Click to search Andy Jarrett.co.uk RSS feed

Loading Twitter

SSH Tunneling your web traffic

Recentlty I wanted to bypass a network for a little bit of extra privacy, one of the best ways of doing this is SSH tunneling. If you don't know what this I'll give you the 100,000 ft view. Lets say your are on a restricted network with a firewall that prevents you reading technical blogs as they are classed as "social media" and seen as BAD. With tunneling via SSH you can connect to, say your home computer and use that connection.

You don't have to do this from the terminal, there are tool out there for the Mac like SSH Tunnel Manager but as you'll see this is just quicker and easier. With SSH installed on your machine go to the terminal/command prompt with the following script

view plain print about
1ssh -ND {proxy port} {username}@{ip address of your remote machine}

Small, but powerfull. So if your remote/home machine that has the internet connection you want to use has the IP address of "79.1.2.3" and your account on that machine had the username "bofh" your connection script would be:

view plain print about
1e.g. ssh -ND 9999 bofh@79.1.2.3

The 9999 can be any port number you want. You just need to note it down for the next part, web browsing. For this I'm going to show you how to setup Firefox as its a setting you can do quickly and the same across OS's

  1. Every time you open a tunnel you'll need to set the "Manual proxy configuration" which you can copy from the following screen shot
    Firefox settings for
    The '9999' value is what ever port you set in the terminal script.
  2. The next bit you'll only need to do once. In your Firefox address bar go to about:config and set network.proxy.socks_remote_dns = true

Thats it!

Comments Comments (3) | Print Print | Send Send | 614 Views

(Comment Moderation is enabled. Your comment will not appear until approved.)
[Add Comment] [Subscribe to Comments]
Abdul Qabiz's Gravatar Posted By Abdul Qabiz @ 6/4/09 11:40 AM
I use SSH Tunneling a lot. We have small office with servers (mail, http, db, ldap, etc) and internal network.

I have just opened one port in our office's internet-gateway and forwarded the port to my box (Linux - OpenSSH Server) in office network.

When I am at home, I tunnel a lot of things to access resources in office. Be it remote-desktop, samba, mail (our mail server is only accessible over vpn or from network), web servers or any thing.

SSH is great, we just have to open one port (custom - non-standard) and use password-less sessions, that is everyone has their public and private keys.

The command I use is the one you mentioned above, some more params to enable specific port mapping (Remote Desktop, etc).

I use OSX at home (laptop) so it's lot easier to create a local-loopback network interface and use it like it's main server in office.

1) Create an alias for local loopback interface

sudo ifconfig lo0 alias 10.0.0.1

2) Start tunneling

ssh -ND 1080 user@server -L 10.0.0.1:25/office-mail-server/25 -L 10.0.0.1:143/office-mail-server/143 -L 10.0.0.1:80/office-web-server/80

You can keep adding like that. I like approach, i keep actual network interface clean and hence no conflicts with servers and stuff running on my laptop.

BTW! If you are using Windows client, you can do the same by adding Microsoft Loopback Adapter. It's not as easy but doable.

my two cents

-abdul
Andy Jarrett's Gravatar Posted By Andy Jarrett @ 6/5/09 7:46 AM
Thanks for that Abdul. I'll have to give that a try
just_alien's Gravatar Posted By just_alien @ 12/25/09 1:21 PM
I want to quote your post in my blog. It can?
And you et an account on Twitter?
[Add Comment]
BlogCFC by Raymond Camden + Twitter @AndyJ + ColdFusion jobs + Contact Me + Snippets/Downloads + RSS .