How to set up that specific domains are tunneled to another server

ssh http ubuntu tunnel

I am working at an university as research assistant. Often I would like to connect from home to university resources over http or ssh, but they are blocked from outside access. Therefore, they have a front-end ssh server where we can ssh into and from there to other hosts. For http access they advise to set up an ssh tunnel like this 

ssh -L 1234:proxyserver.university.fi:8080 publicsshserver.university.fi

and put the proxy settings of your browser to point to port 1234

All nice and working, but I would not like to let all my other internet traffic go over this proxy server, and everytime I want to connect to the university I have to do this steps again.

What would I like:

  • Set up a ssh tunnel everytime I log in my computer. I have a certificate, so no passwords are needed
  • Have a way to redirect some wildcard-domains always through the ssh-server first. So that when I type intra.university.fi in my browser, transparently the request is going through the tunnel. Same when I want to ssh into another resource within the university

Is this possible? For the http part I think I maybe should set up my own local transparent proxy to have this easily done. How about the ssh part?


Solution 1:

This is really easy to do. I use it all the time to access the database behind our production webserver.

1) The first part was a question I asked a bit ago.

You can alias it in you ~/.bashrc.

Add that line

alias university_ssh="ssh -L 1234:proxyserver.university.fi:8080 publicsshserver.university.fi"

And reload the bashrc file with source ~/.bashrc

And now you only have to type university_ssh to ssh to your database server.

2) Next you need to edit your /etc/hosts file to add university.loc (.loc is a fake TLD) and have it point to localhost::1234. For example, my hosts file looks like this:

127.0.0.1       localhost
127.0.1.1       ubuntu-64-desktop
127.0.0.1       code2design.loc    localhost

and Now I can type code2design.loc to access my local version of code2design.com on my PC.

3) Last change your browser proxy back to nothing as you don't need it anymore. Since typing university.loc now is setup to use that tunnel.

Updated

I would try adding the port to the hosts file (127.0.0.1:port or localhost:port) and you could also change the .loc TLD to the real .fi TLD if you are worried about virtual hosts breaking.

So for you it might look like this:

127.0.0.1       localhost
127.0.1.1       ubuntu-64-desktop
127.0.0.1       university.fi    localhost:1234

Solution 2:

I use a Proxy Auto-Config (PAC) file for this. I'd paste mine here, but Wikipedia has a nice example file.

In your browser, point the "Use proxy auto-configuration from" to said file (maybe hosted on a shared web server). Works in pretty much every half-decent browser.

Note that you still need to set up your SSH tunnels, though. (Or use a ssh -D SOCKS proxy for certain hosts only, defined in your PAC – but SOCKS does not work in Opera.)

EDIT: Right, since there does not seem to be much interest from your side, I will expand my answer a bit. :-)

To automatically set up your SSH tunnel, sudo apt-get install autossh and put this in your crontab:

@reboot autossh -L 1234:proxyserver.university.fi:8080 publicsshserver.university.fi

Alternatively, you can put the ssh command in your ~/.bash_profile or ~/.bashrc.

Now, as for determining which domains to proxy and which to connect to directly, create a PAC like this:

function FindProxyForURL(url, host)
{
    var httpProxy = 'PROXY 127.0.0.1:1234';
    var noProxy = 'DIRECT';
    var default_ = noProxy;

    // Host matches that use the HTTP proxy.
    var httpProxyMatches = [
        'intranet.university.fi',
        'webmail.university.fi',
        '*yourwildcard*'
    ];
    // Check all host patterns and network masks.
    for (var i = 0; i < httpProxyMatches.length; i++) {
    if (shExpMatch(host, httpProxyMatches[i])) {
        alert('HTTP ' + httpProxy + ' match for host: ' + host + '; url: ' + url);
        return httpProxy;
    }
    alert('DEFAULT ' + default_ + ' for host: ' + host + '; url: ' + url);
    return default_;
}
alert('PAC loaded at ' + new Date() + '.');

Then, go to Firefox's advanced network settings and point it to that file. If succesful, you will see the "PAC loaded" message in your JavaScript console (Ctrl+Shift+J). If you are not using Firefox, remove the "alert" lines.

This is a pretty basic PAC, but it should help you on your way. Mine also looks at IP netmasks to determine internal/external services, etc.

Let us know how you are getting along.

Related

How does Google Chrome manage to freeze my entire PC?
Using IF and ISBLANK statement to determine a range of cells if any of them have information in them
Why does SSH hang at the end of these commands and how can I make it exit?
cron: run a process but only if it isnt running?
"Panic Password" on Linux
Keep menu bar even in full screen mode?
What is <x>.dll used for?
OpenVPN vs. SOCKS proxy
Empty recycling bin from command line
What are all the places where ClearType can be disabled?
Autonumbering a column in Excel
How is a subdomain passed to the webserver?