To do what you are wanting, I recommend sshuttle.
You use it like this:
./sshuttle -r username@sshserver 0.0.0.0/0 -vv
It will tunnel all your TCP traffic automatically for you. You can add the --dns
argument to have it tunnel your DNS traffic as well. The remote server only needs to have Python installed.
If you only want to tunnel specific programs I would recommend proxychains.
Once it is installed, start your ssh socks proxy like this:
ssh -fNTD 127.0.0.1:<local port> username@sshserver
This will start a "SOCKS" proxy listening on <local port>.
Then edit /etc/proxychains.conf to point to the same port as <local port>:
socks5 127.0.0.1 <localport>
Finally start your program that you want proxy-ed like so:
proxychains <program name>
It should just work. However, a few programs will have trouble working with Proxy Chains. Also keep in mind, that with Firefox, you have to change additional items under about:config to force it to do DNS lookups through the proxy instead of bypassing it.
As an additional note, on web browsers. If they support socks proxies, you don't need to do anything additional to get them to use the above mentioned, ssh tunnel, just enter 127.0.0.1 for the SOCKS proxy server and the <local port> for the proxy port.
EDIT 3/29/16
Since this post is still seeing some upvotes, I thought I'd update it. Proxychains is still in most Linux repos and still works on Linux. However, the project is effectively abandoned and does not work on OSX. For either Linux or OSX, I highly recommend upgrading to a still-maintained fork: proxychains-ng: https://github.com/rofl0r/proxychains-ng
Besides working in both Linux and OSX, it is easy to compile, and also has much better support for DNS tunneling.
I should also mention another option, which is redsocks. It works similarly to proxychains(-ng) and is also likely in your dist repo: https://github.com/darkk/redsocks
EDIT 11/27/19
If you go the proxychains route, please use proxychains-ng. There are some serious bug fixes over the legacy version, like: https://github.com/rofl0r/proxychains-ng/issues/292
I expect this is not going to be simple, if possible.
When you have a proxy server, either running on the machine itself, or on a device on the network, the client apps (e.g. whatever is going out to the inet) needs to direct its traffic to the proxy server (not just directly to the relevant network interface). This is configured either in the client app settings or at the OS level. However, when you set up a proxy at the OS level, as you show in your screen shot, that is probably set for the user session, and may not affect daemons (not sure).
The hotspot is probably running at a daemon level, and may not respect that proxy setting.
It might make sense to think of the problem differently. E.g. perhaps run ethereal or other packet sniffer, and look at the traffic hitting the ethernet port (which would include traffic to/from the OSX-based hotspot). (A packet sniffer is lower level than Charles, but that may be the price of getting lower level access to traffic.)
Best Answer
You've a few options to try before spending on a DD-WRT router.