One thing which I tend to fight against on a daily basis is my company firewall. This specific firewall wants to inspect every single file over 10MiB which often break TCP connections. Since i run gentoo/arch/whatever on my research machines this quickly turns into alot of pain.
The easiest way I’ve found to solve this is through the use of ‘openssh’ and a little script ‘tsocks’.
OpenSSH comes with a SOCKS proxy implementation which you can start as a normal user using the ‘-D’ parameter.
usr@lcl:~> ssh -TxnND 12345 -C usr@rmt
This opens a quiet session to remote host ‘rmt’ and initiates a local proxy on port 12345. This session is a non interactive session and can be further extended with ‘nohup’ to keep the proxy running even after the shell terminates. This will look like:
usr@lcl:~> nohup ssh -TxnND 12345 -C usr@rmt
You could even extend this with generated keys and put the command directly in the background but this is insecure.
‘tsocks’ on the other hand is a program wich intercepts socket system calls with the use of LD_PRELOAD and routes the traffic through a proxy. LD_PRELOAD is an honored environment variable in any POSIX complaint system. A sample config for tsocks looks like the following:
server = 127.0.0.1 server_type = 5 server_port = 12345
It is important to note that all of this is done on the client machine ‘lcl’ and that the only thing you need is an external ssh account. This config tells tsocks to connect through a SOCKS 5 proxy running at localhost 12345.
Anyhow, it is now possible to connect through the proxy via:
usr@lcl:~> tsocks emerge --sync
Or any socket reliant command line program, the only limitation being that you need to stay in the same process space.
As a last tip I also use this in conjunction with a firefox plugin called ‘foxyproxy’. If you don’t run firefox then the same feature can be set up with a little shell scripting and a pac file.
Happy SOCKSing!
