(Dynamic port Forwarding)


In some situations it is really handy to have the possibility to use SSH Server like “gateway”/”proxy”.

Nice example:
You are working in a company where you cannot access to your website. It is blocked at company proxy server. As well you have another mail account at this is as well not accessible. But you have a SSH server with public IP.

Haw we can use this:
- SSH I providing the TCP port Forwarding option. In this case we would use several port forwarding session as we need to access more web sites. (This is nice but not usable for this cause)
- SSH is providing the SOCKS proxy option. SSH can listen on your local TCP port and forward the whole traffic from your browser in to SSH tunnel. (This is nice solution that you can use)

Start the SOCKS Proxy

Description: “ -D [bind_address:]port “
Example: “ ssh -D <Listening_Local_IP>:<Listening_Local_TCP_port> user@server_IP ”

To start the SOCKS Proxy is really easy. All that you need is to:
- Check what TCP port it is possible to use
- Open SSH Session to SSH Server
- Configure the application to use the correct IP and TCP port for SOCKS proxy. (For this you'll need to check your application. Application “tsocks” can help in the case that your application do not support SOCKS proxy.)

Check for available TCP port

[root@SSH_Client ~]# netstat -nap | grep 2222                                 # The TCP port 2222 is free and we can use it
[root@SSH_Client ~]#

Open SSH session for SOCKS Proxy

[root@SSH_Client ~]# ssh -D root@                  # -D [bind_address:]port
root@'s password:
Last login: Sat Jan 25 14:23:14 2014 from
[root@SSH_Server ~]#

Check the port on SSH Client site

[root@SSH_Client ~]#netstat -nap | grep 2222                                   # SOCKS Proxy is listening on SSH Client on
tcp        0      0*     LISTEN      2018/ssh
QR Code
QR Code wiki:infrastructure_tools:ssh:ssh-socks-proxy (generated for current page)