#!SUITS

This describes how to use an SSH tunnel to access web sites from the UCC (University Computing Centre) wireless network. This is what you want to read if you’re an SIT student and you want internet access from your laptop in Wentworth, etc.

Please read this page in it’s entirety. It’s very useful to understand how these techniques work.

Background

SIT means School of Information Technologies. This tutorial will only be useful if you’re an SIT student. UCC means University Computing Centre. They do lots of things, including supplying wireless networks for people to connect to throughout the university.

If you connect to a wireless network in a building like Wentworth, chances are it’s the UCC network. They supply a rather annoying (to me) VPN client which you’re supposed to use to access external sites through their wireless.

A proxy, for our purposes, means a computer that has greater network access than you, and can make requests on your behalf and return the result.

Procedure

The UCC wireless gives you limited connectivity without their VPN client. Thankfully this connectivity includes the ability to SSH to computers on the SIT network.

The SIT runs a web proxy, which requires an SIT username/password and allows access to web pages on the internet. The server is www-cache.it.usyd.edu.au and runs on port 8000. These are the settings you use when you’re directly connected to the SIT network, eg using a computer in the labs.

Note that your SIT internet quota is separate and in addition to your UCC quota. So if you’ve run out of your SIT web quota, you can still connect to the internet using VPN, and keep surfing the net with your UCC internet quota.

You cannot connect directly to the SIT web proxy from the wireless, and you cannot SSH directly to the SIT web proxy. However you can SSH to one of the congos, say congo1. SSH has a nice feature called TCP tunneling. Basically what it does is allow you to forward connections to a port on your computer (localhost) to a port on a remote computer, through an SSH connection. Here’s a diagram:

You connect to congo1 from your laptop.

[laptop]  <-ssh connection->  [congo1]

You want to use congo1 as a proxy to connect to the SIT web proxy. Nice eh?

         (forwarded connection
          piggybacks over SSH)
[laptop]  <-ssh connection->  [congo1]
                                | (forwarded connection)
             [www-cache.it.usyd.edu.au]

Details

Individual forwarding command:

ssh -L 1234:desthost:4321 userXYXY@proxyhost

To set this up, you run one command. See above for details on the options.
ssh -L 8000:www-cache.it.usyd.edu.au:8000 userXXXX@congo1.ug.it.usyd.edu.au
Now you have an SSH tunnel. Whenever you connect to localhost:8000 the connection will be forwarded through congo1 to www-cache.it.usyd.edu.au:8000

So you need to configure your web browser to use as the proxy: Host: localhost Port: 8000

This can be simplified by using the ssh config file (see see SUITS tutorial) instead of typing out this long command.

Host sitproxy
    HostName congo1.ug.it.usyd.edu.au
    User userXXXX
    LocalForward 8000 www-cache.it.usyd.edu.au:8000

Which can then be used via

$ ssh sitproxy


Jabber (Google Talk) Quick HOWTO

The SIT network allows unproxied outgoing connections on port 443 to all hosts. This port is usually used for HTTPS, that’s secure HTTP. Many Jabber servers (google talk, jabber.org.au) also listen on this port.

You can take advantage of this by proxying your Jabber connections from the UCC wireless through one of the congos. Run this command for google talk, or modify it as appropriate for your Jabber server.

ssh -L 5222:talk.google.com:443 userXXXX@congo1.ug.it.usyd.edu.au

Then go into your Jabber client and set it to connect to a specific host/port. Host: localhost Port: 5222

Postgrad Account

For those with a postgraduate account, you can connect through a postgraduate server, avoiding the proxy/download limit issues.