Linux Secure Shell (SSH) III : SSH Tunnel as Proxy - Dynamic Port Forwarding (SOCKS Proxy)
To bypass censorship and get around a restrictive firewall blocking us from browsing certain web sites all we need is a shell account that is accessible via ssh on a machine that has an open connection.
We'll use a Socket Secure (SOCKS) protocol. It routes network packets between a client and server through a proxy server.
Picture credit: SSH Tunneling Explained.
A SOCKS server is a general purpose proxy server that establishes a TCP connection to another server on behalf of a client, then routes all the traffic back and forth between the client and the server. It works for any kind of network protocol on any port. SOCKS Version 5 adds additional support for security and UDP.
This is a two step process:
- Make a ssh connection to the remote machine using dynamic port forwarding:
k@laptop:~$ ssh -D 9001 bogotob1@bogotobogo.com bogotob1@bogotobogo.com [~]#
Leave it open.
At the client side of the tunnel (localhost @home) a SOCKS proxy would be created and the application (eg. browser) uses the SOCKS protocol to specify where the traffic should be sent when it leaves the other end of the ssh tunnel.
We may get "- bind: Cannot assign requested address" message, if that's the case, we force the ssh client to use ipv4, adding -4:k@laptop:~$ ssh -4 -D 9001 bogotob1@bogotobogo.com bogotob1@bogotobogo.com [~]#
Also, if we want no interaction with the remote, and just want to port forwarding, we can add -N:k@laptop:~$ ssh -4 -N -D 9001 bogotob1@bogotobogo.com
- Most web browsers can be configured to talk to a web server via a SOCKS server. Because the client must first make a connection to the SOCKS server and tell it the host it wants to connect to, the client must be SOCKS enabled. For example, FireFox, can be configured: go into the proxy configuration page and specify localhost and dynamically do port forwarding (in this example 9001). All traffic is now routed through remote server.
Preferences => Advanced:
Then, click on "Settings" button under "Connection".
Check "Manual proxy configuration", set HTTP Proxy port to 8080 (we may not need to set this, can leave as 0), SOCKS Host: 127.0.0.1, and port 9001, then hit "OK" button.
Let's check ip and it's physical location:
Now we reset the connection with No Proxy:
Then, we can see the changes in ip-address (173*->108*) and it's physical location (Utha->California):
We can set the SOCKS Proxy via System setting instead of Browser, on Ubuntu. "Systm Settings" => "Newwork":
Linux - system, cmds & shell
- Linux Tips - links, vmstats, rsync
- Linux Tips 2 - ctrl a, curl r, tail -f, umask
- Linux - bash I
- Linux - bash II
- Linux - Uncompressing 7z file
- Linux - sed I (substitution: sed 's///', sed -i)
- Linux - sed II (file spacing, numbering, text conversion and substitution)
- Linux - sed III (selective printing of certain lines, selective definition of certain lines)
- Linux - 7 File types : Regular, Directory, Block file, Character device file, Pipe file, Symbolic link file, and Socket file
- Linux shell programming - introduction
- Linux shell programming - variables and functions (readonly, unset, and functions)
- Linux shell programming - special shell variables
- Linux shell programming : arrays - three different ways of declaring arrays & looping with $*/$@
- Linux shell programming : operations on array
- Linux shell programming : variables & commands substitution
- Linux shell programming : metacharacters & quotes
- Linux shell programming : input/output redirection & here document
- Linux shell programming : loop control - for, while, break, and break n
- Linux shell programming : string
- Linux shell programming : for-loop
- Linux shell programming : if/elif/else/fi
- Linux shell programming : Test
- Managing User Account - useradd, usermod, and userdel
- Linux Secure Shell (SSH) I : key generation, private key and public key
- Linux Secure Shell (SSH) II : ssh-agent & scp
- Linux Secure Shell (SSH) III : SSH Tunnel as Proxy - Dynamic Port Forwarding (SOCKS Proxy)
- Linux Secure Shell (SSH) IV : Local port forwarding (outgoing ssh tunnel)
- Linux Secure Shell (SSH) V : Reverse SSH Tunnel (remote port forwarding / incoming ssh tunnel) /)
- Linux Processes and Signals
- Linux Drivers 1
- tcpdump
- Linux Debugging using gdb
- Embedded Systems Programming I - Introduction
- Embedded Systems Programming II - gcc ARM Toolchain and Simple Code on Ubuntu/Fedora
- LXC (Linux Container) Install and Run
- Linux IPTables
- Hadoop - 1. Setting up on Ubuntu for Single-Node Cluster
- Hadoop - 2. Runing on Ubuntu for Single-Node Cluster
- ownCloud 7 install
- Ubuntu 14.04 guest on Mac OSX host using VirtualBox I
- Ubuntu 14.04 guest on Mac OSX host using VirtualBox II
- Windows 8 guest on Mac OSX host using VirtualBox I
- Ubuntu Package Management System (apt-get vs dpkg)
- RPM Packaging
- How to Make a Self-Signed SSL Certificate
- Linux Q & A
- DevOps / Sys Admin questions
Ph.D. / Golden Gate Ave, San Francisco / Seoul National Univ / Carnegie Mellon / UC Berkeley / DevOps / Deep Learning / Visualization