May 17 2009

SSH Tunneling for Privacy and Trickery.

If you have access to a ssh server you can easily tunnel your web browsing and newsgroup/IRC activity to make sure that your IP is never associated with that ..stuff you do. You can basically tunnel any port through the any ssh server. These methods can be used to build up complex chains that are almost impossible to track.

To tunnel your basic browsing through a ssh “proxy” use this command:

ssh -D 8080 -p 22

I used port 8080 instead of the default 80 becuase I run a webserver on my local machine and I didn’t want to mess that up.

The -D in the command specifies a local dynamic application-level port forwarding which creates a socket to listen to the specified port on the local machine. Ancy connections made to this local port are forwarded over the secure channel.

This makes it easily possible to forward all web traffic on the local system through the secure channel by setting up a simple iptables rule:
–iptables -A PREROUTING -t nat -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 8080

If you want to set up a secure ssh tunnel to connect to a specific newsgroup server you can use this command:

sudo ssh -N -p 22 -f -L 443:

The -L specifies that the given port on the local client is to be forwarded to the given host and port on the remote side. This is basically a very specific instruction that tells all traffic that is directed to localhost at port 443 (119 if you don’t like double encryption) to go to the ip address Note: I couldn’t get this to work with domains for some reason.

The -N tells ssh to not execute any remote commands. So you do not get the annoying ssh session stuff that makes you leave the terminal open.

The -f tells ssh to go into the background.