[Howto] Dynamic port-forwarding (SOCKS proxy/SSH tunnel)
Posted: Mon Apr 14, 2014 5:58 pm
So I just noticed that the latest release of Remoter 4.6.01 adds support for the SSH module to do dynamic port-forwarding. What this adds is the ability to open an ssh tunnel to a remote server and have have it act as a SOCKS proxy -- in effect, giving you a pseudo-VPN.
What can you do with this?
Say you have an OpenSSH server (with tcpfowarding enabled), you can now use Remoter's SSH module to open a tunnel using 'D:127.0.0.1:8080' and have it act as a SOCKS proxy. You could then, for example, use a web-browser and set it to point to the SOCKS proxy and access internal resources that lies behind the OpenSSH server.
This is a fairly well-known and not-very-new trick in the desktop world. (Google 'putty firefox socks' for more info). However, for some time I've been looking for a way to do this on my iPad. Not many SSH iPad clients supports this dynamic port-forwarding/SOCK feature -- in fact, to Remoter is only the second iOS app I've found that does so.
The next tricky part is finding an iOS browser that has SOCKS proxy support. I've only found one that works:
https://itunes.apple.com/us/app/proxy-b ... 27SBX5E8WU
[This is a non-free app and I have no connection with the developer(s). Found it by chance in the App Store]
Configure this browser's proxy to match the remote tunnel's IP and port (e.g., 127.0.0.1:8080) and you can now browse sites behind your OpenSSH server.
Other notes:
- iCab is another browser that offers SOCKS proxy support, unfortunately it doesn't work with the aforementioned SSH tunnel/proxy setup. (If you know of any others browsers that do, please post your results)
- Will only pass TCP traffic (as that is what OpenSSH tunnels supports)
- The amount of time that Apple will allow a server-process to remain in the background is severely constrained to only a few minutes before having to return to the SSH app (even more so with iOS7, I've heard). As such, this method is likely not as useful as a full-blown VPN, but it still is a nice technique if you need to remote administer systems with a browser and only have SSH access.
- Not sure if this is the appropriate place for a product request but one I wonder if it would be possible to add a builtin web-browser to Remoter that specifically supports the SSH-based SOCKS proxy it creates? That would solve the background timeout issue.
Hope this is useful to someone. Thanks again to Raf for adding this feature.
-Pacco
What can you do with this?
Say you have an OpenSSH server (with tcpfowarding enabled), you can now use Remoter's SSH module to open a tunnel using 'D:127.0.0.1:8080' and have it act as a SOCKS proxy. You could then, for example, use a web-browser and set it to point to the SOCKS proxy and access internal resources that lies behind the OpenSSH server.
This is a fairly well-known and not-very-new trick in the desktop world. (Google 'putty firefox socks' for more info). However, for some time I've been looking for a way to do this on my iPad. Not many SSH iPad clients supports this dynamic port-forwarding/SOCK feature -- in fact, to Remoter is only the second iOS app I've found that does so.
The next tricky part is finding an iOS browser that has SOCKS proxy support. I've only found one that works:
https://itunes.apple.com/us/app/proxy-b ... 27SBX5E8WU
[This is a non-free app and I have no connection with the developer(s). Found it by chance in the App Store]
Configure this browser's proxy to match the remote tunnel's IP and port (e.g., 127.0.0.1:8080) and you can now browse sites behind your OpenSSH server.
Other notes:
- iCab is another browser that offers SOCKS proxy support, unfortunately it doesn't work with the aforementioned SSH tunnel/proxy setup. (If you know of any others browsers that do, please post your results)
- Will only pass TCP traffic (as that is what OpenSSH tunnels supports)
- The amount of time that Apple will allow a server-process to remain in the background is severely constrained to only a few minutes before having to return to the SSH app (even more so with iOS7, I've heard). As such, this method is likely not as useful as a full-blown VPN, but it still is a nice technique if you need to remote administer systems with a browser and only have SSH access.
- Not sure if this is the appropriate place for a product request but one I wonder if it would be possible to add a builtin web-browser to Remoter that specifically supports the SSH-based SOCKS proxy it creates? That would solve the background timeout issue.
Hope this is useful to someone. Thanks again to Raf for adding this feature.
-Pacco