John Bokma MexIT
freelance Perl programmer

Subversion proxy: fixed IP address with proxychains

Thursday, July 9, 2009 | 0 comments

Today I found a solution for a problem I had: connecting via the fixed IP address of my virtual private server to a server running subversion thanks to an article written by Oliver Gorwits: Teleworking - A simple solution for secure remote access to IP-restricted services for teleworkers.

The solution he describes uses proxychains. While it's possible to configure a proxy in a configuration file that's read by the subversion client, I prefer the solution Oliver describes, also because it can work with any network application.

Setting up dynamic port forwarding

I used the following command to forward port 1080, which is the port the Internet Assigned Numbers Authority (IANA) has reserved for SOCKS proxy, to start a SOCKS 5 proxy:

ssh -fND 1080 -p port

Note: since I don't run ssh on the default port (22), I use the -p switch to specify the port number ssh should use to connect to my VPS.

A short explanation of the ssh switches I used:

run in the background
do not execute remote command
D [bind_address:]port
specify a local "dynamic" application-level port forwarding using the (optionally) given address and port.
p port
port to connect to on the remote host

Note: the above command must be running in order to use proxychains. So if you get disconnected, or restart the computer you have to execute the command again.

Installing proxychains

A quick sudo apt-cache search proxychains told me that proxychains was available via the Ubuntu 8.10 repositories. So the only thing I had to do to install proxychains on my development machine was:

sudo apt-get install proxychains

Configuring proxychains

After I had installed proxychains I created a proxychains configuration file per Oliver's description. First I had to create the .proychains directory which I did as follows:

mkdir ~/.proxychains

Then I copied the following into a file which I saved as proxychains.conf into the directory I just had created:

chain_len = 1
tcp_read_time_out 15000
tcp_connect_time_out 10000
socks5 1080

If you run the proxy on the same port as I do, there is no need to change this file.

Using proxychains

Using proxychains is as simple as putting proxychains in front of the command. So, for example to check out using svn:

proxychains svn co

The server at will see the IP address of my VPS instead of the cable modem I use to connect to the Internet. Since the IP address of the VPS is static for practical purposes; it might change in the future but this will be rare, the IP address can be added to the firewall of the subversion server.

As I wrote at the beginning, you can use proxychains with any other program that connects to the Internet. For example, I closed Firefox and then reopened Firefox using:

proxychains firefox

Which resulted in reporting the IP address of the proxy I used: reporting the proxy when running Firefox reporting the proxy when running Firefox

Note that I didn't change any settings in Mozilla Firefox itself, which is the big advantage of using proxychains in my opinion.


Also today

Please post a comment | read 0 comments | RSS feed