A lot of work which could be simplified. U use windows too much ;)
$ sudo -i
# iptables -N proxy_allowed
# iptables -A proxy_allowed -s [ALLOWED_IP] -j RETURN
[...]
# iptables -A proxy_allowed -j DROP
# iptables -A INPUT --syn --dport 1080 -j proxy_allowed
# exit
$
$ ssh -g -D 1080 [REMOTE_IP]
no wrapper is required. if u wish to harden the solution use some knocking (or ping with specified packet length and iptables "recent" module) and/or ip-mac association.
socks does not offer much, to redirect dns or udp traffic it is better to use ppp over ssh or vpn (which I consider preferred).. openvpn is free and there is extremally simple windows gui client.
A lot of work which could be simplified. U use windows too much ;)
$ sudo -i
# iptables -N proxy_allowed
# iptables -A proxy_allowed -s [ALLOWED_IP] -j RETURN
[...]
# iptables -A proxy_allowed -j DROP
# iptables -A INPUT --syn --dport 1080 -j proxy_allowed
# exit
$
$ ssh -g -D 1080 [REMOTE_IP]
no wrapper is required. if u wish to harden the solution use some knocking (or ping with specified packet length and iptables "recent" module) and/or ip-mac association.
socks does not offer much, to redirect dns or udp traffic it is better to use ppp over ssh or vpn (which I consider preferred).. openvpn is free and there is extremally simple windows gui client.
take care!
ps. python > perl ;P
Comment Responses
100% agree... "-D 1080" is all what you need. I like to add -p 443 to in order to make the SSH traffic less visible ;)
Then to avoid DNS leaks under Firefox, just make sure to set the two following variables to 1 under about:config.
network.proxy.network.proxy.socks_remote_dns = 1
network.proxy.socks_remote_dns = 1
When I Wireshark the above config I can only see HTTPS traffic even when typing non-working URLs.
Reply To This Comment