Our IT people decided that it was a bad idea to access the Internet recently, and our beloved open-access policy was replaced with a block on all ports, with ports 80 and 443 (http and https) now routed via a proxy server. No more getting my Gmail or other POP/IMAP mail, no more MSN, Jabber, ICQ, etc.
Needless to say, I was peeved. I did some digging and came up with this absolutely wonderful little program called Proxytunnel. You see, if your network admins are anything like mine (and most are), they will have allowed you acccess to secure sites via an HTTP proxy. The thing with SSL and proxies is that because everything's encrypted, the proxy can do naught but just pass on your requests to the sites in question, and can't have any say on what protocol is used. So get Proxytunnel, drop it in /usr/local/bin or anywhere else in your path, and then do something like this:
/usr/local/bin/proxytunnel -a 5222 -g 123.123.123.123 \
-G 8080 -d myjabberserver.com -D 5222
You can now access your Jabber server by setting up iChat to connect to server localhost instead of myjabberserver.com (the 123.123.123.123 IP address is the IP of your proxy server; 8080 is the port. The first 5222 is the port on localhost that proxytunnel will be listening to, the last one is the port of your jabber server. Note that you need to run Proxytunnel as root if you want it to listen on a port below 1024; however, you can make it listen on a different port.
So to access GMail's secure POP server as localhost:995, you could do:
sudo /usr/local/bin/proxytunnel -a 995 -g 123.123.123.123 \
-G 8080 -d pop.gmail.com -D 995
To access it as localhost:9995, just do:
/usr/local/bin/proxytunnel -a 9995 -g 123.123.123.123 \
-G 8080 -d pop.gmail.com -D 995
If your Mac is always connected to a firewalled network, you can stop reading now. Set up proxy tunnels, and you can use any service you want.
127.0.0.1 localhost
to:
127.0.0.1 localhost myjabberserver.org pop.gmail.com pop.myisp.com
These are the host names for my Jabber server and POP servers. Now we need to let lookupd flush its cache so that it reads the changes, so we issue a lookupd -flushcache. Now, with proxytunnel running, when Mail.app looks up pop.gmail.com, the resolver tells it it's 127.0.0.1, the local host, so it connects to port 995, and the proxy tunnel forwards the request via the proxy server.
do shell script "/usr/local/bin/proxytunnel -a 5222 -g 123.123.123.123
-G 8080 -d myjabberserver.org -D 5222 &> /dev/null &"
with administrator privileges
do shell script "/usr/local/bin/proxytunnel -a 995 -g 123.123.123.123
-G 8080 -d pop.gmail.com -D 995 &> /dev/null &"
with administrator privileges
do shell script "/usr/local/bin/proxytunnel -a 110 -g 123.123.123.123
-G 8080 -d pop.myisp.com -D 110 &> /dev/null &"
with administrator privileges
do shell script "cp /etc/hosts.proxytunnel /etc/hosts"
with administrator privileges
do shell script "lookupd -flushcache" with administrator privileges
You could just write a shell script, of course, but AppleScript gives you a nice password dialog when you run this from the script menu (you need admin privileges to swap the hosts files, in addition to setting up the tunnel for ports below 1024; lookupd and the first tunnel could be run without admin privileges, but it's there for symmetry). And now, the one to bring everything back to normal (the first line has been split; it should be one line):
do shell script "cp /etc/hosts.default /etc/hosts"
with administrator privileges
do shell script "lookupd -flushcache" with administrator privileges
do shell script "killall proxytunnel" with administrator privileges
Enjoy your unfettered Internet access.
Mac OS X Hints
http://hints.macworld.com/article.php?story=20050804072524306