Thursday, November 18, 2010

Ssh dynamic port(SOCKS) - firefox with different profiles

I have a data center network that is accessible only from a host - everything that is
behind it has to go trough it - this is usually what it happens to access  data centers and different solution being a site to site vpn (or road warrior - basically from your laptop to a firewall or access server).

I do deployments onto the servers that are behind this bastion host and I need to access the web applications ... how to do it ?!

Use openssh with a dynamic tunnel or putty (I use openssh) !

How to do it:

This is the diagram

/ web01 port 9000
me ---- internet ---- bastion_host --- web02 port 9001
                                     \ web03 port 9002
me$ ssh -v -D 8080 bastion_host

This has created a SOCKS proxy on my machine port 8080. If you don't know what is a SOCKS proxy - read on it

Configure firefox to use a SOCKS proxy. Go to Edit -> Preferences -> Advanced -> Network -> Settings

Now you would like to use the browser to read as well your gmail or just surf the web -  so you need two different profiles

- one that uses the SOCKS proxy
- one for general use

To do so start firefox like this:

firefox -ProfileManager -no-remote

-no-remote is to start a separate process for firefox(which is not default)
-ProfileManager is to choose your profile - you can create a new one and from there take off the SOCKS proxy to use it for web surfing.

Now when you are into the profile with SOCKS proxy type in

http://web01:9000 and you have a direct connection !

Fire up a new firefox and choose the no proxy profile and just use it.