Setting up Windows XP to browse web pages over an ssh tunnel

The purpose of doing this is to be able to access certain web pages as if from another machine, e.g. to view certain departmental (or cam) only web pages. Other pages which are required to be fetched by a cambridge IP address (e.g. some journals) can be fetched via the university - accessed over the ssh tunnel.

In order to browse web pages over an ssh tunnel you need to configure putty (or another ssh client e.g. the cygwin version of openssh) and configure the web browser. Here is a simple description assuming the use of putty

The description of the web browser setup is for Mozilla since that supports multiple Profiles which makes switching between the various configuration settings easy. In theory this should work with any web browser which supports:

Microsoft's Internet Explorer supports these, but switching proxy settings each time you want to access web pages via tunnels is somewhat tedious. Installing Mozilla (if only to read those web pages which need to be accessed over the tunnel), is probably quicker (and you may even prefer it!)

Putty Setup

Here we set up a Putty session to have 2 tunnels:

Select to the Tunnels section on the left hand frame. In the right hand frame enter parameters for adding a new forwarded port:
    ensure that Dynamic is checked
    Source port: 9870
    Destination: leave blank

then hit the Add button

tun -D9870
 
It should show the new tunnel information in the Forwarded ports section.

Select Session at the top of the left hand frame.

tunnels added
 
Enter the Host name (the full name of a computer), ensure that the SSH protocol is checked.

Enter a session name into the Saved Sessions box and click on Save. It should now show up in the list of sessions below.

To launch the session hit Open.

After creating a suitable session as above you can later just select the session, hit Load and Open to avoid having to enter the parameters each time.

Or you can run putty or plink on the command line with options like:

  plink -ssh -2 -D9870 \
      login-name@host.damtp.cam.ac.uk
or just load up a saved session by specifying the session name on the command-line.
save session
 
Is this image worth having? logged in
 

Configure Mozilla

This was tested with Mozilla 1.5 but also works with 1.6 and probably many earlier versions too. It should also be similar in Firefox etc.

Firstly to avoid the tunnel being used for all normal browsing you can create a new Profile. To do this select Switch Profile from the Tools menu.

Each profile has seperate preferences which can be set up independently, and also defaults to having a different set of bookmarks (favourites), so the pages you need to access over the tunnels can be easily accessed.

profile menu
 
Click on the Manage Profiles button.

Click on the Create Profile button. This will bring up a dialoge, click Next then enter a unique name for the new profile, and click Finish.

profile menu
 
Once the profile exists select the name in the list on the right, and click Use Profile.

Any changes you make to the preferences etc, will only affect the profile in use at the time. Once you have configured the browser to have a suitable tunnel profile you can select it from the Switch profile dialogue or by using command-line options (or make it the default).

menu
 
Go to the edit/preferences menu menu
 
In the Catagory pane on the left select (and expand if required) Advanced, then select Proxies. In the pane on the right check Automatic proxy configuration, and enter the relevant URL in the box.

For *.cam.ac.uk to be fetched via the ssh server and the rest fetched directly by the browser (which will be faster and not involve sending the pages over the tunnel).

  http://www.damtp.cam.ac.uk/conf/proxyCAMtun.pac 

For all pages to be fetched via the ssh server (e.g. for access to some journals etc).

  http://www.damtp.cam.ac.uk/conf/proxyALLtun.pac 

These may not be the eventual URLs to use; I've not yet settled on what the right names should be...

Hit the Reload button then the OK button.

proxy settings

For Linux and MacOSX users the Mozilla settings will probably look slightly different but should behave the same. All recent Linux distributions and MacOSX ship with openssh which can be used to set up the tunnels. Use the standard openssh command with the options:

  ssh -2 -D9870 login-name@host.damtp.cam.ac.uk

MacOSX users who want to use IE or Safari can't use a proxy auto config script since Apple don't support such things in their proxy settings (at least not in MacOSX 10.1, 10.2 or 10.3 up to 10.3.3 -- apparently they added proxyconfig support quite recently, but I've not updated this page properly yet.).

If you have problems with these instructions please contact...