Michael Mayhew

Tag: firewall avoidance

Use SSH as a Proxy Server

by on Sep.16, 2009, under Linux, Technology

Not many people know you can easily create a SOCKS proxy with your SSH session, point your browser to it and browse securely on any network.

There are many different situations this may be handy:

  • You could be on a public network and not want your web traffic visible to snoopers.
  • You could be on a computer that doesn’t have direct access to the Internet but have SSH access to an Internet accessible computer.
  • You could be at work and not want your web traffic monitored. AKA: Firewall Avoidance.  I, of course, am not promoting firewall avoidance but it is definitely a possibility with SSH.

Now let’s get down to how you do this:

Windows

I’m assuming you already know how to SSH using PuTTY.  If you need help with this, leave a comment and I’ll provide more detail.

In PuTTY, go to Connection -> SSH -> Tunnels.  Type any number in the ‘Source port’ text field.  I like using 9999 myself.  Then select the ‘Dynamic’ radio button.  Then click Add.

That’s the only change you need to make before connecting to your SSH host.  Now when you connect, you can use port 9999 locally as a SOCKS proxy.  I’ll explain how to use this after the Linux section.

Linux

Again, I’m assuming you already know how to SSH from command line.  All you have to do is add “-D <port>” to your SSH command.  If you were going to use port 9999 as your local SOCKS proxy, your command may look like:

ssh -D 9999 username@hostname

Once you connect, you will have a SOCKS proxy running locally on your specified port.

OK, Now What?

So now you have the SOCKS proxy running locally.  You can point your browser, IM client or any application that has SOCKS proxy support. Here are a few examples:

Internet Explorer: Tools -> Connections -> LAN Settings -> “Use a proxy server [...] ” -> Advanced -> SOCKS

Firefox: Edit -> Preferences -> Advanced -> Network -> Settings -> Manual proxy connection -> SOCKS Host

Pidgin (gaim): Tools -> Preferences -> Network -> Proxy type -> SOCKS 5

If you poke around other applications you’ll find many support a SOCKS proxy and many do not.

Tips:

Even when using a SOCKS proxy, most applications will do DNS resolution before going through the proxy.  Many applications have settings for this.  In Firefox type “about:config” in the url bar and find the following setting”network.proxy.socks_remote_dns” and change it to true.  In Pidgin, there is a checkbox for “Use remote ..”

In Linux, if you are getting a permission issue, you must use a port higher than 1024 as the SOCKS proxy unless you are root

Please post any questions in the comments area, and I’ll address them ASAP!

Leave a Comment :, , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Archives

All entries, chronologically...