Ssh – System wide SOCKS5 Proxy

arch linuxiptablesroutesocksssh-tunneling

I connect to my Server on the internet using ssh -D 3128 user@rootserver.com. If I am right I thereby open a SOCKS v5 Proxy to my Server. Using Firefox and FoxyProxy I can now add this to my proxys and tunnel my HTTP-Traffic over it. Howsoever I'd like to use this SOCKS Proxy for all my traffic. Friends told me that they've seen this by modifying your route or using iptables howsoever I can't find anything about it.

Best Answer

SOCKS5 is a protocol (i.e. in the application layer of OSI), so plain network-routing (e.g. via iptables) alone won't do. (It's probably necessary, but not sufficient.)

What you need is a proxifier. Without having tried it, tun2socks, allowing you to "socksify TCP at the network layer", looks promising (as does proxychains, without iptables but prefixing programs explicitly).

(Could socat be used here? This mentions socat for socksifying, but I'm unsure at the moment.)

Related Solutions

Ssh – SOCKS proxy without ssh command

You'll need to install and configure an actual SOCKS server on the server, such as Dante, SS5, Delegate or Srelay.

SSH Over Socks Proxy – How to Connect Without Username or Password

It sounds to me like you need a socks client, or a ssh client that understand socks. -D is for ssh to be a socks server/proxy.

You could use ssh under tsocks, or another SOCKS wrapper. Or use ssh's ProxyCommand in conjunction with socat or nc -X:

ssh -o ProxyCommand='socat - socks:B:%h:21,socksport=1080' C

To have a HTTP proxy that uses the SOCKS server to send HTTP requests, you can run a small proxy (like tinyproxy) under tsocks.

Note that not all applications play nicely with tsocks or any similar wrapper that relies on LD_PRELOAD, but tinyproxy does.

Also note that you may have issues with domain name resolution (depending on whether you want the names to be resolved on either side of the tunnel). tsocks doesn't work well for resolving names remotely. The only way it can work is when your nameserver (in /etc/resolv.conf) is reachable from the other end and you're using TCP for domain resolution (which tsocks can attempt to enforce but generally fails in my experience). socksify from dante's SOCKS client/server works better in that instance as it also wraps resolving functions and can also use a nice little trick to fake name resolution so that SOCKS by-name connections can be used.

Best Answer

Related Solutions

Ssh – SOCKS proxy without ssh command

SSH Over Socks Proxy – How to Connect Without Username or Password

Related Question