SOCKS tutorial

From CT Wiki
Jump to: navigation, search

Some Nikhef and NWO webservices are available only from within the Nikhef network. This short tutorial explains how to access these services when you are not at Nikhef. The method we use for this is

  • Log in using SSH on the Nikhef login servers login.nikhef.nl or login2.nikhef.nl, using a special configuration option
  • Configure your web browser (Firefox) to use a so-called SOCKS server

Contents

Log in using PuTTY (Windows)

There are many SSH clients for Windows, but in this tutorial we use PuTTY to connect to the Nikhef Login server. PuTTY is free and runs on all versions of Windows.

Install PuTTY

The latest version of PuTTY can usually be found at http://the.earth.li/~sgtatham/putty/latest/x86/putty.zip

Download it and extract all files into a single directory. It is easiest if this directory is added to the Windows PATH. In this tutorial the files were extracted to C:\Utils

Configure PuTTY

  • Create a new login profile:
    • Host name: login.nikhef.nl (or login2.nikhef.nl)
    • Port: 22
  • Now go to the menu on the left-hand side, expand the option 'Connection' and then expand the option 'SSH' and click on 'Tunnels'. Fill in 1080 as the source port and click on the radio buttons Dynamic and Auto, then click Add:

PuTTY-add-socks-port.png

  • You should now see a port D1080 in the list of forwarded ports:

PuTTY-port-added.png

  • In the menu, scroll back up to Session, choose a name for the profile (e.g. 'Nikhef') and click Save:

PuTTY-save-config.png

  • Now click on Open to start your login session.

Configure your web browser

You can configure most web browsers to connect using a SOCKS proxy. However, browsers like Internet Explorer and Google Chrome rely on the "Internet connection' system settings to determine whether to use a SOCKS proxy or not. The downside of configuring a SOCKS proxy using the "Internet connection" control panel is that subsequently all HTTP and HTTPS network traffic will use this SOCKS proxy, including services like Windows Update. Firefox has its own SOCKS proxy setting configuration and is thus handier to use.

  • Start Firefox
  • Click on Tools->Preferences
  • Click on the Advanced tab
  • Click on the Network tab
  • Click on the Settings... button behind 'Configure how Firefox connects to the Internet'
  • Select Manual proxy configuration
  • Fill in as the SOCKS Host: 127.0.0.1 and Port: 1080
  • Choose a SOCKS v5 proxy
  • Enable Proxy DNS when using SOCKS v5

The configuration screen should look similar to this: Firefox54-connection-settings.png (Firefox 54 on Windows 7)

  • Click on OK to save the settings.

Test your connection

Go to a website such as http://www.whatismyip.com to check the IP address that your browser is using. If the SOCKS server is configured correctly, you should see something similar to

 Your IP Address Is: 2001:610:120:1001::185:143

or

 Your IP Address Is: 192.16.185.143

If you see an address that is not starting with 2001:610 or 192.16 then the SOCKS server is not configured correctly.

Otherwise, that's it! You can now access most Nikhef web services as if you were inside the Nikhef network. For example, you should now be able to access the NWO-I Labservant portal at https://labservant.extranet.amolf.nl/index.php/login/index

Log in for Linux/Mac OS users

Start a login session

  • Open a terminal windows
  • Use 'ssh' to login to Nikhef:
 ssh -D 1080  <user>@login.nikhef.nl

where <user> is your Nikhef user name.

Configure your web browser

You can configure most web browsers to connect using a SOCKS proxy. However, browsers like Safari and Google Chrome rely on the system settings to determine whether to use a SOCKS proxy or not. The downside of configuring a system-settings SOCKS proxy is that subsequently all HTTP and HTTPS network traffic will use this SOCKS proxy. Firefox has its own SOCKS proxy setting configuration and is thus handier to use.

  • Start Firefox
  • Click on Tools->Preferences
  • Click on the Advanced tab
  • Click on the Network tab
  • Click on the Settings... button behind 'Configure how Firefox connects to the Internet'
  • Select Manual proxy configuration
  • Fill in as the SOCKS Host: 127.0.0.1 and Port: 1080
  • Choose a SOCKS v5 proxy
  • Enable Remote DNS or Proxy DNS when using SOCKS v5

The configuration screen should look similar to this: Firefox52-Linux-connection-settings.png (Firefox 52 on Linux)

  • Click on OK to save the settings.

Test your connection

Go to a website such as http://www.whatismyip.com to check the IP address that your browser is using. If the SOCKS server is configured correctly, you should see something similar to

 Your IP Address Is: 2001:610:120:1001::185:143

or

 Your IP Address Is: 192.16.185.143

If you see an address that is not starting with 2001:610 or 192.16 then the SOCKS server is not configured correctly.

Otherwise, that's it! You can now access most Nikhef web services as if you were inside the Nikhef network. For example, you should now be able to access the NWO-I Labservant portal at https://labservant.extranet.amolf.nl/index.php/login/index

Views
Personal tools