Archive for January, 2009
Quick and Simple SOCKS tunnelling with tsocks and ssh
Thursday, January 22nd, 2009 | Technology | 3 Comments
I found an awesome tool to quickly and simply set up a SOCKS tunnel from behind a firewall to an outside server. It’s called tsocks (http://tsocks.sourceforge.net/). Using this in combination with an ssh tunnel allowed me to tunnel all my traffic through our firewall and to a remote server over a secure link. It was like working (browsing, for example) directly from the remote server.
You will probably want to use this technique if:
- Your firewall is preventing you from accessing what you need to access outside your network.
- You don’t have control over the firewall to open up the ports you need.
- You DO have access to an external server via ssh.
- The ssh daemon on the remote server has been configured to allow this or you can configure it yourself. (GatewayPorts = yes)
I’ll just quickly go over the steps which will get you ready to run:
- Install tsocks.
- Configure tsocks. My configuration looks like this:
local = 192.168.0.0/255.255.0.0
server = 127.0.0.1
server_type = 4
server_port = 1080
Which means that for all local addresses, it will go directly over the LAN. However, for everything else, it will tunnel to 127.0.0.1:1080 over SOCKS version 4.
Now the only thing left is to create the SSH tunnel on a local port of 1080 (as configured in tsocks.conf) to your remote server:
bash# ssh -D 1080 <username>@<server.com>
Leave that running. It’s your link to the outside world. Now open up another terminal and do whatever you need to do. In this example, we’ll start firefox: (make sure your firefox isn’t already running so that it’s a complete restart.)
bash# source /usr/bin/tsocks on
bash# firefox
And…. that’s pretty much it.
Tsocks preload’s itself as a library and implements it’s own network operations. (connect, etc..). So it works like magic.