SOCKS proxy with SSH

Sun 09 March 2008

Do you want to connect to irc network you realize that the ports are blocked. Using ssh -X you can forward programs on your computer but if you have a slow connection it doesn't work very well. It is possible to use -D option to create a SOCKS proxy:

    -D [bind_address:]port

    Specifies a local ``dynamic'' application-level port forwarding.
    This works by allocating a socket to listen to port on the local
    side, optionally bound to the specified bind_address.  Whenever a
    connection is made to this port, the connection is forwarded over
    the secure channel, and the application protocol is then used to
    determine where to connect to from the remote machine.  Currently
    the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
    as a SOCKS server.  Only root can forward privileged ports.  Dy-
    namic port forwardings can also be specified in the configuration
    file.

So the magic command is (you need a ssh account on remote server):

$ssh -D 10000 user@ssh-server

this will create a SOCKS proxy on port “10000″ of your computer. This is a nice tunnel to the server. Now, all you need to do is to set in xchat to use a SOCKS proxy. The proxy is, “localhost”, with the port 10000. That's all, the xchat works and you can spend a lot of time on irc.

Also you can use this kind of tunnel for safe browsing. You have to set your preferences in Firefox to use a SOCKS proxy. When you browse, all the connections you make to websites will seem to originate from the server to which you SSH-ed. In addition, all outgoing and incoming data for the browsing session will be encrypted since it passes through the SSH connection. I am using the SOCKS proxy when I need access to websites and I don't have access from home (for example if I need scientific papers), so I open a ssh-tunnel to university and then I can access them.

There are also applications (email clients) which may also support SOCKS proxy.