GUIDE: How to use a home proxy server for school/work

Hey guys, I recently found out how to do something really cool on the ##linux irc on freenode. If you have a school or office that blocks a lot of internet sites, it can be annoying. In my case, the school had blocked many programming sites I needed. Using SSH and the SOCKS protocol. you can set up a proxy server to forward your internet traffic to a remote server (a home server in my case) to unblock websites. It is easier to set up than a VPN in my opinion.

What you need for this tutorial:
-Access to a remote server that doesn't have blocked internet sites.
-A host machine, preferably linux, I do not know how you would do this on windows

OK, here are the steps, all you need to do on your host machine is install the openssh server.
On Debian based distros (Ubuntu, Linux MInt, Elementary), type sudo apt-get install openssh-server

EDIT: I completely forgot a step here, here it is. You must port forward port 22 UDP on your router, this allows incoming traffic to your public IP to be routed to your remote ssh server. If you do not know how to port forward, just search it on the internet as it is beyond the scope of this guide.

You are done with the server setup, now get onto your client machine.
Now you need to bind the server to a proxy at localhost. Open a terminal and type ssh -D 1234 [email protected]
1234 is the port, make this whatever you want, it doesn't really matter, I just use 1234 for simplicity. EDIT: just in case you are unaware, username is referring to the user you are connecting to on the remote machine. If you are unsure about how to find your user, just type echo "$USER" also, when I say serverip, I mean the public IP of the network the remote server is on, an easy way of finding this is the following command: wget http://ipinfo.io/ip -qO -

Now keep this terminal open, your internet will run through this process.

I will be using network-manager-gnome to connect to the proxy, but it should be really easy to do the equivalent on another distribution.

In the network manager go to the network proxy tab, and set method to manual. Under the Socks host section put localhost in the first input section, then the port you chose in the next (1234 in my case). then click Apply system wide and type in your root password. You should be good to go after this.

Good luck!

2 Likes

This was how I accessed youtube, facebook and reddit on the protected network at my previous office. Super nice tool.

Keep in mind that you'll need to have port 22 open on your firewall and forwareded to your computer on your router.

Oh ya, I forgot to mention that, I have always had that ported lol, adding it now (:

what if the client is windows?

You can use any SSH client that suports tunneling, like PuTTY.

and ssh into what? my server?

Yes, you tunnel the web traffic through your SSH server. The process similar to how a VPN works but you are using SSH instead.

Thanks!!

SSH is a TCP Protocol so I'm fairly certain you need to open and forward 22 TCP, not 22 UDP. (Forwarding may require TCP/UDP both, but I'm not incredibly familiar with forwarding.)

As with any SSH server you should be taking appropriate security measures. You should not be allowing root logins. You should be rate limiting with fail2ban or iptables. You should have ssh set to only certain users with AllowGroups. You should be using certificates if you can stand it, etc.

I know its kinda weird asking a question on my own guide, but do any of you know how to connect on a windows client w/ putty?