Join Scott Simpson for an in-depth discussion in this video Browsing the web through a proxy server, part of Linux Tips Weekly.
- [Instructor] In the last episode, we saw how to create a tunnel from a local port to a remote port in order to use a service running on a remote system. We can take that a step further, using a feature of the OpenSSH server software, the ability to act as a SOCKS proxy. SOCKS is short for socket secure. And it allows the SSH server to forward client traffic to the internet as though it's coming from the SSH server itself. And one of the primary uses for SOCKS is a proxy to allow web traffic to be sent and received from the proxy rather than from the client system.
This is often used by organizations to control access to web resources. And it can also be used to get around limitations in web access as well. Many people use a SOCKS proxy like a quick and easy sort of VPN too, if they're using an untrusted network, like coffee shop wifi or airplane wifi. Because using a proxy server can be a sensitive topic in some environments, I'm going to assume you're being responsible and following any rules about proxies that you might be subject to. To use a SOCKS proxy, rather than tunneling to a particular port on the remote machine, we only specify a local port for our tunnel, and we use the -D open to indicate dynamic port forwarding, and once that port is set up, we instruct our browser or our system to use it for communications, sending traffic through the encrypted tunnel to the SOCKS proxy instead of using whatever the settings for the local network are.
Then the OpenSSH software on the server handles forwarding and communicating information between the client and the web. SOCKS is a huge topic. There are more than a few server implementations, and there's all kinds of configuration and security and so on that you can setup, but in this episode, I want to just show you the basics. And I'll use a little cloud server that I have setup. Running OpenSSH server on a Ubuntu server. I'll setup a tunnel here with ssh -D and port 4321, that's the local port on my system that I'll tell my browser to connect through, then I'll give the credentials to connect to the remote server, and then I'll use the options -N and q.
- N tells SSH that I'm not going to run a command, so I don't need to have it open up a Shell window. And the q option is for quiet mode, which suppresses any kind of messages that come back from the remote system. I don't really need to see those, so I'll just ignore them. I've got my tunnel setup now. And I'll switch over to my browser to configure it to use my proxy. Some operating systems also have system level support for proxy settings, but I'm just going to proxy a browser right now. Before we do that, I'll check my external IP address. This is a quick way to tell whether our traffic comes from a different place when we use the proxy.
Alright, this is my regular IP, where traffic flows out onto the internet under normal circumstances. I'll go into the settings for my browser and search for the proxy settings, here it is on this version of Firefox. I'll choose Manual Proxy Configuration, and under SOCKS host, I'll type localhost, and tab over to the port area and use 4321. And I'll make sure to check this box down here too, which tells Firefox to send DNS queries to the proxy server as well. That's a good privacy tip, otherwise someone on the network could see what sites you're trying to get to, even if they won't be able to see what you're actually sending.
And if you're on an untrusted network, or if the network you're using is filtering DNS look ups, that can be helpful. Alright, I'll save this and close my Preferences window. I'll check my external IP address again. Alright, I'll save this, and now traffic from this browser will flow through my SOCKS proxy to the web. I'll reload that IP checking site, and sure enough, my traffic is coming from the address of my little remote server now, instead of the router from my local network. Keep in mind that proxying the connection is just one kind of protection, and your browser will still keep cookies, caches and all that stuff like normal.
In this regard, it's kind of like plugging your browser into another network with a really long cable. Just using a proxy won't keep you from being tracked, like Tor, or some of the other privacy applications and plugins will. Proxies can introduce a little bit of slowdown in your browsing too, both simply because it's an extra hop your traffic needs to take, and the proxy server is doing some computing, so if the remote system is busy or underpowered, that'll factor into the speed as well. And when you're done with the tunnel, you can close the terminal window or hit Control C to end the SSH session. And make sure you remove the settings for your proxy from the browser when you're not using it.
Because if it's still pointing to your tunnel and your tunnel doesn't exist, the browser won't be able to connect to anything. So, especially if you're in a shared environment, be a good citizen and don't leave a broken browser behind.
Note: Because this is an ongoing series, there is no certificate of completion available for this course.