You're viewing a comment by nme and its responses.

May 13, 2010, 12:50

A lot of work which could be simplified. U use windows too much ;)

$ sudo -i
# iptables -N proxy_allowed
# iptables -A proxy_allowed -s [ALLOWED_IP] -j RETURN
# iptables -A proxy_allowed -j DROP
# iptables -A INPUT --syn --dport 1080 -j proxy_allowed
# exit
$ ssh -g -D 1080 [REMOTE_IP]

no wrapper is required. if u wish to harden the solution use some knocking (or ping with specified packet length and iptables "recent" module) and/or ip-mac association.

socks does not offer much, to redirect dns or udp traffic it is better to use ppp over ssh or vpn (which I consider preferred).. openvpn is free and there is extremally simple windows gui client.

take care!

ps. python > perl ;P

Comment Responses

Alphazo Permalink
July 08, 2010, 07:44

100% agree... "-D 1080" is all what you need. I like to add -p 443 to in order to make the SSH traffic less visible ;)

Then to avoid DNS leaks under Firefox, just make sure to set the two following variables to 1 under about:config. = 1
network.proxy.socks_remote_dns = 1

When I Wireshark the above config I can only see HTTPS traffic even when typing non-working URLs.

Reply To This Comment

(why do I need your e-mail?)

(Your twitter handle, if you have one.)

Type the word "cdrom_216": (just to make sure you're a human)

Please preview the comment before submitting to make sure it's OK.