access wikipedia (walk through the great firewall of China)
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Dec 7 22:54:10 PST 2006
??? wrote:
> Hello. My office use this method to access wikipedia behind the great
> firewall of China:
>
> 1) we have a server in europ, let's call it server;
> 2) I run this command on my desktop:
> $ ssh -L 80:en.wikipedia.org:80 server;
> 3) everybody in the office edit /etc/hosts, add this line:
> [my_ip_addr] en.wikipedia.org
>
> So my computer become a 'proxy'.
>
> The trouble is I have to keep the ssh running there. The 'proxy' will
> not automatically set up next time I reboot my computer.
>
> Is it possible to install some software to run as a daemon and do this
> proxy?
>
> I think of stunnel, but I have too few knowledge to know if stunnel can
> do this.
There are two general possibilities here:
a) A Web cache/proxy -- squid is the canonical example, but you can
do this sort of stuff in apache very readily. I think apache
would be a good place for you to start, as most sysadmins have
at least a passing acquaintance with its configuration.
You'ld need set up a proxy on your European server to redirect
any web traffic to en.wikipedia.org -- your users would use the
service exactly as they do at the moment, but they'd put the
IP of the European server into their hosts file, rather than
your desktop. If that is a problem, then you can chain together
a series of proxies starting with your desktop machine, then
the European server -- but performance may be a tad slow.
b) IPsec or other VPN tunnel between your server in Europe and a
local firewall -- preferably your local firewall should be on
the egress path from your LAN. Then you can arrange routing
so that packets to destinations in Europe pass through the
tunnel and use your European server as the gateway to the
internet. In this case, there shouldn't be any need for your
users to have to spoof the address of en.wikipedia.org in
their hosts files. IPSec comes standard with FreeBSD, but
you'ld probably want to combine it with pf(4) or other firewall
software which you can use to control redirecting appropriate
packets through your tunnel. If IPSec is too mind-mangling
for you, OpenVPN (in ports) is a pretty good alternative.
You'll almost definitely want to configure a NAT gateway on
the European server.
Either of these solutions will run automatically on system startup, if
so configured. Option (a) will send your web traffic across the net
in clear-text unless you can chain two proxies together and get creative
about using HTTPS. Or you can combine both approaches: use a local HTTP
proxy with a VPN tunnel to your European server.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061208/7a482d23/signature.pgp
More information about the freebsd-questions
mailing list