SSH, Proxies (Proxy’s?), Tor and Web Browsing

For quite some time I’ve been making use of a dd-wrt modified linksys box on my home network as an openvpn endpoint so that when I’m out and about in the world, I connect the vpn, switch firefox to route through a squid proxy server on the home network and I’ve got a nice fairly secure web browsing setup. But, as they say there’s more than one way to skin a cat. And, that’s what I’ve played around with the last couple days. First off, I guess I should describe the concept. 1) Let’s say that you’re browsing the web at an open wireless access point and you don’t trust the network or 2) let’s say you need to be able to access an intranet web server that is not accessible from the internet side of a network or scenario 3) let’s say a web site is blocking access based on ip address (for instance say you’re behind the great firewall of xyz business/company)…. how can you still manage to access the web pages you want to 3,2) at all or 1) securely with as little snooping as possible.

All in all, this will make it possible to look as though you’re browsing the web from a different location than you really are and is also one way how to get around blocked websites. Now, it’s up to you to accept the responsibility for your actions if you use this to get around blocked sites

There are several ways you can do this. The first IS via openvpn and a web proxy like squid, but that’s a fair amount of setup for you on your home network to maintain browsing from outside – besides what if you’re home connection is down and you want a quick plan b?

Here’s one approach….

SSH – secure shell to the rescue…. from a console window make a secure connection to a secure shell server you have access to, with dynamic port forwarding enabled.

ssh -D 1080

go ahead and authenticate and then in your firefox settings, instruct firefox to browse through a SOCKS 5 server at localhost port 1080. (frankly, you could probably pick any higher port number if you like.)

(BTW if you want to get fancier with ssh you can pass any of the following:
-q :- be quiet – don’t output more information than necessary.
-T :- Do not allocate a pseudo tty – i.e. no login shell.
-f :- move the ssh process to background, as we don’t want to interact with this ssh session directly.
-N :- Do not execute remote command.
-n :- redirect standard input to /dev/null.

In addition on a slow line you can gain performance by enabling compression with the -C option.

I like to pull up my ip check page to verify which public internet address I’m browsing from. SO, now it’s as if you’re browsing the internet from your ssh server machine.

Now, if you needed to access an intranet page within the network that your secure shell server is hosted, you should be able to. It should behave actually just as though you were on the destination lan for everything within the web browser. If you wanted to get really fancy, you could probably set it as a system wide proxy and not have to manually configure your applications to tunnel through it.

It should be noted that your web traffic will only be encrypted between you and the remote ssh server. After that it leaves the pipe and will only be encrypted if you’re visiting encrypted sites.

Now, for reasons of very restrictive firewalls it might be nice if you knew of a ssh server listening on port 443 so that it would bypass even the most draconian restrictions. (BTW, that’s how I’ve previously setup openvpn connections – ports 53 udp or 80/443 tcp are good candidates – 53 udp because it’s dns and shouldn’t be blocked if they expect domain lookups to work, however… it’s typically unencrypted and might look suspicious – besides they may do internal dns so it’s not my first choice. Port 80 is a good candidate because if they allow outside world web access then you should be able to pass data, still port 80 is typically unencrypted and it might look a bit suspect. My preference then is port 443. It’s necessary for https: sites and is expected to be encrypted, so it makes a nice openvpn (or ssh) alternate port.

It’s also possible to tunnel your web traffic through something called tor to enhance your privacy on the internet and essentially make it appear as though you’re browsing the web from a location where you aren’t physically. So, if a forum is only allowing connections from ip address in Poland and you really want to connect you can configure tor to only use endpoints that are in Poland and all your web browsing bits will ping pong through several machines in an encrypted tunnel until they exit a machine in Poland and connect to the forum your trying to connect to. To use tor, you need to also install a proxy server like privoxy.

By the way, tor can be a slow network – they are typically fairly oversaturated, but there are some ways to get a faster link going by tweaking your torrc file. I should point out that it’s somewhat abusive of the tor network resources to try to suck down giant bittorrents through tor….

I should also mention that there is a great firefox plugin for managing your proxy settings. (It got to be a pain manually switching them, so you might look at foxyproxy. It let’s you configure multiple proxys and switch between them for all traffic, OR more interestingly using text matching it could allow you to use a proxy only for certain sites.

Also – Set your proxy server to resolve DNS requests instead of your computer; in Firefox’s about:config area, set network.proxy.socks_remote_dns = true.

(From what I see that is the default – either that or I’ve already been there and done that.)

Other links that may be interesting are :a site to check if you are using tor and an ip locator.

And if you’re command-line phobic on linux you might take a look at gnomes ssh tunnel manager (GSTM I think in packages.) Really whether you are comfortable at the command line or not, this looks like a neat, quick interface.

Related Posts

Blog Traffic Exchange Related Posts Blog Traffic Exchange Related Websites
  • How to Use Blog Networks to Promote Your Corporate Blog One of the biggest problems facing corporate bloggers is finding an audience. If you’re using your blog as a way to promote your company’s products, it is vital to quickly build up a strong readership. This is not an easy task, and even though paid promotion can be helpful, there......
  • Effective Ways to Get Traffic to Affiliate Sites Traffic is one of the most difficult things to get as an affiliate. How do you get it without wasting your money and how do you get traffic that actually converts into sales or leads? One thing is absolutely clear to any affiliate who gets started promoting products: it’s virtually......
  • Content Network Vs. Google AdWords Search Network There are two choices in benefitting from the use of Google AdWords. You are able to choose to post your ads on Google’s search results pages or the search network, or you are able to opt to have your ads posted on sites associated to your company or the content......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

No Responses to “SSH, Proxies (Proxy’s?), Tor and Web Browsing”

  1. Long Distance Router Says:

    Long Distance Router…

    Dlink and Linksys are really facing off to see who can get the longest distance routers lately its funyn how far they will go…

  2. outdoor wireless security camera information Says:

    outdoor wireless security camera information…

    I want to set up an outdoor video surveillance and need to know what I need….

  3. boost Alexa traffic Says:

    boost Alexa traffic…

    You provide an insightfull look at what online marketing should be. This will be of incredible value to any newbie and to those that have somehow lost track of where or how to approach their promotional tactics. Great article….

  4. seo Says:


    When creating your site copy, just write naturally, explaining whatever information you’re discussing. The key is to make it relevant, and to have it make sense to the reader. Even if you trick the search engines into thinking your page is great — when…

Switch to our mobile site