Using ssh -D in Leopard (well really any OS with openssh)

Scenario: You are VPN'd into your company and you wish to browse the web without any traffic traversing your corporation's network. If you company has split-tunneling configured on their vpn, chances are that traffic destined towards the internet will not touch the corporate network. One downside to split tunneling is that in Leopard your /etc/resolv.conf is replaced with your company's DNS servers. What does this mean? Although http/https traffic to the public internet never touches your company's equipment, they can still log dns queries. How do you keep your typical vpn connectivity EXCEPT for web traffic? simple, ssh -D and socks.

  1. Open terminal and type in the following: ssh -D 2001 <username>@<remote host>
  2. This will open port 2001 on your local interface (127.0.01)
  3. Open firefox in the address bar type: about:config <enter>
  4. In the filter bar type "proxy"
  5. You should now see a few rows, set the following values:
  • network.proxy.socks = 127.0.0.1
  • network.proxy.socks_port = 2001
  • network.proxy.socks_remote_dns = true
  • network.proxy.socks_version = 5

This tells firefox that all requests that it makes (including DNS) should go to 127.0.0.1:2001 which is actually a tunnel back to the remote host you specified. This is a clientside configuration, meaning that only firefox will be effected, you should be able to still ssh to remote hosts on your company's network, as well as RDC. Caveat: Any browsing to intranet sites will be broken, since external dns is being used. Fix: Use safari or other browser to view intranet sites. **And of course, don't trust me.... open tcpdump on your local machine and on the remote and see where traffic generated via firefox goes**

Tagged as proxy , ssh tunneling
Written by Andrew Konkol on November 5th, 2008

0 Comments

Log in with Twitter, Google, Facebook, LinkedIn to leave a comment.