SSH tunneling for web surfing
Tags: freebsd, howtos
If you cannot trust your local network for some reason, SSH tunneling can help you. All you need is:
- A machine outside your current local network, for example a server with a static IP address in some data centre.
- ssh (on your local machine)
- A proxy server (on the remote machine)
My remote machine runs Debian, and I decided to install
tinyproxy, a tiny HTTP proxy server. Configuration is done quickly by adding the following lines to
Port 8888 Listen 127.0.0.1
I would recommend commenting out any other
Listen lines. Assuming you do not want to run an open proxy, you only want
tinyproxy to listen locally. After editing the configuration file, restart the proxy via
On your local machine, execute the following command:
ssh email@example.com -L 1234:localhost:8888 -N
This forwards all traffic from your local port 1234 to the remote machine's port 8888 (
localhost is needed because we configured the server to listen only to the loopback interface), which is where
tinyproxy waits for inputs.
You may now tell your cool browser to use
localhost:1234 as a proxy server—congratulations, your web traffic is now securely tunnelled to your remote machine.
Addendum: In the command string from above, you can also use
-f to request ssh to go into the background.