affordableCebu
Home » Questions » Computers [ Ask a new question ]

How can I tunnel all of my network traffic through SSH?

How can I tunnel all of my network traffic through SSH?

Whenever I'm using the internet from an insecure location (such as public wifi) I like to use an ssh tunnel (ssh -D port host) to ensure my traffic can't be sniffed. Unfortunately, there seem to be many applications which do not provide a way to specify a proxy (Flash is one major example).

Asked by: Guest | Views: 380
Total answers/comments: 4
bert [Entry]

"To do what you are wanting, I recommend sshuttle.

You use it like this:

./sshuttle -r username@sshserver 0.0.0.0/0 -vv

It will tunnel all your TCP traffic automatically for you. You can add the --dns argument to have it tunnel your DNS traffic as well. The remote server only needs to have Python installed.

If you only want to tunnel specific programs I would recommend proxychains.

Once it is installed, start your ssh socks proxy like this:

ssh -fNTD 127.0.0.1:<local port> username@sshserver

This will start a ""SOCKS"" proxy listening on <local port>.

Then edit /etc/proxychains.conf to point to the same port as <local port>:

socks5 127.0.0.1 <localport>

Finally start your program that you want proxy-ed like so:

proxychains <program name>

It should just work. However, a few programs will have trouble working with Proxy Chains. Also keep in mind, that with Firefox, you have to change additional items under about:config to force it to do DNS lookups through the proxy instead of bypassing it.

As an additional note, on web browsers. If they support socks proxies, you don't need to do anything additional to get them to use the above mentioned, ssh tunnel, just enter 127.0.0.1 for the SOCKS proxy server and the <local port> for the proxy port.

EDIT 3/29/16

Since this post is still seeing some upvotes, I thought I'd update it. Proxychains is still in most Linux repos and still works on Linux. However, the project is effectively abandoned and does not work on OSX. For either Linux or OSX, I highly recommend upgrading to a still-maintained fork: proxychains-ng: github.com/rofl0r/proxychains-ng

Besides working in both Linux and OSX, it is easy to compile, and also has much better support for DNS tunneling.

I should also mention another option, which is redsocks. It works similarly to proxychains(-ng) and is also likely in your dist repo: github.com/darkk/redsocks

EDIT 11/27/19 If you go the proxychains route, please use proxychains-ng. There are some serious bug fixes over the legacy version, like: github.com/rofl0r/proxychains-ng/issues/292"
bert [Entry]

Look for the "Tunnel" option in ssh. This creates a tunnel device that you can assign an IP address to, and then you change the default route to use that tunnel.
bert [Entry]

"Just wanted to clear up that (ssh -D port host) is not a 100% secure way for traffic not to be sniffed. Adding (ssh -D -c blowfish port host) would be a better choice because you are atleast adding encryption to your session. There are more options you could add but it is easy enough to just type ""man ssh"" in your terminal or Google for a complete listing.

The option I think that you are looking for is setting up a VPN (Virtual Private Network)

Have a look at this article to get an understanding of the diffrence between the two (SSH vs. VPN) or a good summarized version, before you tackle setting up your own VPN. If you do decide to go the VPN route I recommend OpenVPN, its free and lots of documentation and support."
bert [Entry]

"Use these examples:

Forward port 80 from a remote host to 8888 on your localhost

ssh -fnN -L8888:localhost:80 user@server

Use this to access services on a remote host that are only available there
Forward port 80 from yourlocalhost to 8888 on a remote host

ssh -fnN -R8888:localhost:80 user@server

Use this to allow ther users to access your services: webserver, or whatever.

Cheers! :)"