🔗SSH SOCKS5 proxy

Route web traffic securely without a VPN using a SOCKS tunnel with ssh:

$ ssh -D 8080 -f -C -q -N [email protected]
  • -D 8080 tells ssh to launch a SOCKS server on port 8080 locally.
  • -f Forks the process to the background.
  • -C Compresses the data before sending it.
  • -q Uses quiet mode.
  • -N Tells SSH that no command will be sent once the tunnel is up.

🔗Configure firefox

ssh-proxy

🔗curl

To use socks5 in curl try:

curl -x socks5h://localhost:8080 http://myip.country

🔗SSH tunnel / TCP forwarding

If you only need to access an open port on the remote server:

$ ssh -L 8080:localhost:1234 -Nf [email protected]

The option -L will do a local port forwarding from port 8080 (your computer) to port 1234 in localhost (the remote server), then in your browser just enter:

    http://localhost:8080

If this is a web server you will see hopefully the content, but you could also use this technique for a database, for example

$ ssh -L 3307:localhost:3306 [email protected]

This will forward port 3307 (your computer) to 3306 remotely (mysql server)

$ mysql -h localhost -P 3307

You can read/remember this as -L forward my local port XXXX to remote address (localhost/google.com/any-server.tld at port YYYY through [email protected]

🔗Manage your pfsense

If you could could ssh to a server within your infrastructure you could do then:

ssh -L 8443:192.168.1.1:443 -Nf <user>@host

Then in your browser:

https://localhost:8443

🔗Provide internet to a server behind a firewall

Enable ssh on your desktop/laptop (from where you are connecting) and then run (it will ask your local ssh password and then the remotes ssh password):

ssh -t -D 1080 localhost ssh -R 1080:localhost:1080 [email protected]

check that in the remote host has AllowTcpForwarding yes

Then you could use socks5 from the remote server:

curl --socks5-hostname 127.0.0.1:1080 http://myip.country

or

curl -x socks5h://127.0.0.1:1080 http://myip.country

Then to use it:

export http_proxy=socks5h://127.0.0.1:1080
export https_proxy=socks5h://127.0.0.1:1080

If need to install pipenv you may need privoxy

yum install privoxy

Edit the configuration file /etc/privoxy/config and add this line:

forward-socks5 / 127.0.0.1:1080 .

Start the service and then you could use:

export http_proxy=http://127.0.0.1:8118
export https_proxy=http://127.0.0.1:8118