Use SSH tunneling to make your web browser think it is at Fermilab

by Troy Dawson last modified 2009-08-27 12:14

Problem: You are away from Fermilab, but need to access some web pages that are only accessible when you are at Fermilab.

Solution 1: ssh into a machine at fermilab and open up a browser on the machine at fermilab.
Problem with Solution 1: Unless your network connection is very good, this is very slow. The whole image of the web browser has to be sent over the network.

Solution 2: Setup VPN and use a VPN tunnel.
Problem with Solution 2: At the time of this writing, there are some problems with compiling the VPN client on linux. We do know that Fermi networking is currently working on a newer implementation of their VPN that should work better across all platforms. But for right now, VPN on Linux has some problems.

Solution 3: Use ssh to create a tunnel that your web browser can use as a proxy.
Problem with Solution 3: None. This only works with programs that can do proxy's, such as web browsers. But since that is exactly what we are trying to use, so this actually isn't a problem.

How to make your web browser think it is at Fermilab

  1. ssh -D (port) (user)@(machine)
    Example: ssh -D 9999
  2. In your web browser, you need to setup your proxy to point to "localhost", your port (for our example our port is 9999), and that you are using SOCKS5
    This will work for whatever browser you have, but for our example we are doing firefox 3.0.
    1. Bring up your preferences
      Menu Item: "Edit" Selection: "Preferences"
    2. Click on the "Advanced" icon
    3. Click on the "Network" tab
    4. Click on the "Settings" button
    5. Click on the "Manual Proxy Settings" checkbox
    6. On the line "SOCKS Host" fill in "localhost"
      And then for the "Port" section of that line put in the port you are using
      For our example, our Port is 9999
    7. If "SOCKS5" isn't checked, click on the "SOCKS5" checkbox
    8. Click on the "OK" button

Note1: Port 9999 is just an arbitrary port, it is nothing special. You just have to make sure that whatever you have in your "ssh -D" is what you put in your SOCKS Port.

Note2: To stop being on Fermilabs network, just change "Manual Proxy Settings" to "No Proxy"

Note 3: This works on Linux and Mac's

