Surfing in Kansas
« Twitter Spam | Adding Google Analytics to Sphinx Docs »
SSH Tunneling has become an invaluable tool that I probably use more than I should. I love tunneling, and use it all the time. This will be a quick tutorial on how to use the SOCKS proxy ability of SSH to allow you to tunnel your HTTP traffic through a remote server.
This is useful when you're on a connection that has a silly filter on it (school or library). Since it's a SOCKS5 proxy, it is useful for tunneling other things as well (like IM). It is also useful when browsing on public wifi or anywhere that you can't trust the network connection you're on, since it encrypts all the data that is sent over it.
The command to tunnel in SSH is really simple. You simply do: ssh -ND localhost:5555 example.com to tunnel traffic through example.com. This is a nice one off, but I actually have the configuration in my ssh config. To do that, in your ~/.ssh/config, you need to put in the settings you want your proxy to have.
Host tunnel
Hostname example.com
DynamicForward localhost:5555
This allows me to simply do ssh -N tunnel, and it will setup a proxy. This is basically turning my local port 5555 into a proxy that goes through the remote host. It is encrypted from my network to the remote network, which is really nice. The -N flag is used so that it doesn't create a shell on the other end, and simply creates the proxy connection.
In firefox, you need to go into your Preferences > Advanced > Network > Connection > Settings. This is where your proxy settings live. Go down the the SOCKS host, and set it to localhost, with the port you set up above, 5555 in this case. It should look something like this:
I use the Quickproxy extension to easily turn my proxy settings on and off. It puts a small button on your bottom status bar in Firefox, and clicking it turns your proxy on and off.
Now you simply flip the switch on your QuickProxy, and you are surfing through an encrypted connection. To check if it's working, I use http://whatismyip.com to check my remote IP. If it changes between the proxy being on and off, you know the proxy is working.
This is a really easy way to simply create a two click encrypted proxy. Hope this is helpful, and I'd be curious if people have other tips and tricks in this regard.
Comments have been close for this post.
Posted at 4:45 p.m. on March 21, 2009
Comments: 2
Django Inspect: A generic introspection API for Django models
3 weeks, 6 days Ago (Comments: 4)
The role of designers in the Django community
1 month Ago (Comments: 7)
Large Problems in Django, Mostly Solved: Documentation
1 month Ago (Comments: 5)
2 months Ago (Comments: 0)
Correct way to handle default model fields.
3 months, 3 weeks Ago (Comments: 8)
I may not have gone where I intended to go, but I think I have ended up where I intended to be.
- Douglas Adams
Comments
1 Chris Lasher says...
I really like doing this trick, too. GNOME Desktop users can also configure this to be system-wide by going to System -> Preferences -> Network Proxy -> Proxy Configuration. Select "Manual proxy configuration"; set "Socks host" to "localhost" and the port to your selected port, "5555" in your example. If you do this, you won't have to manually configure Firefox--by default it uses the system proxy. Now many (all?) of your programs will route through the host you connected to.
Posted at 12:20 a.m. on March 22, 2009
2 Steve Pinkham says...
Note that Firefox doesn't tunnel DNS through the proxy by default, you need to set Network.proxy.socks_remote_dns to true in about:config to truly be tunneling everything through, which is probably the behavior you want. See Mozilla docs and this tutorial for more info.
Posted at 2:54 a.m. on March 22, 2009