When outside our company firewall, I use a script to tunnel via SSH and expose our internal wiki to my OSX machine. Is there a command to temporarily tell OSX to resolve to my local port when the tunnel is set up?
The sequence I'm hoping to use is:
- open the tunnel
ssh -f external-proxy.example -L 8001:internal-wiki.example:8000 -N [DO SOMETHING HERE]
typing the URL internal-wiki.example:8000 in my browser causes it to transparently view localhost:8001
Other details:
- I could edit /etc/hosts but that would be a persistent change. I want to use this only when outside
- We're not using SSL or certs.
I have a solution for you, wrap your ssh command into a bash script:
Explaining:
/etc/hosts/etc/hostswith the transient entryMy apologies if this is not sufficient for an answer, I don't have enough rep to comment here.
I think /etc/hosts is possibly the best option. I don't know what your teardown process is, but you could add removing the
/etc/hostsentry as part of it.Also I think the port change won't work with a
/etc/hostssolution. Can you maplocalhost:8000tointernal-wiki.example:8000?Then you could add something like
127.0.1.1 internal-wiki.exampleto/etc/hostsand remove the line when you stop the tunnel like so:sed -i '' '/127.0.1.1 internal-wiki.example/d'(be sure to test that before running live of course).This should allow you to use
http(s)://internal-wiki.example:8000in your browser.It's not a perfect solution, but anything better (such as port mapping) I think would require an http proxy running locally.
For what it's worth, adding and removing host entries is how Parallels makes VMs addressable by hostname. This is added to my
/etc/hostswhile myxu17VM is running:172.20.10.112 xu17.shared xu17 #prl_hostonly sharedOf course running an nginx proxy would handle this nicely, but it might be a bit more setup than you're looking for?
A simpler option with netcat might work depending on the web application.
Then when you close the tunnel, you can kill the
ncprocess and delete/tmp/proxy.pipeCreate temporary hosts entry:
Remove temporary hosts entry (and return persistent hosts file):
or reboot or shutdown.
Run a load balancing web server on your Mac balancing between the localhost forwarding and the real address of the wiki configured to prefer the localhost forwarding address.
When the ssh connection is down the load balancer will notice and direct your connections to the regular wiki address.
Configure your web browser to proxy connections for the wiki via the load balancer.
Somewhat of a sledgehammer to crack a nut though.
Name services (DNS, ldap, /etc/hosts) do not "resolve ports" they resolve hostnames. This statement is not entirely true but a proper explanation at this point is irrelevant and time consuming.
Since OSX uses a BSD kernel, I guess it may also "borrow" a lot of other code from there. The files ns resolver defaults to reading from /etc/hosts but this can be overridden on Linux and BSD by setting the HOSTALIASES environment variable (in the shell you start the browser from) but this only works if there is no '.' in the name. If you can use urls without a . in the name this will solve your problem.
Alternatively, you could run a script to configure port redirection to reroute packets addressed to xxx.xxx.xxx.xxx:8000 to 127.0.0.1:8001 and conversely on incoming packets. But this is rather a kludgy solution.
Alternatively you could install squid and use a custom url redirector to rewrite the requests (also possible if you start using https -but tricky).
A much cleaner option would be to run a proper tunnelled connection across the ssh. I believe this is not supported by osx out of the box but there are openvpn compliant add ons for osx
If it were me I would just set up scripts to swap around the hosts file, keeping all the traffic on one port and making sure that the default config is swapped in at boot time and when the ssh connection ends.