SSH tunneling for web surfing
Tags: freebsd, howtos
If you cannot trust your local network for some reason, SSH tunneling can help you. All you need is:
- A machine outside your current local network, for example a server with a static IP address in some data centre.
- ssh (on your local machine)
- A proxy server (on the remote machine)
My remote machine runs Debian, and I decided to install tinyproxy, a tiny HTTP proxy server. Configuration is done quickly by adding the following lines to /etc/tinyproxy/tinyproxy.conf:
Port 8888
Listen 127.0.0.1
I would recommend commenting out any other Listen lines. Assuming you do not want to run an open proxy, you only want tinyproxy to listen locally. After editing the configuration file, restart the proxy via /etc/init.d/tinyproxy restart.
On your local machine, execute the following command:
ssh user@server.example.net -L 1234:localhost:8888 -N
This forwards all traffic from your local port 1234 to the remote machine’s port 8888 (localhost is needed because we configured the server to listen only to the loopback interface), which is where tinyproxy waits for inputs.
You may now tell your cool browser to use localhost:1234 as a proxy server—congratulations, your web traffic is now securely tunnelled to your remote machine.
Addendum: In the command string from above, you can also use -f to request ssh to go into the background.