Fork me on GitHub

Secure Tunnels, SOCKS Proxies and browsing the interwebs

A very quick post on how I browse and use the interwebs.


I bought a Webfaction hosting a long time ago. Since it's a managed shared server, I only need to worry about the applications I am running (more than a dozen the last time I checked) and not activities like updating the system, checking up on firewalls etc. While Webfaction allowed the use of a bouncer like ZNC, I never bothered to buy an IP address and the only way I could access my ZNC bouncer was by tunneling into my webserver and forwarding its port to my computer. Hence, every time I wished to access IRC, I had to run something along the lines of:

ssh -f -N -L 8089: -i ~/sshkey


-f would send the process to the background

-N would stop openSSH from executing anything on the server

-i is followed by my ssh private key (The random passwords are too weird to remember)

-L is used to build the tunnel and followed by local-port:hostname:remote-port

Usually, I liked to play around with the server so I skipped the -f and -N flags.


Then I bought a small Virtual Private Server and things changed. sandsmark (from KDE) was talking about the advantages of Quassel over ZNC and it sounded pretty good! Since I have complete control over the VPS as well as a dedicated IP, I now have a server running Quassel all the time and no need for an ssh tunnel. Yay!

The worst thing you could do to the Internet is block access to websites or features in certain part of the world. The VPS helped my overcome that with a tiny command:

ssh -D 8088 -i ~/sshkey

This magical little command sets up a SOCKS proxy and forwards any traffic through a secure connection. Here's a snippet of what "man ssh" has to say about dynamic port forwarding.

-D [bind_address:]port Specifies a local “dynamic” application-level port forwarding.  This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address.

Combine this with FoxyProxy for Mozilla Firefox and life is so much better! If I use my laptop on connections I cannot trust, I tunnel all my traffic through it. (A trick I learned from shadeslayer).

For a better explanation and application visit: Debian Administrator: SSH Dynamic Port Forwarding with SOCKS

Comments !