SSH SOCKS5 proxy

Route web traffic securely without a VPN using a SOCKS tunnel with ssh:

$ ssh -D 8080 -f -C -q -N [email protected]
  • -D 8080 tells ssh to launch a SOCKS server on port 8080 locally.
  • -f Forks the process to the background.
  • -C Compresses the data before sending it.
  • -q Uses quiet mode.
  • -N Tells SSH that no command will be sent once the tunnel is up.

Configure firefox



To use socks5 in curl try:

curl -x socks5h://localhost:8080

SSH tunnel / TCP forwarding

If you only need to access an open port on the remote server:

$ ssh -L 8080:localhost:1234 -Nf [email protected]

The option -L will do a local port forwarding from port 8080 (your computer) to port 1234 in localhost (the remote server), then in your browser just enter:


If this is a web server you will see hopefully the content, but you could also use this technique for a database, for example

$ ssh -L 3307:localhost:3306 [email protected]

This will forward port 3307 (your computer) to 3306 remotely (mysql server)

$ mysql -h localhost -P 3307

You can read/remember this as -L forward my local port XXXX to remote address (localhost/ at port YYYY through [email protected]

Manage your pfsense

If you could could ssh to a server within your infrastructure you could do then:

ssh -L 8443: -Nf <user>@host

Then in your browser: