How to Run Your Own SOCKS Proxy Server

Run your own SOCKS5 proxy server on Windows/Mac/*nix with nothing but SSH. Access restricted web sites, use instant messenger, ftp, and other protocols from school/work by leveraging your cable/DSL connection at home!

Who is this tutorial for?

1. This tutorial is for the person who needs to access restricted web sites, use instant messenger, ftp, and other protocols from a location with a restricted internet connection (e.g., work, school)
2. You should be comfortable using SSH
3. You should have a decent understand of the internet and networks in general
4. You should know what a proxy is (see About Proxy Servers if you don't).

Prerequisites

1. An unrestricted internet connection. Perhaps you have this at home (instead of school/work) or at a friend's house.
2. A computer which you can leave turned on while you're at school, work, or wherever the restricted internet connection is.
3. ssh. If you are using linux, os/x, unix, debian, freebsd, or any variant of these, ssh is already installed. If you're using Windows, download cygwin or copSSH.

Let's begin.

1. From a command prompt, run this command on the linux/unix/osx computer with the unrestricted internet connection:
   ssh -D8080 -g www.paypal.com
   The -D option starts ssh as a SOCKS server listening on port 8080. It also enables port forwarding so that any connection made to port 8080 is forwarded to its actual destination host and port. The www.paypal.com does nothing here; ssh examines the application protocol of the inbound connection to determine the ultimate destination of the connection. The -g option allows remote hosts to connect. Without this option, only connections to port 8080 from localhost would be allowed. See the ssh man page for more info.
2. If your IP address is in one of these ranges:
   • 10.0.0.0 - 10.255.255.255
   • 172.16.0.0 - 172.31.255.255
   • 192.168.0.0 - 192.168.255.255
   you are most likely behind a router using NAT addressing. If so, configure port forwarding on your router to forward the port you chose in the previous step to the NAT'd IP address of the PC which will run ssh (e.g., 198.168.x.x).

Selecting a Port For Your Proxy Server

In the example above, our proxy server is listening on port 8080. Here are some tips to consider when selecting a port:

• If this proxy server will be running on a residential cable/DSL connection, many ISPs prevent inbound connections to residential connections on ports 80 and 25 as well as others. Make sure you choose a listening port for ssh that isn't blocked by your ISP. To find out which inbound ports your ISP prevents connection to, find the FAQ for your ISP at http://www.dslreports.com/faqnew.
• If you will be connecting to this proxy server from a corporate environment, be aware that some corporate firewalls only permit outbound connections on a few ports to machines outside their firewall. Often outbound ports 21, 23, 80, and 443 are permitted because they are typically used for FTP, telnet, HTTP, and SSL, respectively.

Configuring FoxyProxy to Use Your Proxy Server

Finally, you must install and configure FoxyProxy on the computer with restricted internet access.

1. Create a new proxy definition by clicking the "Add New Proxy" button on the FoxyProxy Options dialog [screenshot].
2. Enter a name and optionally, notes, on the General tab [screenshot]. For example, under name you might enter "My Home Proxy" and under notes, "SOCKS5 proxy running at home"
3. On the Proxy Details tab [screenshot], select "Manual Proxy Configuration". In the SOCKS proxy field, enter the IP address or domain name of the machine on which you installed Antinat. If your ISP periodically changes your IP address as many cable/dsl ISPs do, read this below.
4. In the port field, enter the port on which you configured ssh to listen (8080 in step #1)
5. Leave all other fields on the Proxy Details tab blank.
6. On the Patterns tab [screenshot], enter patterns which match blocked URLs at your school/place-of-business. You can read more about patterns here.
7. Change FoxyProxy from disabled to Use proxies based on their pre-defined patterns and priorities.
8. Surf the web. Whenever a URL to which you browse matches one of the patterns* you've defined, the associated proxy is used to load that URL.

* Providing (1) FoxyProxy is set to "Use proxies based on their pre-defined patterns and priorities" and (2) there is no blacklist pattern defined for that URL.

What if my unrestricted internet connection has a dynamic IP address?

If your ISP periodically changes your IP address as many cable/dsl ISPs do, get a free No-IP or DynDNS account. These services grant you a free domain name; for example, myproxy.bounceme.net. You run client software on your PC which "phones home" to DynDNS/No-IP every 30 minutes, informing them of your current IP address. Note that many modern consumer-oriented routers from Linksys, Netgear, D-Link, etc. have this software built-in so you don't need to run a client on your PC.

Other Tutorials