socks5 over ssh

23/04/2007

Scenario: A client behind a firewall that allows ssh and http outgoing traffic but blocks everything else (eg. the wireless network of cs.uoi.gr). A non-firewalled server running sshd somewhere on planet earth.

How:
a) download/install dante on the server.
b) edit /etc/socks/sockd.conf
internal: 127.0.0.1 port = SOCKS.LISTENING.PORT external: REAL.SERVER.IP clientmethod: none method: none client pass { from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0 } pass { from: 127.0.0.0/8 to: 0.0.0.0/0 protocol: tcp udp } user.privileged: SOCKS-USER user.notprivileged: SOCKS-USER user.libwrap: SOCKS-USER

c) start dante

d) from the client machine:
ssh USERNAME@REAL.SERVER.IP -L:SOCKS.LISTENING.PORT:127.0.0.1:SOCKS.LISTENING.PORT
more on ssh port forwarding

e) Use socks5 proxy:
host 127.0.0.1 port SOCKS.LISTENING.PORT
with your favorite program.

Notes:
REAL.SERVER.IP = I really hope I don’t need to explain this.
SOCKS.LISTENING.PORT = the port that the socks server will listen. Try a non-priviledged port like 33333.
SOCKS-USER = the username that the socks server will run under (on gentoo this is: sockd). Don’t use root. Just don’t.

Tip: You don’t need to use the same listening port for the socks server and for the local redirection port. It’s just for ease of use.

Results: Internet access though socks5 proxy over an ssh (encrypted!) connection. The socks server is not accessible to the world since it only listens for connections on the local loopback interface of the server.

Filed by kargig at 18:49 under Encryption, Linux
6 Comments | 1,205 views

6 Responses to “socks5 over ssh”

Steven

July 6th, 2007 | 18:40
Using Firefox 2.0.0.4 on Windows NT

Thank you sir

After a server reboot I suddenly lost my socks server and had no idea why (apparently an emerge dante-sockd killed my config). This was just what I needed.
man of the world

May 29th, 2008 | 03:31
Using Opera 9.27 on Linux

A non-firewalled server running sshd somewhere on planet earth …. and other dante server?, thanks
site admin

May 29th, 2008 | 10:06
Using Firefox 2.0.0.14 on Linux

You need to create a tunnel between you and a non-firewalled ssh server that does not filter your traffic.
That means that you must have an account and/or control a server somewhere that does not filter traffic so the tunneled data from you to the world through the ssh tunnel don’t get filtered at the end of the tunnel.
chrischan

June 14th, 2008 | 02:39
Using Firefox 2.0.0.14 on Fedora Linux

Hey,

what do I have to insert in my Firefox settings?

I used the above ones, but I don’t get any connection with miy FF
site admin

June 21st, 2008 | 11:58
Using Firefox 3.0 on Gentoo Linux

Firefox needs a http proxy server. I don’t know whether it can work with socks. Never tested it. If it doesn’t work just set up a squid server on the machine you run the sshd server and point firefox to use the port of the squid server.
Konrad

March 4th, 2009 | 12:07
Using Firefox 3.0.6 on Windows XP

I’m wondering what would be the advantage using Dante to OpenSSH server. The only thing I can think of is more control over the remote server.