Re: US Proxy ?
- From: Ian Goddard <goddai01@xxxxxxxxxxxxx>
- Date: Mon, 29 Nov 2010 15:29:00 +0000
Ian Goddard wrote:
Ian Goddard wrote:John Prentice wrote:On 28/11/2010 22:46, Ian Goddard wrote:John Prentice wrote:How to run a remote browser session using ssh
I think most people wanting to access Google books by a proxy want to
download PDFs. Using a browser on an Amazon VM as described will
download the file to that machine. That will require that the file to be
transfered to the local machine. Clearly copying with scp or ftp will do
that. A neater solution would be to remote mount a drive with ssh. It
seems likely that that can be done with Linux (I'll take a look at that
in the next few days if I get time) and maybe Mac. But would it be
possible for the benighted Windows users?
Good points. Perhaps a proxy would be a better route after all. If I have some spare time this week, I'll experiment with a setup. The main risk is that the proxy is used by others too - some kind of IP address restrictions might be wise.
I've just browsed through all the entries in Synaptic for proxy. It looks as if tinyproxy might do the trick.
So far so good.
ssh from laptop through to a local server (both Ubuntu Hardy) and run
apt-get install tinyproxy
This installs & is autostarted. Check the config file and discover it listens on port 8888.
On laptop configure firefox to connect via proxy local server , port 8888.
Close firefox & reopen it. Home page, Google, is displayed but is it going through the proxy?
Shutdown firefox and give local server the shutdown command via ssh. When server closes the ssh session from laptop start firefox again and see an error message that the proxy is refusing connections. So we know the connection is definitely going through the proxy but what is the proxy presenting to the web server as the source address?
Restart firefox and enter laptop's name as the URL (laptop is running lighttpd). Firefox connects to laptop's webserver and displays a page. Close firefox and check the webserver access log.
The IP address shown as the source of the request is the servers's although the client name given is the laptop's.
Now to investigate access control on the tinyproxy side.
OK. Before doing anything else go through the proxy again and Google for pdf. Look through the results for a pdf file and click on it. It displays. Go back to the list and right click to download the file. It downloads. So we know we can use the proxy to view & download PDFs as well as browse.
Now close firefox and go back to the tinyproxy.conf file and locate the lines starting Allow
Leave the line which allows localhost (Allow 127.0.0.1) but comment out (i.e. insert a # at the start) the next line which in my case is Allow 192.168.1.0/25 and add a new Allow line with the laptop's IP address on it. Bounce tinyproxy, i.e.
Restart firefox on the laptop. It connects but are all other IP addresses being blocked? We want them to be because otherwise anyone who portscans the proxy while we're using it would also be able to use it.
Go to another local client box, set up the firefox proxy as before and restart. Again there's an error message that the proxy is not allowing connections. This looks OK but maybe I misconfigured the proxy setting on firefox.
Edit the config file again adding an Allow line for the second client and bounce tinyproxy again. Retry firefox on the second client. It works.
Note all the editing of configuration files and bouncing of tinyproxy would have to be done as root or under sudo.
So the process seems to be fairly simple.
apt-get install tinyproxy
edit the file /etc/tinyproxy/tinyproxy.conf and comment out whatever Allow line is there except for Allow 127.0.0.1. Actually you could probably comment out that line as well as all it does is allow you to access the proxy from the machine that it's running on. Add an Allow line for your client's IP address.
Set up the browser of your choice to use the proxy server on port 8888 and off you go with your own private proxy server.
I was doing this locally so I used the LAN IP address of the client for the Allow line but if you're connecting over the internet to a remote server the IP address of your client will be that allocated by your ISP. This is much easier if you have been allocated a static IP address, otherwise you have to determine your IP address each time and re-edit the file with the correct address. You can, however, find the address from which you connected in /var/log/auth.log which you'll either have to view as root or via sudo.
The Hotmail address is my spam-bin. Real mail address is iang
at austonley org uk
- Two important notes.
- From: Ian Goddard
- Two important notes.
- Prev by Date: Re: US Proxy ?
- Next by Date: God Mode on Windows 7
- Previous by thread: Re: US Proxy ?
- Next by thread: Two important notes.