
Use SSH to proxy web traffic
November 28, 2022
As discusse in a previous post, I use nebula to create a VPN connection between the various machines I use. Usually what I really care about this setup is the ability of consuming services those machine expose on my nebula network.
When I travel, I prefer to proxy my data through my nebula network. This allows me to not have to care about the limitations imposed in those networks, as long as I’m able to open my tunnel. The second advantage I have, is that I can choose the location where my traffic leaves my VPN, since I have multiple machines in multiple nations. Another advantage is that I can be sure that no data is visibile by the network manager, even if this is becoming less and less relevant, since the majority of the traffic is encrypted nowadays.
Nebula can be configured to be used as a full VPN, but the configuration is more complex than what I think it’s sensible. I also know there are very fancy ways of doing this, but I tend to be lazy and I really like to use the tools I already have, since I have already spent time to configure them in a way that is aligned to my needs, and if I add a new tool I’ll have to spend time on it.
The solution I use to do this is leveraging sshd
, which I already have on all machines.
On my machine I simply run:
ssh -D PORT HOST
Where:
-D PORT
is the local port the to bind the SOCKS. ThePORT
string should be replaced with a port number.HOST
is the name of the system I want to use as proxy.
Although I usually don’t use them, there are other flags that can be used such as
-N
to disable command prompt on the remote host, so it will only bind the SOCKS port.-f
this will put the command in the background, so it will not keep your terminal busy.
The final command to have it the less intrusive way possible woule therefore be:
ssh -NfD PORT HOST
Once the connection is up, it’s enough to go to the browser’s settings page and set the proxy with the following details:
- SOCKS proxy:
127.0.0.1
which is your local machine. - Port:
PORT
which is the same port that you set in the previously run command. - Proxy DNS when using SOCKS v5: This is not mandatory, but I prefer to use it, since this allows me to use a DNS setup that behaves as I expect.
The best option would be for nebula to be smarter about this and be able to manage ths use case in an immidiate way, but for now this is the simplest solution I’ve found.
Although I do it via my VPN solution, this is not required. The only required part is that you have SSH access to a machine. I hope this small tricks can help you the next time you travel.