Andy Jarrett

SSH Tunneling your web traffic

Recentlty I wanted to bypass a network for a little bit of extra privacy, one of the best ways of doing this is SSH tunneling. If you don't know what this I'll give you the 100,000 ft view. Lets say your are on a restricted network with a firewall that prevents you reading technical blogs as they are classed as "social media" and seen as BAD. With tunneling via SSH you can connect to, say your home computer and use that connection.

You don't have to do this from the terminal, there are tool out there for the Mac like SSH Tunnel Manager but as you'll see this is just quicker and easier. With SSH installed on your machine go to the terminal/command prompt with the following script

view plain print about
1ssh -ND {proxy port} {username}@{ip address of your remote machine}

Small, but powerfull. So if your remote/home machine that has the internet connection you want to use has the IP address of "79.1.2.3" and your account on that machine had the username "bofh" your connection script would be:

view plain print about
1e.g. ssh -ND 9999 bofh@79.1.2.3

The 9999 can be any port number you want. You just need to note it down for the next part, web browsing. For this I'm going to show you how to setup Firefox as its a setting you can do quickly and the same across OS's

  1. Every time you open a tunnel you'll need to set the "Manual proxy configuration" which you can copy from the following screen shot
    Firefox settings for
    The '9999' value is what ever port you set in the terminal script.
  2. The next bit you'll only need to do once. In your Firefox address bar go to about:config and set network.proxy.socks_remote_dns = true

Thats it!

Posted: 04-Jun-2009

View: 1246

Permalink: here

Comments

I use SSH Tunneling a lot. We have small office with servers (mail, http, db, ldap, etc) and internal network.

I have just opened one port in our office's internet-gateway and forwarded the port to my box (Linux - OpenSSH Server) in office network.

When I am at home, I tunnel a lot of things to access resources in office. Be it remote-desktop, samba, mail (our mail server is only accessible over vpn or from network), web servers or any thing.

SSH is great, we just have to open one port (custom - non-standard) and use password-less sessions, that is everyone has their public and private keys.

The command I use is the one you mentioned above, some more params to enable specific port mapping (Remote Desktop, etc).

I use OSX at home (laptop) so it's lot easier to create a local-loopback network interface and use it like it's main server in office.

1) Create an alias for local loopback interface

sudo ifconfig lo0 alias 10.0.0.1

2) Start tunneling

ssh -ND 1080 user@server -L 10.0.0.1:25/office-mail-server/25 -L 10.0.0.1:143/office-mail-server/143 -L 10.0.0.1:80/office-web-server/80

You can keep adding like that. I like approach, i keep actual network interface clean and hence no conflicts with servers and stuff running on my laptop.

BTW! If you are using Windows client, you can do the same by adding Microsoft Loopback Adapter. It's not as easy but doable.

my two cents

-abdul

#1 Abdul Qabiz
04/Jun/09 11:40 AM
Thanks for that Abdul. I'll have to give that a try

#2 Andy Jarrett
05/Jun/09 7:46 AM
I want to quote your post in my blog. It can?
And you et an account on Twitter?

#3 just_alien
25/Dec/09 1:21 PM