23/04/2007
socks5 over ssh
Scenario: A client behind a firewall that allows ssh and http outgoing traffic but blocks everything else (eg. the wireless network of cs.uoi.gr). A non-firewalled server running sshd somewhere on planet earth.
How:
a) download/install dante on the server.
b) edit /etc/socks/sockd.conf
internal: 127.0.0.1 port = SOCKS.LISTENING.PORT
external: REAL.SERVER.IP
clientmethod: none
method: none
client pass { from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0 }
pass { from: 127.0.0.0/8 to: 0.0.0.0/0 protocol: tcp udp }
user.privileged: SOCKS-USER
user.notprivileged: SOCKS-USER
user.libwrap: SOCKS-USER
c) start dante
d) from the client machine:
ssh USERNAME@REAL.SERVER.IP -L:SOCKS.LISTENING.PORT:127.0.0.1:SOCKS.LISTENING.PORT
more on ssh port forwarding
e) Use socks5 proxy:
host 127.0.0.1
port SOCKS.LISTENING.PORT
with your favorite program.
Notes:
REAL.SERVER.IP = I really hope I don’t need to explain this.
SOCKS.LISTENING.PORT = the port that the socks server will listen. Try a non-priviledged port like 33333.
SOCKS-USER = the username that the socks server will run under (on gentoo this is: sockd). Don’t use root. Just don’t.
Tip: You don’t need to use the same listening port for the socks server and for the local redirection port. It’s just for ease of use.
Results: Internet access though socks5 proxy over an ssh (encrypted!) connection. The socks server is not accessible to the world since it only listens for connections on the local loopback interface of the server.
Filed by kargig at 18:49 under Encryption,Linux
8 Comments | 30,297 views