SOCKS
proxy is a Layer 5 proxy that allow secure routing or tunneling of any type of programs or protocols. You could create a SOCKS
proxy to tunnel network traffic between your local host and a remote host and route your applications through the proxy.
You could use it to securely access the internet in a public network such as in a public WiFi
environment as the traffic between your host and the proxy server is encrypted. It could also be used to access hosts behind a private network under a NAT
or firewall just as a VPN
would.
You need to have SSH
access to a remote server and to create a SOCKS
proxy using SSH
client from Linux
or any other Unix
-based operating systems to the server at the terminal.
bind_address
option to create an SSH SOCKS
proxy at the terminal from your local machine to a remote SSH
server. $ ssh -D8080 [email protected] The authenticity of host 'remote-host (10.1.1.100)' can't be established. ECDSA key fingerprint is SHA256:wGCE8M54I94AgSatEcB9Y26CxmDjb9YtlL0HMpSiIRA. Are you sure you want to continue connecting (yes/no)? yes ##### snipped
-D [bind_address:]port Specifies a local “dynamic” application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine. Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server. Only root can forward privileged ports. Dynamic port forwardings can also be specified in the configuration file.
8080
in the example is the port that your SOCKS
proxy will listen to. You can choose any number from 1025 to 65535 if you're running the command as a normal user, as long as the port number is not currently in use.
Common options to run SOCKS
proxy in the background::
ssh -D8080 -fCqN [email protected]
-f
: Requests ssh to go to background just before command execution-C
: Requests compression of all data-q
: Quiet mode. Causes most warning and diagnostic messages to be suppressed-N
: Do not execute a remote command$ ss -natp | grep 8080 LISTEN 0 128 127.0.0.1:8080 0.0.0.0:* users:(("ssh",pid=1640,fd=6)) LISTEN 0 128 [::1]:8080 [::]:* users:(("ssh",pid=1640,fd=5))
$ curl ifconfig.me # Direct connection 95.136.221.23 $ curl -x socks5h://127.0.0.1:8080 ifconfig.me # Via socks proxy tunnel 84.139.115.17
Guide compatibility:
Operating System |
---|
Ubuntu Linux |
Debian Linux |
Red Hat Enterprise Linux |
Fedora Linux |
CentOS Linux |
openSUSE Linux |
SUSE Linux Enterprise Server |
FreeBSD |
OpenBSD |
NetBSD |
macOS |
Comment anonymously. Login not required.