SSH Tunneling Tutorial: A guide by Stickyboot
Because sometimes you need to rout traffic through servers
Opening, and subsequently routing data through an SSH tunnel is a very useful trick to know about. I like to think of a tunnel like this: When you open a tunnel, and direct programs to connect to the internet through the tunnel, it’s as if that program is talking to the internet at the point where your server connects to the internet. All your ISP/Network provider will see is encrypted traffic to and from your server with respect to the programs you configure to connect through that tunnel.
There are a number of uses for this:
- Logging into websites using a servers IP address (Good for registering server IP address with sites like this)
- Getting around network level internet filtering (you naughty high school students you!)
- Preventing exposure of certain IP’s and domain names while using untrustworthy networks
- Getting around region based filtering (IE watch your Netflix off your US based server while overseas/out of country)
This tutorial assumes you have SSH access to a server. This is most likely through your VPS that you rent from a community member here, a seedbox, a website you pay for hosting on, a free terminal access server etc. Always be aware of the restrictions and rules the server operators have on the server you intend to use. Also adhere to the community guidelines when it comes to connecting to private site such as this (meaning, make sure you trust the connection you are on, and the connection the server is on, as in don’t connect to private places through public servers).
Windows
Download PuTTY from the official website. Put it where you put your program files (Like C:\Program Files (x86)\PuTTY). Also make a start menu shortcut for convenience.
Step 2: Configure and save a sessionWe now need to set up a session in putty and save it for future convince. A session is basically like a configuration profile that lets you quickly recall settings for connecting to different servers.
2.1 Launch PuTTY. You will see the following screen. Start by entering the server IP or domain name into the Host Name box. Also use the correct port, but 22 usually works by default.
2.2 Next, go to the Connection->Data tab in the sidebar. Enter the user name of the account you plan on connecting with. This is purely for convenience. If you do not do this, you will be prompted for a user name when connecting to the server. If you are paranoid about someone finding out your user name you might want to leave this blank.
2.3 Now define a local port to allow programs to tunnel through. Go to the Connection->SHH->Tunnels section in the sidebar. Add an unused local port, choose dynamic, and leave it on auto then press add. I use port 7777, but any unused port will work.
2.4 You should now see the port number followed by a D (for dynamic) in your forwarded ports list.
2.5 We are all done. We now need to save the session. Go back to the sessions section, type in a name for the session and press save. To reload a session in the future, select it from this list and press load. I like to indicate any tunneling settings into the session name so I would have probably called this session “testsession -7777D” to let me know that this session opens a dynamic tunnel on port 7777.
2.6 The sessions list should look something like this now:
Step 3: Open your tunnel
Now press open in PuTTY after you did step 2, or loaded a session. Log in as normal, and leave the terminal session window open in the background. Your tunnel will remain open as long as your PuTTY session is open (so, as long as your window is open).
Step 4: Route traffic through the tunnel
The tunnel is open, but you have to rout traffic through the tunnel for it to do anything useful. A common use of a tunnel is to run your browser through your tunnel so you can register the servers IP at websites by logging into them through a browser running through your server. The following steps explain how to rout Firefox through the tunnel.
4.1 Launch Firefox. Open options. Go to the Advanced tab, then the network subtab and open the connections settings window.
4.2 Set to “Manual proxy configuration”. Enter “localhost” into the SOCKS Host box, and set the port to whatever port you used for your SSH tunnel. In this case, I used port 7777. Press okay and close preferences. When you want to close the tunnel, you will have to set this back to no proxy since your browser will not work in this mode without the tunnel running in the background.
4.3 This step is required if you want to run absolutely all your traffic through your tunnel. I guess by defualt, firefox does not rout DNS lookups through the proxy settings, but this makes sure it does. This step is required if you want to hide your traffic from the network you access the internet on to the point of your server. If you just want to register your servers IP on a website, you do not need perform this step.
imantor said:
Configure Firefox to use the Tunnel also for DNS:
To prevent Firefox from doing NS lookups enter about:config in the URL text field and double click on the network.proxy.socks_remote_dns to set it to true.
You are now routing all of Firefox’s traffic through your SSH tunnel. Congrats! You can use this in a number of other applications, but its the same process so go at it! Just don’t piss off your server admin by running all of your torrent traffic through their connection.
