsinki University of Technology) in Helsinki, Finland.

Updated on September 17, 2022

Comments

Maksim Kondratyuk over 1 year
I am working at an university as research assistant. Often I would like to connect from home to university resources over http or ssh, but they are blocked from outside access. Therefore, they have a front-end ssh server where we can ssh into and from there to other hosts. For http access they advise to set up an ssh tunnel like this
```
ssh -L 1234:proxyserver.university.fi:8080 publicsshserver.university.fi
```
and put the proxy settings of your browser to point to port 1234

All nice and working, but I would not like to let all my other internet traffic go over this proxy server, and everytime I want to connect to the university I have to do this steps again.

What would I like:
- Set up a ssh tunnel everytime I log in my computer. I have a certificate, so no passwords are needed
- Have a way to redirect some wildcard-domains always through the ssh-server first. So that when I type intra.university.fi in my browser, transparently the request is going through the tunnel. Same when I want to ssh into another resource within the university
Is this possible? For the http part I think I maybe should set up my own local transparent proxy to have this easily done. How about the ssh part?
Maksim Kondratyuk about 14 years

How can I "add domains"? In my browser settings? Opera only supports exclude patterns. How about the ssh connections. How can I set there to use the sox proxy?
Maksim Kondratyuk about 14 years

Yeah this would work, but it is not easy and pretty. And how about ssh? Would it go through?
moneyt about 14 years

You're sshing through the ssh tunnel?
moneyt about 14 years

As for easy, it really doesn't seem that hard, you list the internal domains in your hosts file, and you open an ssh tunnel.
Jimmy Hedman about 14 years

I haven't used Opera so I can't really tell. You could perhaps use tsock for that too. Use "tsocks ssh <sitethatneedtheproxy>" to ssh to sitethatneedstheproxy via your socks proxy.
Maksim Kondratyuk about 14 years

Yeah, I ssh through a tunnel. The host I want to ssh to is not available from the internet, but is available from the "DMZ"-host
janmoesen about 14 years

Opera still does not support SOCKS proxies, I'm afraid. Ran into this issue earlier this week. It does support PAC, though. See my answer. :-)
Maksim Kondratyuk about 14 years

I'm sorry, but I can not install anything at the university server (and they don't want VPN)
Maksim Kondratyuk about 14 years

Where exactly are you pointing things to port 1234? I don't see that in the example in step 2
Maksim Kondratyuk about 14 years

This answer is not perfect yet, but still I accept it as it is the best and the deadline is in an hour. Can you still answer my question above here?
janmoesen about 14 years

This answer requires you to always connect to port 1234, which means an awful lot of typing/changing URLs. Also, if you use the .loc TLD instead of whatever the real TLD was, name-based virtual hosts will stop working. I am curious as to why you did not respond to my PAC suggestion below, as it only requires you to add the URLs in one place (the PAC file).
Deepanker about 14 years

updated question
janmoesen about 14 years

What does the port thing in the hosts file do?
Deepanker about 14 years

It should route all requests to university.fi to localhost:1234 - though I might be mistaken.
janmoesen about 14 years

You are. Gravely. From man hosts: IP_address canonical_hostname [aliases...]. IMO, this is not an adequate solution.
Mathias Bynens about 13 years

Note that multiple hosts for the same IP address can just be placed on one line, so your example could be rewritten as 127.0.0.1 localhost ubuntu-64-desktop university.fi.