Can SSH into server but have trouble using tunnels as proxy
I'm trying to set up my remote ssh server so that I can tunnel web traffic through it while I'm on an unsecured network. I set up the ssh server and can successfully ssh into from a different network. However, when I try to set up a tunnel so that I can use it as a proxy it doesn't work. I was using the command
You need to have an http proxy running on the ssh server if you expect to tunnel web traffic through it.
Also you need to set up your tunnel correctly.
Let us assume that you have your proxy on your ssh server watching port 8118. In this case, you would define a port on your client machine (the one you want to browse from) that you will point your browser toward. Let us say that this port is 8008.
Your tunnel statement would look like this:
ssh -f -L 8008:localhost:8118 sshserveripaddress -N -l user@sshserver
You then would point your browser at port 8008 and it will work.
I do this fairly frequently when I am out and about with my laptop; I ssh back into my workstation in order to have secure connections from my laptop (in a coffee shop or airport that might matter). I normally run privoxy on my workstation anyway, so I just proxy through it.
What you say is correct, but the OP is wanting to use the remote sshd as a socks proxy rather than tunneling to a listening application/server.
Your command looks correct to me. (As an aside, you might wish to try the -f option like jiml8 showed, but that is not your real problem.) I believe it is the sshd on the other end that actually acts as the proxy. So it must be capable of doing this. (I believe SSH daemons that are at all recent should have this capability, but maybe there is a compile time option?) I couldn't find any config file options for this. So the only thing I know to do is use a packet sniffer (tcpdump, wireshark, etc.) to monitor packets. Check the lo interface(on tcp/9999) on the originating machine and the Internet facing interface on the remote machine to see what packets are being sent and received. And you can use netstat to make sure that ssh actually is listening on tcp/9999 on your local machine.
NOTE: I've use the-D option for socks proxy on my LAN but I have never used it to actually go out to the Internet. So there may be some subtlety I am missing. Hmmm. Such as DNS? But I have read of people doing what you are trying.
|All times are GMT -5. The time now is 01:29 AM.|