Table of Contents
SSH SOCKS Proxy
(Dynamic port Forwarding)
Preface
In some situations it is really handy to have the possibility to use SSH Server like “gateway”/”proxy”.
Nice example:
You are working in a company where you cannot access to your gmail.com website. It is blocked at company proxy server. As well you have another mail account at hotmail.com this is as well not accessible. But you have a SSH server with public IP.
Haw we can use this:
- SSH I providing the TCP port Forwarding option. In this case we would use several port forwarding session as we need to access more web sites. (This is nice but not usable for this cause)
- SSH is providing the SOCKS proxy option. SSH can listen on your local TCP port and forward the whole traffic from your browser in to SSH tunnel. (This is nice solution that you can use)
Start the SOCKS Proxy
Description: “ -D [bind_address:]port “
Example: “ ssh -D <Listening_Local_IP>:<Listening_Local_TCP_port> user@server_IP ”
To start the SOCKS Proxy is really easy. All that you need is to:
- Check what TCP port it is possible to use
- Open SSH Session to SSH Server
- Configure the application to use the correct IP and TCP port for SOCKS proxy. (For this you'll need to check your application. Application “tsocks” can help in the case that your application do not support SOCKS proxy.)
Check for available TCP port
[root@SSH_Client ~]# netstat -nap | grep 2222 # The TCP port 2222 is free and we can use it [root@SSH_Client ~]#
Open SSH session for SOCKS Proxy
[root@SSH_Client ~]# ssh -D 10.0.12.110:2222 root@10.0.12.111 # -D [bind_address:]port root@10.0.12.111's password: Last login: Sat Jan 25 14:23:14 2014 from 10.0.12.110 [root@SSH_Server ~]#
Check the port on SSH Client site
[root@SSH_Client ~]#netstat -nap | grep 2222 # SOCKS Proxy is listening on SSH Client on 10.0.12.110:2222 tcp 0 0 10.0.12.110:2222 0.0.0.0:* LISTEN 2018/ssh