ssh tunneling and socks proxy forwarding goodness

While I'm sometimes forced to use unprotected wi-fi hotspots when on travel, I do so without much trepidation. Most people complain about the complexities of using a VPN. Frankly, if you have remote access to Unix or Linux box that is running a ssh server you can essentially gain the same benefit that a vpn system can afford you.

A lesson on the many different ssh 'flags' would be beyond the scope here; however, you can tunnel most TCP/UDP based applications via SOCKS v5. I happen to run privoxy web proxy and tor on my box at home.

So if I setup my localhost (in this case my linux notebook) accept a tunnel from my box running openssh, I can tunnel all http traffic through this makeshift tunnel.
Since privoxy server listens on port 8118, I setup my tunnel as such..
ssh -NL 8118:localhost:8118 user@host (assumes ssh running on port22 - not advised)

Below is the output from 'netstat -tuap | grep 8118'
tcp 0 0 localhost:8118 *:* LISTEN 13188/ssh
tcp 0 0 localhost:8118 localhost:47018 TIME_WAIT -
tcp 0 0 localhost:8118 localhost:47019 TIME_WAIT -
tcp6 0 0 ip6-localhost:8118 [::]:* LISTEN

So now I still have one more step to get the benefit of privoxy and tor on my notebook.
If you're running Firefox or any Mozilla browser (I'm not sure if IE understands SOCKS), you simply need to do 'edit -> preferences -> network -> settings' select radio button for manual proxy settings.. Add localhost (127.0.0.1) and port 8118.

Now to tunnel TCP traffic via ssh - ssh -D 9999 user@host (again assumes sshd is running on port 22). The 'D' flag or switch tells ssh to tunnel SOCKS. on port 9999.
You would then add this information to the manual proxy settings as we did in the previous step. You should now notice the same benefits as you were running them on your local box. For people forced to run M$, fear not you can also realize the same benefits by using the putty client. However, you still will need access to box that is running openssh on the other end of the tunnel. I don't think that W2K3 server can run openssh natively. So you'll need Linux box. Get with the program ;-)

  • Importance of Loopback Device
  • sshfs / FUSE and gmailfs
  • Importance of Loopback Device
  • Importance of log rotation and maintenance
  • Monthly Archives

    Pages

    OpenID accepted here Learn more about OpenID
    Powered by Movable Type 4.25

    About this Entry

    This page contains a single entry by AG published on March 20, 2009 10:48 AM.

    Eradication of Poverty was the previous entry in this blog.

    Plankowner reunion musings is the next entry in this blog.

    Find recent content on the main index or look in the archives to find all content.