Ssh tunnel - SOCKS proxy

From Ever changing code

Dynamic port forwarding

Tunnelling over our Internet link it sounds already exiting, isn't it?. But how difficult is it? Do we need any complex and sophisticated configuration of hardware and software? Hmm.. it is not necessary even to involve ipsec or ssl stack to create VPN. SOCKS is built in to OpenSSH so it's trivial to run SOCKS proxy server with ssh client running with option -D. This option configures SSH client to listen on your local Linux box on specified by us tcp port. Then we will use SOCKS5 proxy configuration built into most of Internet browsers to connect to.


First, SSh to your localhost server with -D {port_number}option. It creates ssh tunnel listening on your local host TCP port_number

ssh -D 1080
-N will disable remote shell, Ctrl+C to kill the connection

The above command sets up a SOCKS proxy server supporting SOCKS4 and SOCKS5 protocols leveraging dynamic application-level port forwarding through the ssh tunnel.

Options explained
  • ssh -D [bind_address:]port specifies a local dynamic application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.


Open Firefox > Options > Advanced > Network tab > Connection Settings... > Manual procy configuration > SOCKS Host: localhost Port: 1080 > OK


Since now on you are using geo locations, what you can check at . It works with Amazon EC2 instances.


Open Chrome from a terminal passing following arguments

chromium-browser --proxy-server="socks5://"