{"id":257,"date":"2007-04-23T18:49:40","date_gmt":"2007-04-23T15:49:40","guid":{"rendered":"http:\/\/www.void.gr\/kargig\/blog\/?p=257"},"modified":"2007-04-23T18:49:50","modified_gmt":"2007-04-23T15:49:50","slug":"socks5-over-ssh","status":"publish","type":"post","link":"https:\/\/www.void.gr\/kargig\/blog\/2007\/04\/23\/socks5-over-ssh\/","title":{"rendered":"socks5 over ssh"},"content":{"rendered":"

Scenario<\/strong>: A client behind a firewall that allows ssh and http outgoing traffic but blocks everything else (eg. the wireless network of cs.uoi.gr<\/a>). A non-firewalled server running sshd somewhere on planet earth.<\/p>\n

How<\/strong>:
\na) download\/install dante<\/a> on the server.
\nb) edit \/etc\/socks\/sockd.conf
\ninternal: 127.0.0.1 port = SOCKS.LISTENING.PORT
\nexternal: REAL.SERVER.IP
\nclientmethod: none
\nmethod: none
\nclient pass { from: 127.0.0.0\/8 port 1-65535 to: 0.0.0.0\/0 }
\npass { from: 127.0.0.0\/8 to: 0.0.0.0\/0 protocol: tcp udp }
\nuser.privileged: SOCKS-USER
\nuser.notprivileged: SOCKS-USER
\nuser.libwrap: SOCKS-USER
\n<\/code><\/p>\n

c) start dante<\/p>\n

d) from the client machine:
\nssh USERNAME@REAL.SERVER.IP -L:SOCKS.LISTENING.PORT:127.0.0.1:SOCKS.LISTENING.PORT<\/code>
\nmore on ssh port forwarding<\/a><\/p>\n

e) Use socks5 proxy:
\nhost 127.0.0.1
\nport SOCKS.LISTENING.PORT
\n<\/code>
\nwith your favorite program.<\/p>\n

Notes:
\nREAL.SERVER.IP = I really hope I don’t need to explain this.
\nSOCKS.LISTENING.PORT = the port that the socks server will listen. Try a non-priviledged port like 33333.
\nSOCKS-USER = the username that the socks server will run under (on gentoo this is: sockd). Don’t use root. Just don’t.<\/p>\n

Tip: You don’t need to use the same listening port for the socks server and for the local redirection port. It’s just for ease of use.<\/p>\n

Results<\/strong>: Internet access though socks5 proxy over an ssh (encrypted!) connection. The socks server is not accessible to the world since it only listens for connections on the local loopback interface of the server.<\/p>\n","protected":false},"excerpt":{"rendered":"

Scenario: A client behind a firewall that allows ssh and http outgoing traffic but blocks everything else (eg. the wireless network of cs.uoi.gr). A non-firewalled server running sshd somewhere on planet earth. How: a) download\/install dante on the server. b) edit \/etc\/socks\/sockd.conf internal: 127.0.0.1 port = SOCKS.LISTENING.PORT external: REAL.SERVER.IP clientmethod: none method: none client pass […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[6,3],"tags":[],"class_list":["post-257","post","type-post","status-publish","format-standard","hentry","category-encryption","category-linux"],"aioseo_notices":[],"views":32196,"_links":{"self":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/comments?post=257"}],"version-history":[{"count":0,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/257\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/media?parent=257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/categories?post=257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/tags?post=257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}