Random Musings About Software

On occasion you may find yourself developing a site for a client who during the development phase will limit access to the site to a certain set of IP Addresses. This can be a real pain to deal with if your local IP is always changing.

To deal with this I always get the client to grant access to the damagestudios.net IP address (which is fixed and located in a cage in Santa Clara)

I then create a secure ssh tunnel and configure either Firefox or Camino to use the damagestudios.net site as a proxy.

Here’s what you need to accomplish this:

• openSSH client (OS X has this built in)
• access to an openSSH server
• 10 minutes

First you need to create the tunnel. We need to know the name or IP address of the server you will be tunneling to, as well as your login name and password on that server.

For the example I'm using my information, you'll need to replace the username and servername with your information

Now fire up terminal or iTerm and enter the following into your terminal window.

ssh -D 8080 -f -C -q -N fusion94@damagestudios.net

You will then be prompted for your password, which you should enter. Your ssh tunnel is now in place.

Here's a quick overview of what those switches mean:

-D 8080: This basically does a lot of dynamic stuff and makes it behave as a SOCKS server. Of course you could use any non privileged port here (above 1023).
-f: This will fork the process into the background after you type your password.
-C: Turns on compression.
-q: Quiet mode. Since this is just a tunnel we can make it quiet.
-N: Tells it no commands will be sent. (the -f will complain if we don’t specify this).

So now that the tunnel is made we will need to configure Firefox or Camino to use this tunnel.

To do this open Firefox or Camino and type the following into the address bar:

about:config

This will bring up quite a bit of options but you can use the Filter: bar to filter out some of the results. To do this type in proxy into the filter bar.

There are 6 line items we need to deal with.

• network.proxy.no_proxies_on : localhost, 127.0.0.1, 192.168.0.0/24, .damagestudios.net
• network.proxy.socks : 127.0.0.1
• network.proxy.socks_port : 8080
• network.proxy.socks.remote_dns : true
• network.proxy.socks_version : 5
• network.proxy.type : 1

For the example I'm using my information, you'll need to replace the .damagestudios.net with your information

Once you made these changes you are set. You can confirm that you are serving from the fixed IP address by going to What is my IP.

If you ever need to verify that the tunnel is up all you need to do is enter this into the terminal.

ps -aux | grep ssh

You should see a line similar to this:
fusion94 499 0.0 -0.1 29424 2576 ?? Ss 8:31AM 0:03.01 ssh -D 8080 -f -C -q -N damagestudios.net

There’s a lot more that can be done from here such as configuring things on the server for keeping the connection alive. You could also setup your server to allow a key based login so you could have your tunnel open when you start up your computer.

Regardless that's a blog posting for another day.

Formal announcement tomorrow on the Drupal website but it looks as though Drupal 6 is frozen as of today.

It looks as though it's time to fix bugs and QA the hell out of it.

If you haven't started testing your modules against the 6.x code base then go grab a copy of the development snapshot of Drupal 6 and help us test.

Disclaimer/Warning

This is not stable, and production sites should not run this code.