How do I set up a local SOCKS proxy that tunnels traffic through SSH?
The ssh
binary that you use when you connect to a server running ssh supports running a SOCKS proxy out of the box, with the -D
flag. Example:
ssh -D 1337 -f -C -q -N user@remote -p 22
-D 1337
tellsssh
to launch a SOCKS server on port 1337 locally.-f
forks the process into the background.-C
Turns on compression.-q
enables "Quiet mode", since the purpose here is only to tunnel we don't really care about error output and such.-N
tellsssh
that no commands will be sent (-f
complains if we don’t specify this).-p
specifies what port to use; obviously this is defaulted to 22 so the statement above is pointless, but included for clarity.
When your SOCKS server is up and running, you simply need to make sure that your application (usually a web browser) is trying to connect to the local SOCKS proxy, and not the regular Internet.
In Firefox 29 (explained here as an example), this is achieved by going to the menu (the three sausages in the top right), followed by Preferences > Advanced > Network > (Connection) > Settings... - make sure you only fill out the SOCKS field! Since your proxy is on the same system, you can use localhost
or 127.0.0.1
to point back at whatever port you set it to on the same system.
If you need your DNS requests to be tunneled as well (if they are not, your DNS lookups will reveal what websites you are trying to visit), you can just check on "Remote DNS" or as well do this entire configuration in about:config
. In the last case, open it up and set these values:
network.proxy.socks : 127.0.0.1
network.proxy.socks_port : 1337
network.proxy.socks.remote_dns : true
network.proxy.socks_version : 5
network.proxy.type : 1
You may also need this setting to exclude certain domains or sites from tunneling:
network.proxy.no_proxies_on : localhost, 127.0.0.1, 192.168.0.0/24, .yourcompany.com
This answer was written from France, but tunneled via Sweden :)
Related videos on Youtube
Comments
-
pzkpfw over 1 year
Assume I have access to an SSH server that supports tunneling, and I am on a PC that is running *ubuntu, how do I set up a local SOCKS proxy that tunnels the traffic through that SSH server before reaching the Internet?
-
Braiam almost 10 yearsThis only would work on firefox.
-
pzkpfw almost 10 yearsIt is in no way Firefox-specific, I included the Firefox section as a service since that is usually what people use SSH tunneling for, it would work in any application that supports SOCKS proxies (ssh doesn't care).
-
MadMike over 9 yearsSpeaking of setting up the browser to use the proxy. If you use google chrome you will need declare the proxy in the network-settings of ubuntu, as this is what google chrome will be using. Unofficial CLI options have been available to declare the proxy without this. But as of some weeks ago this not possible anymore.
-
lakesare over 8 yearsThanks, you got me out of hell. And I only got there because I didn't read through your answer properly about 10 hours ago. Should have paid attention to
-D
and-p
part. -
Alcalyn over 4 yearsAlso easier to remember:
ssh -D 1337 user@host
-
pzkpfw over 4 yearsNot sure what you mean by "easier to remember" @Alcalyn, it's not an equivalent command and does not do the same thing.
-
Alcalyn over 4 yearsI mean it shows that the most important thing is the actual
-D
, and this only option can also work. -
pzkpfw over 4 yearsSure, and it will fail if you're running SSH on any other port than 22.