We have a situation in our midst. A situation which *none* of us have ever encountered. A dedicated proxy box, with port filtering.
Below is a diagram of the apparent network at this time:
|internet|
|
|
<proxy box>
|
|
<CST VPN> (not confirmed, but a high possibility)
|
|
<Calvin router>
|
____|____
|Switch(es)|
|
-------------------------
| | |
(computer labs)
(I know, it's not a great diagram, but it works

The Problem: The old setup (getbusi) blocked sites/IP addresses. All done via a software app (squid/getbusi).
The new setup uses a dedicated proxy/port filtering box. This appears to be a learning proxy/port filtering box. SSL (port 443) has already been blocked. The authentication is LDAP, which appears to be a little buggy at this time, especially in combination with samba.
What we found: Gmail is blocked, as it requires SSL for authentication. This is unacceptable. Bling found a workaround using another site, but I cannot remember what it was, and it is likely that it will get blocked eventually.
The solution: Well, there are a few applications that are available for this. Online proxys are pretty much well out of the question (they were used by too many people last year to access utter crap, like pr0n and Youtube [no offense meant to those who used YT]). Our (real) options are:
1. Ask for port 443 to be unblocked unconditionally.
The likelyhood of that working is 0. I doubt they'll unblock it, especially given the reason why.
2. Use my home VNC Server (weedman.isa-geek.org) for our browsing needs.
That is, if we can get the Java VNC client to work through a proxy. I have the Java applet setup server-side, so it will work. Remember that the upload speed is limited, so it's not going to be brilliantly fast, but useable. Not multi-user friendly, except for shared VIM!
3. Setup tor on beowulf.
I'm not kidding. I'm not 100% sure how that would work, but it might be possible. Not sure about the port blocking problem and this. It probably wouldn't work with more than one user.
4. Setup a SSH tunnel.
I rekon that might be our only option if VNC fails. Either setup it on a local machine, or through beowulf.
5. If all else fails, use the old proxy route.
I hate this, but we might be forced to do it.
#6. Suggest something!
I think we'll probably become more desperate over the next few months.
What should we do?
Chris J.
(weedman
