random($foo)

Secure Connections

One of my goals this year was to get myself secure (network-wise) for SXSW w/o having to using the corporate firewall. This is useful for a number of reasons:

  • Less brittle connections
  • No worries about connections while the firewall is down - this is an issue w/ auto-connecting applications like Adium/iChat
  • The ability to participate in Rendezvous/other local networks while being secure

So, it turns out that on OS X, this is trivial.

SSH comes built w/ a built in SOCKS server. Just SSH as so:

ssh -D 1080 user@example.com

And then set up your SOCKS Proxy to localhost:1080 in System Preferences -> Network Preferences -> Airport -> Proxies.

Go into each application (Safari, Adium, and iChat all support using the System SOCKS proxy setting. w/ Firefox you just enter localhost:1080 again) and you're all set. (I have my email, IMAP/SMTP using SSL/TLS already, otherwise you'd want to look into proxying that as well. That, you can also just use a straight SSH tunnel)

You can use manually SSH to create the connection, or if you're lazy like me, you can use the SSH Tunnel Manager for one-click action (you have your authorized keys set up (alternate guide) already, right?

To double check that everything's hunk-dory, cut off ssh and watch all your connections fail. Or run netstat in your terminal and make sure all your connections are localhost.socks (except your SSH ones of course).

UPDATE: For extra style points, make these changes in a new Network "Location" called SOCKS - then you can switch SOCKS on by going to Apple Menu -> Location -> SOCKS and back to Automatic to turn it off.

2005-03-12 02:18:48