Access blocked ports behind proxy

When I started working with Wikimedia, I realized that a lot of ports are blocked in IITM, other than the default HTTP 80, very few ports worked. But, to access gerrit, I needed shell access to port 28418 and for Freenode(IRC chat), ports like 6667. Unfortunately, for me, all of these were blocked. I tried contacting the internet department a few times, requesting them to open these ports, but was told it will be rolled out slowly as they were experimenting and will open most of the ports soon. But, I didn’t have the patience 😛

Looking for alternatives

So, I started looking for alternatives, and did find them, though they were kind of not so comfortable to use at times- the web version of Freenode IRC https://webchat.freenode.net/ and Gerrit patch uploader for uploading my patches https://tools.wmflabs.org/gerrit-patch-uploader/ Yes, they did the job, but I don’t really like messy stuff…

World of VPN

Read about VPN here https://en.wikipedia.org/wiki/Virtual_private_network Spotflux http://www.spotflux.com/ is an excellent VPN service offered for Windows and a few other clients, and is free 🙂 I was a windows user back then, found it amazingly stable so my task was done. I was able to access both Freenode IRC and gerrit from my PC.

Switching over to Linux

Working with the world of FOSS makes you realize, Windows is evil 😛 Now, completely switched to open source alternatives for myself, I couldn’t find a great VPN service for linux. Yes, there are a few, but not as stable or flexible as Spotflux. So, here I was stuck again…:( Next thing was something that saved my life and my soul from switching back to Windows again. I got access to a server, which had access to internet, no restrictions at all. Spent some time researching on how to use it to bypass my proxy and Voila!! I could use my favorite IRC client and push code to gerrit 🙂 Here is some insight on how to do it: For the IRC client, I set up a SOCKS5 proxy

  ssh -D 1080 sshlogin@sshserver 

You need to enter the SSH password for executing the command. It sets up a SOCKS proxy that can be used by various applications, using Dynamic port forwarding to port 1080 Next up is connecting to gerrit, and then setting up git-review. First, let’s forward the port used by gerrit to some local port(2000 here) using Local port forwarding

  ssh -L 2000:gerrit.wikimedia.org:29418 sshlogin@sshserver 

Now, you can connect to gerrit using(You need to make sure that you have added your SSH key on gerrit first)

  ssh @localhost -p 2000

For more details on using Gerrit, refer to https://www.mediawiki.org/wiki/Gerrit/Tutorial For the sake of completeness, here is the full command, with a couple of extra parameters

  ssh -f -N -L 2000:gerrit.wikimedia.org:29418 -C -D 1080 sshlogin@sshserver

    -N -f Makes the SSH service work in background.
    -C    Compression for SOCKS proxy(to make it faster)

I like to use sshpass, a small utility that allows me to send the password as an argument, so I can just add my script to startup

  sshpass -p password ssh -f -N -L 2000:gerrit.wikimedia.org:29418 -C -D 1080 sshlogin@sshserver

Note: IITM authorities kept their promise and opened these ports recently(and a lot others too)

Using git-review

Now comes the slightly tricky part. Clone the required repository and then edit the .gitreview file(It’s a hidden file) Change the host and the port to the ones used above

  host=localhost
  port=2000

Now, go to terminal, change directory to this folder and type the command

  git-review -s

This command generates sources into .git/config file. You might have to enter your gerrit username. Open up the file and see what if it looks like

  [remote "gerrit"]
  	url = ssh://@localhost:2000/mediawiki/core.git
  	fetch = +refs/heads/*:refs/remotes/gerrit/*

  [remote "origin"]
	url = https://gerrit.wikimedia.org/r/p/mediawiki/core.git
	fetch = +refs/heads/*:refs/remotes/origin/*

You will have to add the origin on your own in case it doesn’t exist(in my case I had deleted the config file) Note: In case you are switching environments from Proxy to No proxy(or the other way round), just delete the config file and run the command again. Make sure that the origin is added, and if not, do it manually. Done! Now you can use git-review to commit your code to gerrit. Works like a charm.

Advertisements

2 thoughts on “Access blocked ports behind proxy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s