.Mac / Socks-Proxy / MarcoPolo
Google .Mac
Google have released some information on there google-code site about a replacement dotmac service. After playing around with this for a day I managed to get it up and running on my Ubuntu server, mostly thanks to the excellent step by step instructions given in the Distro specific guide.
However, in addition I have written the script outlined below to update my hosts file on my mac to allow me to mount my idisk from anywhere, even though I use dyndns rather than a fixed IP. When combining this with my 'secure' ssh tunneling method when I am not at home give me a relatively secure idisk setup.
Script:
# this program should work out the IP address of the server and add it to /etc/hosts in
# the right place!
#
# find the ip address
rm /Users/Admin/.ip.1
ping -c 1 my.dyndnsdomain.com >> /Users/Admin/.ip.1
#
#
# assign it to DOTMACIP
DOTMACIP=$(grep from /Users/Admin/.ip.1 | grep -o 8...........)
#
#
# clear old .temphosts file
rm /Users/Admin/.temphosts
touch /Users/Admin/.temphosts
#
# output the contents of hosts file
echo "
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
#
#
127.0.0.1 localhost
" >> /Users/Admini/.temphosts
echo "$DOTMACIP www.mac.com syncmgmt.mac.com idisk.mac.com configuration.apple.com lcs.mac.com certinfo.mac.com delta.mac.com notify.mac.com publish.mac.com homepage.mac.com" >> /Users/Admin/.temphosts
#
echo "$DOTMACIP www.mac.com. syncmgmt.mac.com. idisk.mac.com. configuration.apple.com. lcs.mac.com. certinfo.mac.com. delta.mac.com. notify.mac.com. publish.mac.com. homepage.mac.com." >> /Users/Administrator/.temphosts
#
#
# copy the new file to the right place
mv /etc/hosts /etc/hosts.old
cp /Users/Admin/.temphosts /etc/hosts
#
# should be the end!
----------------------------
Mac, ssh, socks proxy and MarcoPolo
Having set up my idisk I began to wonder about the security of my internet connection in general. As I run my own Linux server (Ubuntu 7.10) I thought it should be relatively straight forward to secure my web browsing etc when away from home.
To this end I decided to play around with my Mac to see if I could establish a secure web surfing environment when out and about. It was a relatively simple thing to setup a ssh connection to my home server which would provide a port on the localhost which I could use as a socks proxy for firefox.
ssh -v -ND (the local port to use, I went with 8080) -p (your ssh port)
This etablished a port (8080) on the local machine I was able to direct Firefox to (in the network settings under proxies, socks proxy > localhost 8080) to secure my web browsing. FYI the -v makes the session verbose, so I can see what is happening, the -ND specifies that I don't want to open an interactive ssh session and that the port (8080) is dynamic so responds appropriately to whichever port the application is looking for.
This worked great for firefox but I soon realised that all the other Internet activity, my google notifier, my idisk etc, where not going through this 'secure' tunnel. as a solution to this I went to the Mac's network settings and created a new location called 'Secure'. Here, under the airport settings I was able to specify a socks proxy (under the proxy settings) with a port of 8080. This then ensured that all my Mac's network traffic (at least that going through the Airport) was using the 'secure' tunnel.
However, this was quite alot to change every time I wanted to use the 'Secure' connection. My first thought was to try and learn a bit of applescript to automate this process. But I found an excellent piece of donationware called MarcoPolo which solved the problem for me and gave me some extra functionality I didn't even know I needed!
With MarcoPolo I was able to specify conditions under which it automatically switched the network location between secure and home (my home settings, yes, I don't have an imagination). Additionally I put the ssh command into a shell script so that MarcoPolo would switch over the network location and run setup the ssh tunnel whenever I connected to a particular wireless network, as identified by the SSID. Obviously I will have to set this up for each wireless network I use outside of my home network, however, you only need to specify that the network should trigger the 'secure' environment, rather than each individual action for each network which makes life easier.
In addition to that I have been able to setup Marcopolo to automatically mount my samba shares when I am at home and set the correct default printer for me depending on my location. Now I wounder how I lived doing all these things manually!
Note: Yes, I realise that the connection from my Ubuntu server to the Internet is not secure!
Note 2: I haven't found a good way on embedding links with my current editing method, so they are listed below.
Useful Links:
http://code.google.com/p/dotmac/ - Google dot.Mac
http://code.google.com/p/dotmac/wiki/OS_specific_notes - the distro specific guide for Ubuntu
http://www.symonds.id.au/marcopolo/ - MarcoPolo
http://www.mozilla.com/firefox/
Posts
