Sometimes it’s useful to tunnel all web traffic over SSH, without having to start Firefox on a remote computer. For example, to work around network monitoring or snooping, or to avoid badly configured routers on the Internet. If you can change the settings on your web browser, you can probably use SSH to circumvent these filters.

SOCKS is a protocol is used by some proxy servers. The SOCKS protocol allows a client (such as a web browser) to ask a server to download a file for it, rather than downloading the file directly. Most SSH clients can act as a SOCKS proxy server, securely tunnelling requests through your SSH session, making an ordinary (insecure) web request from your Ubuntu computer.

Using the command-line SSH client, you should activate SOCKS by doing:
ssh -C -D 1080 user@host

-D refers to Dynamic port forwarding, and 1080 is the standard SOCKS port. You can use a different port if you prefer, but you should choose a port in the range 1024 to 49151, inclusive.

-C enables Compression, which speeds the tunnel up when proxying mainly text-based information (like web browsing), but can slow it down when proxying binary information (like downloading files).

There is also a brief discussion in the PuTTY manual page about how to get PuTTY to act as a SOCKS proxy server.

Once you have set your SOCKS proxy up, your applications can use a SOCKS proxy on the computer you are connecting from. For example, in Firefox:

  • go to Edit -> Preferences -> Advanced -> Network -> Connection -> Settings…
  • check “Manual proxy configuration”
  • make sure “Use this proxy server for all protocols” is cleared
  • clear “HTTP Proxy”, “SSL Proxy”, “FTP Proxy”, and “Gopher Proxy” fields
  • enter “127.0.0.1″ or “localhost” for “SOCKS Host”, and “1080″ (or whatever port you chose) for Port.

You can also set Firefox to use the DNS through that proxy, so even your DNS lookups are secure:

  • Type in about:config in the Firefox address bar
  • Find the key called “network.proxy.socks_remote_dns” and set it to true

The SOCKS proxy will stop working when you close your SSH session. You will need to change these settings back to normal in order for your browser to work again.

Here is video tutorial of using SSH dynamic port forwarding and a SOCKS proxy (port 7777) to browse securely with HTTP traffic encrypted within a SSH tunnel. Useful if you have access to a SSH server and are using web browsers in an unsafe environment eg cafes, airports etc.