Friday 12 December 2014

Accessing IIITB (IIT Bombay) network from outside of the campus

I tried various methods for accessing IITB network from outside the campus which are discussed in different forums (http://bit.ly/1IG4xxO) however none of the methods worked satisfactorily for me. I needed a solution which solved my following two problems:
  1. Enables me to access internal website like asc.iitb.ac.in
  2. Enables me to access research papers from sites such as http://ieeexplore.ieee.org as we all are well aware how crucial the access to these papers is.
My initial effort was greatly simplified by this post http://home.iitb.ac.in/~manishg/Stuff/sshtunnel.pdf , big thanks to the author.
The way I get access to the network is by using reverse SSH .

System configuration:
  • Ubuntu 14.10
  • Browser: Firefox

In brief, you create a reverse SSH connection from my mars account to my home pc (every student is given a mars account, this account can also be accessed from outside the campus), and then use this SSH connection as a socks proxy to access IITB's internal network.
One problem you might stumble upon while browsing websites over this proxy is that for accessing websites external to IITB network, say for eg. google.com we are required to sign-in to internet.iitb.ac.in however for some strange reason (which I didn't care to investigate) this website wasn't opening in my browser, so a script to login to IITB network which I had created earlier came in handy.


Detailed steps:

  1. Setup SSH on your home PC. You may be required to do port-forwarding if your PC is behind a NAT. In my case I had to do port-forwarding twice since there were two devices separating my home PC from internet (one was my internet modem and the other was WiFi router which was connected to this modem. My PC was connected to the router over WiFi) .
  2. Login to your mars account (if you are not a current student IITB also provides one such server called alumni although I have only tried this method on mars server). The following are the steps required for it.

    A. ssh secure@login.iitb.ac.in -p 5022
    B. enter extvoxacc as password when asked for
    C. select mars server when prompted with menu
    D. Enter your login credentials (these need not be same as your LDAP credentials)
    E. By now you must be logged into mars server
  3. Get public IP address of you home computer (myipaddress.com). Let us call it IP_home.
  4. From your mars account shell (which was obtained in step 2) setup reverse ssh to your home pc using the following command
    ssh -R 8080:localhost:22 user_name_home@IP_home

    Where user_name_home is your username in your home PC, and IP_home was obtained in step 3. This sets up a reverse ssh connection in such a way that whenever on your home PC you connect to port 8080 using ssh it will connect you to your mars account.
  5. On your home PC ssh to this Reverse-ssh connection using the following command

    ssh -D 9988 user_name_mars@localhost -p 8080

    Where user_name_mars is the username of your mars server account.
    -D switch creates a local socks proxy listening on port 9988. Now you only have to configure Firefox to use this proxy.
  6. Configure Firefox to use the socks proxy running on port 9988.
    In 'connection settings' (Edit->Preferences->Advanced->Network->Settings) select manual proxy configuration. Enter 127.0.0.1 in 'SOCKS Host' and 9988 in 'Port'. Select 'Remote DNS'. A screenshot of the connection settings dialogue box on my machine is shown below.
  1. [Optional] The last and the final step is to login to internet.iitb.ac.in . This step is only required if you want to visit external sites like google.com or ieee.org via the proxy just created. In the mars shell obtained in step 2 type the following command

    curl -v -X POST https://internet.iitb.ac.in/index.php --data-urlencode "uname=<LDAP_ID>" --data-urlencode "passwd=<LDAP_PASSWORD>" --data-urlencode "button=Login"

    Replace <LDAP_ID> and <LDAP_PASSWORD> with your LDAP credentials.

    [Update] Later I tried accessing internet.iitb.ac.in directly from my browser, thus the above script in not required. Use it only if you are not able to access that page.

I have written this post in haste, so if there are any typos/errors/omissions do report.
Good luck!

Further Reading: