Use your Linux server as a proxy (SSH Tunnel + SOCKS Proxy Forwarding)

By | May 6, 2016

Socks proxy via ssh Tunnel

I often come across websites that block me because my isp is on some blacklist somewhere. The only option then is to access the website through some kind of proxy server, which are quite hard to find.

The best solution for me was to use my own linux servers as proxy servers. Its quite easy to convert your linux server into a socks proxy server and it works very nice.

1. Start a socks proxy server

Run the following ssh command on your local command to connect to your server and also open a socks proxy on a local port.

The port number used here is 9999, but could be anything of your choice. Just make sure that nothing else is running on the same port.

$ ssh -D 9999 [email protected]

According to the ssh man page, the -D option is used for -

Specifies a local "dynamic" application-level port forwarding.  This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address.  Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server.  Only root can forward privileged ports.  Dynamic port forwardings can also be specified in the configuration file.

The ssh command will proceed as usual and login to your server, keep the ssh session open as long as you want to use the proxy.

Now configure your browser to use the proxy server, and it should work seamlessly.

2. Configure Google Chrome

Install the extension called Proxy SwitchySharp. It can be found at the following link.

https://chrome.google.com/webstore/detail/proxy-switchysharp/dpplabbmogkhghncfbfdeeokoefdjegm?hl=en

Open the options and create a new Proxy Profile.

1. Profile Name - anything
2. Manual Configuration
3. SOCKS Host - localhost, PORT 9999, Socks V5
4. Save

Now click the Switchy Sharp icon on the Chrome toolbar and click the profile name and the proxy would be selected.

There are many other plugins that you can try. Or you can even configure the proxy settings directly into the Chrome settings to make the changes permanent.

3. Configure Firefox and other apps

Firefox can be configured the same way like Google Chrome, using a plugin. Just find the right proxy plugin that allows you to create profiles and switch them at a single click.

Next configure any other applications that you need to use with the socks proxy.

References

https://www.mikeash.com/ssh_socks.html
http://embraceubuntu.com/2006/12/08/ssh-tunnel-socks-proxy-forwarding-secure-browsing/

About Silver Moon

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected].

3 Comments

Use your Linux server as a proxy (SSH Tunnel + SOCKS Proxy Forwarding)
  1. GNU-FTW

    Great article, thanks for sharing.
    But to the command you should add the listening address, because by default is going to listen only at the loopback address (127.0.0.1).

    In this example, I use the port 50000

    With the OP way:
    Command: ssh -D 50000 user@localhost

    Actual listening port and address

    netstat -ntpl | grep 50000
    (Not all processes could be identified, non-owned process info
    will not be shown, you would have to be root to see it all.)
    tcp 0 0 127.0.0.1:50000 0.0.0.0:* LISTEN 9838/ssh
    tcp6 0 0 ::1:50000 :::* LISTEN 9838/ssh

    With the other way
    Command: ssh -D 0.0.0.0:50000 user@localhost

    Actual listening port and address

    netstat -ntpl | grep 50000
    (Not all processes could be identified, non-owned process info
    will not be shown, you would have to be root to see it all.)
    tcp 0 0 0.0.0.0:50000 0.0.0.0:* LISTEN 9878/ssh

    1. GNU-FTW

      What I forgot to add is, if the server is only listening on the loopback address you wont be able to connect to it from another computer.

Leave a Reply

Your email address will not be published. Required fields are marked *