SSH SOCKS5 proxy

Route web traffic securely without a VPN using a SOCKS tunnel with ssh:

$ ssh -D 8080 -f -C -q -N [email protected]
  • -D 8080 tells ssh to launch a SOCKS server on port 8080 locally.
  • -f Forks the process to the background.
  • -C Compresses the data before sending it.
  • -q Uses quiet mode.
  • -N Tells SSH that no command will be sent once the tunnel is up.

Configure firefox



To use socks5 in curl try:

curl -x socks5h://localhost:8080

SSH tunnel / TCP forwarding

If you only need to access an open port on the remote server:

$ ssh -L 8080:localhost:1234 -Nf [email protected]

The option -L will do a local port forwarding from port 8080 (your computer) to port 1234 in localhost (the remote server), then in your browser just enter:


If this is a web server you will see hopefully the content, but you could also use this technique for a database, for example

$ ssh -L 3307:localhost:3306 [email protected]

This will forward port 3307 (your computer) to 3306 remotely (mysql server)

$ mysql -h localhost -P 3307

You can read/remember this as -L forward my local port XXXX to remote address (localhost/ at port YYYY through [email protected]

Manage your pfsense

If you could could ssh to a server within your infrastructure you could do then:

ssh -L 8443: -Nf <user>@host

Then in your browser:


Provide internet to a server behind a firewall

Enable ssh on your desktop/laptop (from where you are connecting) and then:

ssh -t -D 1080 localhost ssh -R 1080:localhost:1080 [email protected]

Then you could use socks5 from the remote server:

curl --socks5-hostname


curl -x socks5h://

Then to use it:

export http_proxy=socks5h://
export https_proxy=socks5h://

If need to install pipenv you may need privoxy

yum install privoxy

Edit the configuration file /etc/privoxy/config and add this line:

forward-socks5 / .

Start the service and then you could use:

export http_proxy=
export https_proxy=