I have been tunneling all of my web traffic over an encrypted SSH connection for some time now. Considering the fact that I travel a lot, I’m very regularly on untrusted, insecure networks. I prefer to secure those connections (web, IM, email, etc) by creating an encrypted SSH connection and pushing the traffic through it. Today I also found a method for also pushing DNS requests through the same tunnel. This ensures total privacy between yourself and the SSH Server.
Step 1: Creating the Tunnel
Creating this private connection you’ll need a remote SSH server to connect to. Mine runs at home in my garage on an old Pentium III 500MHz box (yeah, the kind most people threw away long, long ago!). I connect to this tunnel using:
ssh -D 8080 -fN user@server
This creates a SOCKS compatible proxy, which is a requirement of the DNS forwarding. Other methods on the interwebs suggest using ssh -L or similar, which are not SOCKS compatible proxies.
Step 2: Forwarding DNS
If you’d like to also forward your DNS requests (ie; the site addresses you type into your browser), you’ll need to change a setting in Firefox. This can be done by accessing the address about:config, and entering this string into the configuration:
network.proxy.socks_remote_dns
Change this value to “true”.
Step 3: Using the Tunnel
The last step is to configure your browser to use these new settings. In Firefox 3 (I hope you’ve upgraded by now), you can activate/toggle these settings via:
Edit > Preferences > Advanced > Network > Settings
Select “Manual Proxy Configuration” and add localhost to the “SOCKS Host:” field, followed by port 8080 (assuming you’ve used the port in the example above).
This will then forward your web traffic through the SSH tunnel and DNS requests will also be forwarded.
You may want to check out the FoxyProxy plugin for a simpler way of toggling this on & off.
To deactivate the tunneling and use the local DNS again simply revert Step 3 back to “Direct Connection to the Internet”.