Well, I’m here at Reading University and one of the joys of living here in halls is using the wonderful internet connection, shared with many other download-happy students.
As well as the speed being quite variable, there’s also a greater security risk, especially when transmitting passwords over normal, unencrypted HTTP connections. To solve that problem, I SSH into my server, still sitting back at home and tunnel HTTP traffic through the SSH connection.
This creates a SOCKS proxy server on my local machine and I can push the Mac’s traffic through it. It takes a long time and is fiddly, however, to switch the SOCKS proxy on and off from System Preferences, especially when (as in my special case) you can’t use Leopard’s Locations feature.
The AppleScript applications provided below are a quicker solution. Launch the right app, type your password and the proxy is flipped on or off. Nice and simple and much less fiddly than messing around in System Preferences.
If you’re not interested in reading how the solution works, and just want some AppleScript applications that you just launch to flip the proxy on/off, download them here:
Make sure you have the proxy settings saved within System Preferences first. For more information, see the Readme PDF in the download. These AppleScripts support only Mac OS X 10.5 Leopard and above.
If you’re still here, you’re probably interested in either why I’m doing this or how the solution works. Read on.
For web browsing, I can use Firefox and set its individual proxy settings to use SOCKS without affecting the whole system. That works great, for that unencrypted HTTP stuff.
However, there is also an issue with sending email to SMTP servers on this connection, which prompted me to make this quick-switch solution. I can’t be sure whether the SMTP issue deliberate, or just slowness, but trying to connect to non-Reading SMTP servers to send emails just times out. Therefore, to send emails, I need to tunnel Mail.app’s traffic through the SSH connection too, if only briefly.
Mail.app requires me to change (albeit briefly) the whole system’s proxy setting.
I thought Leopard’s ‘Location’ feature in Network may allow separate network profiles for proxy and normal, but the problem is switching between them drops the SSH connection in Terminal (and therefore, the local SOCKS proxy is no longer running, so the whole thing goes down).
Instead, I need a way to toggle the network SOCKS proxy settings in an automated manner for the system, so I can one-click to flip it on and off again to send an email.
Thankfully, Mac OS X’s network settings can be changed via the command line, which in turn can be run from AppleScript. This solution is only tested on Leopard, however it may work on Tiger if references to networksetup are changed as per this article.
$ networksetup -setsocksfirewallproxy Ethernet 127.0.0.1 1080 off
There are four arguments I’ve used here, let me explain what they each do.
-setsocksfirewallproxy – tells networksetup to turn the proxy on, with the following settings
Ethernet – the identifier of the network service to change the settings for (e.g. AirPort, Ethernet). Use networksetup -listallnetworkservices to see all valid values.
127.0.0.1 – the address of the SOCKS proxy. In our case, SSH creates the proxy on the local system, so 127.0.0.1.
1080 – the port of the SOCKS proxy. This is the -D argument in your SSH command.
off – this is for authentication. The SSH SOCKS system doesn’t need authentication and only runs on loopback, so we leave it off. If you’re using a different SOCKS system, you may need this (and also give the username and password as arguments after it).
Running the command will probably spring an authentication dialogue, just as you have to unlock the Network preference pane.
Then, it’s enabled for the whole system. Solves my Mail.app problem, I can now send that email (and my existing SSH connection isn’t dropped just because the network state changes).
How to disable proxy
You can just as simply disable the proxy.
$ networksetup -setsocksfirewallproxystate Ethernet off
Again, substitute Ethernet for your network service name if necessary (probably either AirPort or Ethernet).
It is also possible, once the settings are remembered by Mac OS X, to just use:
$ networksetup -setsocksfirewallproxystate Ethernet on
The AppleScripts I have made and you can download from above make the process even easier; you just launch the app to switch the proxy setting. If you’re a command line junkie, however, you may prefer to switch from the CLI.
The networksetup command was found thanks to this Mac OS X Hints post.