http://security.bnl.gov/proxy/cfg.pacin the appropriate box. (Alternatively, you can use manual configuration: the proxy host is 192.168.1.130 for the wired internal network and 192.168.1.140 for wireless, and the port is 3128.)
setenv http_proxy http://192.168.1.130:3128If you use bash, put in your ~/.bashrc file the line
export http_proxy=http://192.168.1.130:3128For the wireless network use instead 192.168.1.140. You should remove these lines when you move your computer outside the BNL firewall.
ssh -t email@example.com ssh firstname.lastname@example.org
DHCP is available on the local network. If you set your laptop to automatically get its ip address, it should work. HOWEVER, to keep from being cut off, you must once register its ethernet card. Opening a browser should give the registration page, or you can go here from your laptop to do this. If you move your laptop between on and off site, you will also need to go through the annoyance of doing/undoing the above proxy setting in your browser.
A growing number wireless access points are scattered around BNL, including most of the main seminar and conference rooms. This is a separate visitor network and doesn't need the proxy setup. However you will still need to register your wireless card; opening a browser window will give you the registration page.
Many BNL computers inside the firewall are accessible only through an SSH gateway. This can be done transparently as follows:
Create somewhere (here /home/yourname/bin/netcat-proxy-command) the following script and make it executable:
#!/bin/sh gateway=$1 internal=$2 ssh $gateway nc -w 1 $internal 22Create or edit ~/.ssh/config and add, e.g., the following to access quark.phy.bnl.gov and qcd.phy.bnl.gov via gateway ssh.bnl.gov:
ForwardAgent yes Host quark.phy.bnl.gov Hostname quark.phy.bnl.gov HostKeyAlias quark.phy.bnl.gov ProxyCommand /home/yourname/bin/netcat-proxy-command ssh.bnl.gov %h Host qcd.phy.bnl.gov Hostname qcd.phy.bnl.gov HostKeyAlias qcd.phy.bnl.gov ProxyCommand /home/yourname/bin/netcat-proxy-command ssh.bnl.gov %hYou can add as many internal nodes, each with its own gateway, as you need.
After you login, authenticate yourself to ssh-agent (see above). You will then be able to do ssh and scp to quark.phy.bnl.gov and qcd.phy.bnl.gov directly; the gateway will be transparent.
Create somewhere (here /home/yourname/bin/bnltunnel) the following script and make it executable:
#!/bin/bash ssh -L 3128:192.168.1.130:3128 email@example.comStart your browser (here Firefox), select Edit/Preferences, select "Connection Settings", and select "Manual configuration". For HTTP Proxy enter localhost and port 3128. Select "Use this proxy server for all protocols". For other browsers the path may be different, but the same options should be available.
Depending on where you are using your computer, you may need to select "Direct connection" (generic), the above "Manual configuration" (to use the BNL Web proxy), or "Automatic configuration" with
http://wpad.bnl.gov/wpad.dat(to use the Corus2 wireless network).
To access internal BNL Web pates, start bnltunnel in a shell and leave it running (you can minimize the window) and select the "Manual configuration" option described above. Then you should be able to access internal Web pages as if you were within the BNL firewall.
Note: the wpad.bnl.gov automatic configuration is harmless if you are outside the firewall.