SSH Tunnelling

How to pretend your browser is on an EECS network

When all else fails, you can make an SSH tunnel from your home computer (call it C for “client”) to a computer on the School network (call it W). The idea is that you ask application software on C to connect to a port on itself; SSH is listening for this connection and forwards it to W. W, in turn, forwards the request to the server that you’d really like to talk to (call it S).

On your Linux or MacOS X box or Cygwin on Windows (i.e., whatever the “client” computer that you’re sitting in front of), type the following ssh command in an xterm or Terminal window:

 ssh -NfL 9000:S:port W

[ If you’re using one of the other Windows SSH programs, you can set up the port forwarding in the settings GUI]

‘W’ will typically be frank.eecs.qmul.ac.uk (if you’re staff). ‘port’ will be the usual port for the service, e.g. 80 if it’s a web server you want to talk to. ‘S’ will be the server providing the service, e.g. tomcat-stu for the student Apache server, or qm-web.qmul.ac.uk for the College intranet.

Example

 ssh -NfL 9000:webprojects:80 frank.eecs.qmul.ac.uk

makes a tunnel from your client computer to webprojects, via bert, after which the URL

 http://127.0.0.1:9000/

entered into the web browser on your client computer will show you tomcat-stu’s web server.

Example: how to pretend your browser is on an EECS network

You can tunnel to a web proxy wwwcache.eecs.qmul.ac.uk to cause your web browser’s requests to appear to come from the School networks. This is useful for some sites, eg The Apple Store for the National Higher Education Agreement.

 ssh -NfL 3128:wwwcache:3128 frank.eecs.qmul.ac.uk

This makes a tunnel from localhost on port 3128 via bert to wwwcache.eecs.qmul.ac.uk:3128. Now all you need to do is point your browser’s proxy setting to localhost on port 3128, and you’ll be able to buy a MacBook for less.