public socks proxy over SSH

If you want to access the SOCKS proxy from the network, you need SSH to bind its SOCKS proxy to an accessible, external address instead of localhost, which is "local" and doesn't allow any other external connections. Use this command instead:

ssh -ND "*:8080" user@server

Note that I've removed sudo from your command, and I've added the -N flag to the command. sudo is certainly not needed; you only need it if you're opening ports below 1024 (which you shouldn't unless you have good reason). The -N flag makes the SSH session Noninteractive so that you don't have a shell session launched, just a proxy. The -D ":8080" binds the SOCKS proxy to all addresses on the system, including network ones.

As for firewall settings, if you have a recent version of Mac OS X (10.6+), you may also want to open your firewall to your 8080 port. You can use this command to do so:

sudo ipfw add 9999 allow tcp from any to any dst-port 8080

9999 is just a firewall ID number that you can use to identify firewall rules.

Should you decide to stop opening your proxy, this command will close it back up:

sudo ipfw delete 9999

After all of that configuration, if you want your proxy to be available across the Internet, you would then need to follow instructions to set up port forwarding. You can use this guide to configure port forwarding on your router.

HOWEVER... exposing an open proxy over the Internet can cause trouble. Your ISP will probably frown upon this, especially if someone not-so-nice accesses your SOCKS proxy over the Internet. A better solution? Install an OpenSSH server, secure it, and simply log in from the Internet and set up the SOCKS proxy locally. This guide can assist with that.

Happy proxying!

Recommended topics

Hot tags