Do it with pkgsrc

Hello, I'm a humble netBSD user, and I like to discover new packages to do more and more things with my computer. Here I'll post how I do things with pkgsrc. Feel free to make suggestions and comments about it.


Bypass your company firewall/proxy with...

net/corkscrew: Tool for tunneling SSH through HTTP proxies
net/tsocks: Transparent SOCKS proxying library
www/tinyproxy: Lightweight HTTP/SSL proxy

Most company restrict the internet access by forcing users to use an HTTP proxy. If that access isn't enough for you to endure the pain of a whole day of (pseudo) work, if you want to be able to browse any website, to listen to any streaming radio, to connect to your favorite poker online site or anything else, know that there IS a solution.

1) Host an openSSH server on your home computer, and make it listen on the port 443

If you're office computer is running windows

2) You should also install an HTTP proxy on your home computer, because you won't be able to use openssh and thus to benefit of the socks proxy feature (-D), tinyproxy is easy to configure and works very well.

pkgmanager install www/tinyproxy
cp /usr/pkg/share/examples/rc.d/tinyproxy /etc/rc.d/
echo 'tinyproxy=YES' >> /etc/rc.conf
cp /usr/pkg/share/examples/tinyproxy/tinyproxy.conf.default /usr/pkg/etc/tinyproxy/tinyproxy.conf
vi /usr/pkg/etc/tinyproxy/tinyproxy.conf

Edit the tinyproxy.conf file, make sure you find the following lines

Port 8888
ConnectPort 443

That way, your http proxy will listen only on localhost, on the port 8888, and will allow you to browse https sites.

3) You'll have to use putty. Go in the Connection/Proxy section and give the HTTP proxy details here. Go in the Connection/SSH/Tunnels section and use port forwarding to redirect local port 8888 to localhost:8888 (on the remote host, your home computer). You can redirect any port you need, for example, if you want to play Go on KGS, redirect local port 2379 to and tell your Go client (cgoban) to connect to localhost:2379.

You should also go in the Connection section and tell putty to send null packets every 10 seconds, to keep the connection alive. Once this is done, go in the Session section, enter the hostname of your home computer, port 443, SSH, and save the session for later use, then try to connect.

4) Once you are logged on your server, you may check that port redirection is OK. Launch cmd.exe and make netstat -an to check that you're listening on the port 8888. Launch your web browser and tell him to use an http proxy on localhost:8888, and you should be able to browse any web site, enjoy.

If your office computer is running an unix-like, let's say NetBSD ;)

2) Install corkscrew. It allows you to use ssh through an HTTP proxy.

pkgmanager install net/corkscrew

3) Write a file that you will name auth_proxy for example, and which should contain your credentials to connect on the HTTP proxy, if needed.

echo 'login:pass' >> ~/.ssh/auth_proxy

4) Write a file that you will name config_out for example ( is the address of the proxy I have to use)

echo 'ProxyCommand /usr/pkg/bin/corkscrew 80 %h %p ~/.ssh/auth_proxy' >> ~/.ssh/config_out

5) Add an alias in your .bashrc

alias ssh_out='ssh -F ~/.ssh/config_out'

6) If you're not always on the same network, then create as many auth_proxy files, config_out files, and alias that you need.

7) Now just connect to your home computer with the -D option.

ssh_out -D 8080 -p 443

You now have a SOCKS4/5 proxy listening on your port 8080.

8) What you want is to redirect all your TCP resquests to this socks proxy. For that purpose, you'll use tsocks. It's a great tool.

pkgmanager install net/tsocks
echo 'local =' >> /usr/pkg/etc/tsocks.conf
echo 'server =' >>
echo 'server_port = 8080' >>
/usr/pkg/etc/tsocks.conf is my local network, use yours.

9) To activate tsocks, you have to export the LD_PRELOAD variable

export LD_PRELOAD=/usr/pkg/lib/

Then, every application you will run through this shell will use the proxy, which means that everything will go through the ssh tunnel right to your home computer wich will redirect all that stuff to the right directions. Everything will be as if you were at home.

Be aware that suid binaries or binaries launched through sudo won't use tsocks, so consider logging into your root account to use them.


Post a Comment

<< Home