Global Network Proxy (SOCKS) over SSH : Ubuntu 7.04

By | 2007/06/20

SSH, what a wonderful tool. One of the crowning achievements of the modern world, with a hundred and one different uses. One of my favorite being that of tunnelling and proxying connections over it’s secure, encrypted goodness.

I thought I’d outline how to setup a proxy system using SSH that can be used by any application that supports SOCKS proxy. This includes Firefox, Thunderbird, Gaim/Pidgin and anything that subscribes to the Gnome “Network Proxy Preferences” found in System > Preferences > Network Proxy. note: this sets the shell environment values for: http_proxy and no_proxy.

The only two requirements you’ll need for this tutorial are an internet connection (of course) and access via ssh to a remote machine. In my case I connect from my laptop while on the road to a server available at home. This could just as easily be used between an office and home or visa versa.

Use a command similar to that below to create this SOCKS supported tunnel:

ssh -D port hostname

ie; ssh -D 8080, ssh -D 8081, ssh -D 8888 In this example I am using the 8000 range ports but you should be able to use *any* available outbound port. No need to specify other ports on the remote end like you do with traditional -L tunneling.

Once this connection is established you can set your proxy settings within the application (look for any proxy prefernces) or globally in System > Preferences > Network Proxy.

Select Manual Proxy Configuration, and enter “localhost” “port” (where port is the number used following the -D) in the SOCKS (4 or 5) field provided.

At this point you’re outgoing connections will be privately routed over said port to your remote server via ssh and then out to the outside world. Enjoy your privacy and circumventing network filters.

I need to thank Aaron for initially showing me the -D option.

8 thoughts on “Global Network Proxy (SOCKS) over SSH : Ubuntu 7.04

  1. Yorokobi

    To simplify your outbound SOCKS(4|5) connection, add the following to your ~/.ssh/config


    # SOCKS5 proxy to
    Host SOCKS
    DynamicForward 8081


    You can then use ‘ssh -fN SOCKS’ to establish your SOCKS proxy.

    Be sure to ‘chmod 0600 ~/.ssh/config’ if you create it from scratch.

  2. Jason

    OK… Time for the newbie questions:
    Does the hostname have to be an “” format, or can it be an ip address?
    Also, it surprises me that I input OUTbound ports- it seems like I would be connecting to the server’s INbound ports. But my guess would have been wrong.
    Good to see info like this… it’s some of the stuff I’ve wondered about. Being the exact opposite of an informed internet guru, I take all the info I can get!

  3. Ubuntu Tutorials

    Jason – The reason you specify the outbound port is that this is the method of getting outside many firewalls. It may be the case that the only outbound port is 80 for web, and this way you can specify what port you need to get out of.

    It’ll then simply connect over ssh to the remote side (port 22). So, basically, you’re going out 80 (or whichever specified) and in 22 on the remote end.

    …and you can use an IP if you need. Just as long as it can find the remote machine.

  4. JAVAD


Comments are closed.