In the past month, I've been working at the Federal Public Service of Health, Food Chain Safety and Environment. I was told to do some input work and fix some bugs in the application I had written for them the year before. Since I would have to work there for quite some time, I decided to set up a few applications on my trusty USB key, including a development environment, Firefox, and an instant messenger.
I tried to log in on my jabber account, but, as could be expected, I couldn't log in because of the very restrictive local firewall and proxy policy. Doing some research on the net, I came across several solutions to this problem, most of which didn't work or weren't flexible enough, others required to much overhead setup. The most interesting and powerful approach I found was to set up an SSH tunnel, but this required me to run SSH on port 443 (default HTTPS), and use software to tunnel it through the proxy. I'm no good at configuring stuff and most of these things are hard to come by on a vanilla corporate Windows system, often requiring Cygwin to be installed on the machine. So I went on and did the more interesting thing to do: I made a ruby script to tunnel my data.
The idea is very similar to what an SSH tunnel does, it transfers you data to a point outside the network, where it is demultiplexed and sent to the actual endpoint of you communication.
A single ProxyBash client can of course tunnel multiple connections, and a ProxyBash server will accept as many as the operating system can take.
You have to set up your software to connect to the local computer, of course, as indicated in the image.
Several people told me they didn't really understand what I was saying in the above paragraph, so here is the stripped down explanation for all you normal people, by my friend Nick:
ProxyBash wraps up the data from, say, IRC.
Shoots it to your home PC via your works proxy server on port 443.
Then your home pc unwraps it and sends it on it's merry way to the
real server.
If you have any trouble getting the script to work, please feel free to contact me.
The script itself is actually quite simple. It loads it's config from a YAML-file, listens for incoming connections from the local computer on the the ports you supply in the config, and forwards the connections to a computer outside the protected network. It can also optionally tunnel all this through a HTTPS proxy. And all this in a tiny 157 line file, using only the standard library. You have to love ruby.
For security, I've added a simple login system which requires a password to be sent on a line by itself before doing anything else, because I figured some of you might use my server to tunnel illegal activity, and I don't like jails, the food is lousy.
The files can be found on my github. It includes two launcher scripts, which will start either the server (run at home or on a server outside the network) or the client (run on the computer at work or at school).
This code is provided under the MIT license, as usual.
Happy IRCing.