[Techtalk] access to intranet over ssh?

Caroline Johnston johnston at biochemistry.ucl.ac.uk
Sun Oct 24 11:17:44 EST 2004


Thanks Almut. That's exactly what I wanted to do. I can get at all my cgi
scripts and all of the other internal pages and all the journals I have
access to from work but not from home. Lovely.

Just to check I haven't done something stupid that'll cause IT guys at 
work to hunt me down and hurl scathing comments in my general direction, 
could someone have a look at the following description of how I set this 
up and see if there're any glaring problems?

On workbox behind the firewall, installed new apache in my home directory.  

Made an httpd.conf file which contained:

ServerRoot "/home/bsm/johnston/apache2proxy"
Listen 8008
User nobody
Group nobody
ProxyRequests On
ServerName bsmlx17.biochem.ucl.ac.uk:8008

Is this config safe? I read that it's important to be careful with forward 
proxies cos people can use them to hide their own IP addresses, but I 
figured it didn't matter in this case cos you can't get at the proxy from 
outside anyway. Is this rubbish?

ran apachectl start

On my home machine, used putty for ssh:
In session window host=bsmcha1.biochem.ucl.ac.uk port=22 protocol=SSH
In tunnels Source port = 8008 Destination=bsmlx17:8008
Hit Add
Save the session
Hit open
login to bsmcha1

In firefox Tools > Options > General > Connection Settings...
check "manual proxy configuration"
http proxy=localhost ;port=8008
hit ok

And according to www.whatsmyip.org my requests are coming from bsmlx17.

All sound ok?

Thanks again,


More information about the Techtalk mailing list