Routing all traffic thru socks proxy using ssh -D
Solution 1
In Linux:
- iptables -t nat -A OUTPUT ! -d 127.0.0.0/8 -j REDIRECT --to 1081
- Run program that listens 1081, retrieves actual, non-redirected destination address, negotiates with SOCKS server and relays.
I have written such program for private usage in Perl (prototype quality) and writing a better version in C. It is not yet published.
Update: now published: http://github.com/vi/socksredirect/ Use prototype.pl. Send me some notice if you interested in development of better version.
Update 2 Created a bit better version of it: http://github.com/vi/tcpsocks and a patch for Socat 2: http://github.com/vi/socksredirect/blob/master/socat-2.0.0-b3-REDIRECT.patch
P.S. Most of my (and sometimes some of neighbours') traffic now goes through the tcpsocks->ssh.
Solution 2
Avery Pennarun's sshuttle works similar to Vi's answer, but requires less setup and works on BSD and OS X as well as Linux.
Solution 3
Maybe you should considering setting up VPN instead.
Solution 4
I don't think there's any way to do this, but maybe you can try programs like FreeCap(windows), SocksCap(windows) or proxychains(linux). These programs may help you a little bit.
Related videos on Youtube
grm
Updated on September 17, 2022Comments
-
grm over 1 year
is it any easy way to route all traffic through a ssh proxy with -D?
I can configure individual specific applications to do this, but I would like a configuration that routes all the traffic on the machine. Thanks for your help!
-
grm about 14 yearsForgot to say that I was on linux so idealy, something by which I can route using iptables.
-
-
grm about 14 yearsVery interesting project Vi. Thanks! I will give this a look.
-
Vi. about 14 yearsYou should probably use more iptables rules to select which traffic do you want to be socksified. I use "iptables -t nat -A OUTPUT -j QQQ", then bunch of "iptables -t nat -A QQQ <checks> -j RETURN" and finally "iptables -t nat -A QQQ -p tcp -j REDIRECT --to 1234".
-
user2910702 over 13 yearsThank you! I've been wondering if this was doable, it was on my loong list of project ideas to try sometime.
-
Vi. over 13 years@Tobu, I have implemented this more: now there is a Socat patch (github.com/vi/socksredirect/blob/master/…) for this and also light-weight tcpsocks program (github.com/vi/tcpsocks)
-
ephemient over 13 yearsSee related: github.com/apenwarr/sshuttle
-
chiggsy over 13 yearsWith MacOS in particular, trusting the global proxy settings needs to be verified.
-
Alex H over 11 yearsanswer not at point
-
Tanmay over 7 years@Vi. Why not create a tun device, rather than using
REDIRECT
?