Paranoia, Security or Privacy Issues; All are reasons why I tunnel my web traffic though a SSH Tunnel via a remote machine. In most cases I do this because I do not trust the network I’m on and don’t want to send unencrypted traffic through it. In some cases firewalls or local network DNS prevent me from connecting to services I want.
I will be explaining how I make this possible with a few simple steps.
Requirements: Remote SSH Servers (trusted) and a local SSH Client on the computer being used.
Hints: Install Open SSH to the local machine or use Putty
For your reference: Client (is the machine you are using), Server ( is the remote machine)
Establishing the SSH connection.
In most cases the client computer will have many unused ports which can be used as your proxy port. Normal proxy client configurations use ports such as 8000, 8080.
There is no set requirement to use those ports.
I typically used my tunnels for more than just Firefox so I issue the following commands when connecting to my server: ssh –D localhost:8080 user@remote-server-address
Tip:
In putty: Enter the PuTTY Configuration and go down to SSH > Tunnels – define and source port number and then choose the dynamic and click [add]. You will see D<the port number chosen> in the foweard ports field
The –D used above is for dynamic as I am not setting up just a single tunnel, but want to allow more than one connection. And now you have a tunnel, so what next?
Configuring Firefox to use the Tunnel
In a previous post I informed you on how to set Firefox to tunnel its DNS request over a socks proxy. Keep in mind; this is done so that all DNS looks are done by the remote server doing the tunneling. So it’s important that the remote server can perform lookups
In Firefox, find your way to the Preferences and Settings to configure how Firefox connects to the internet. Select manual proxy configuration and enter in the name ‘localhost’ or 127.0.0.1 in the SOCKS host test field, you will also need to use the port configured during the establishment of the tunnel to the remote server. Click Apply and OK to exit from this area and at this point (if you configured Firefox to also tunnel its DNS) all your traffic will be encrypted and sent over your SSH Server.
Closing tip: You can also do this with many other programs, so give it a try and enjoy your paranoia, privacy and security.