Access web pages through your home network via SSH

Sometimes it's hard to google for the problem your trying to solve because you're using the wrong terminology.

I was searching for "port forward web page ssh" and "tunnel to home router via ssh" when what I should have been searching for something like "bypass work proxy to watch dirty videos and play shady games online with ssh".

Searching for the latter definitely popped up with more relevant tutorials on the first try.

But sometimes, just sometimes, the reason a person needs to use their own proxy / tunneling is entirely honest...

TL;DR

Set it up

ssh -N -D <local iface>:port> <user>@<home server>

ssh -N -D localhost:6789 pi@raspberrypi.coolaj86.com

Test it

curl https://coolaj86.com/services/whatsmyip
curl http://checkip.dyndns.com/

curl --socks5 localhost:9999 https://coolaj86.com/services/whatsmyip
curl --socks5 localhost:9999 http://checkip.dyndns.com/

Use it

Then use Firefox (not Chrome) and set the SSH dynamic port forwarding as an https proxy.

Firefox -> Preferences
Advanced -> Network
Connection -> Settings

Manual proxy configuration:

SOCKS Host: localhost
Port: 9999
SOCKS v5

ProTips™

If you need Dynamic DNS, consider https://freedns.afraid.org.

You can use Dynamic DNS to give your home server a subdomain on a shared domain such as <pick a name>.mooo.com or aj.homenet.org.

Problem:

I need to access network resources, as if I were in my home

I'm sitting at Dev Mountain helping some students on a project and I need to be able to set up a VPN server on my Raspberry Pi.

To do that I need to configure my home router - which would be easy to do if I had a VPN server on my RPi... doh!

SSH to the rescue!

Solution:

I already have SSH access to my raspberry pi which, wouldn't you know, you happen to have HTTPS access to right now - assuming that at the time you're reading this my blog is still hosted from the RPi conneted to the Google Fiber NetworkBox in my laundry room that is.

If you have SSH access to any home server, you can do this too.

SSH Dynamic Port Forwarding (SOCKS5 Proxy)

Don't get confused. Don't freak out. It's deceptively simple.

Here's what you do:

ssh -ND <network interface>:<foo port> <username>@<your home server>

Example:

ssh -N -D localhost:9999 aj@coolaj86.com

If you wanted other people on your current network to be able to use your proxy as well, you'd need to change localhost to one of the results of ifconfig:

ssh -N -D localhost:9999 aj@coolaj86.com

In short:

• -N don't actually login, just open the ports
• -D dynamic port forward (SOCKS) on the specified local interface and port

In Full:

     -N      Do not execute a remote command.  This is useful for just for-
             warding ports (protocol version 2 only).

     -D [bind_address:]port
             Specifies a local ``dynamic'' application-level port forwarding.
             This works by allocating a socket to listen to port on the local
             side, optionally bound to the specified bind_address.  Whenever a
             connection is made to this port, the connection is forwarded over
             the secure channel, and the application protocol is then used to
             determine where to connect to from the remote machine.  Currently
             the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
             as a SOCKS server.  Only root can forward privileged ports.
             Dynamic port forwardings can also be specified in the configura-
             tion file.

             IPv6 addresses can be specified by enclosing the address in
             square brackets.  Only the superuser can forward privileged
             ports.  By default, the local port is bound in accordance with
             the GatewayPorts setting.  However, an explicit bind_address may
             be used to bind the connection to a specific address.  The
             bind_address of ``localhost'' indicates that the listening port
             be bound for local use only, while an empty address or `*' indi-
             cates that the port should be available from all interfaces.

Configure Firefox for SOCKS5

Firefox -> Preferences
Advanced -> Network
Connection -> Settings

Manual proxy configuration:

SOCKS Host: localhost
Port: 9999
SOCKS v5

Check your IP address

It's fun to do this both before and after.

Choose from any of these fine services (listed from simplest to most obnoxious):

• https://coolaj86.com/services/whatsmyip
• http://checkip.dyndns.com/
• http://www.whatsmyip.us/
• http://www.whatsmyip.org/

Now go check in Chrome.

Trippy, huh!?

In Firefox you get your Home's IP address and in Chrome you get your current IP address.

It's cray cray, yo!

Get doing' what you came to do

In my case I headed over to <192.168.1.1> to configure my home router.

In your case you can go play online poker or read the anarchist cookbook - or whatever it was that your work or school network was blocking.

Bonus Material

curl --socks5 localhost:9999 https://coolaj86.com/services/whatsmyip
curl https://coolaj86.com/services/whatsmyip

By AJ ONeal


Did I make your day?
Buy me a coffee  

(you can learn about the bigger picture I'm working towards on my patreon page )

---

---