This is a Linode Community guide by author Arnaldo Ariel Arrieta. Write for us and earn $100 per published guide.
Often you may need to browse the web from a public Wi-Fi access point, such as a coffee shop or library, where you do not know the security measures taken by the administrator. Your communications could be snooped on by a malicious user or even by the network owner.
This guide will show you how to establish a secure connection for browsing the web through a tunnel between your computer and your Linode. With this method, you will set up a tunnel between your computer and your Linode. All your web traffic will be encrypted and forwarded from your Linode on to its final destination.
It works by launching a SOCKS proxy server on your computer using SSH. It will listen on a local port and your browser will connect to the web using that service.
If it is disabled, look for the parameter AllowTcpForwarding no in your server's /etc/ssh/sshd_config file, and change it to yes before restarting the service.
The first step is to launch the SOCKS server and establish a connection to your Linode.
From a command line run:
ssh -D 12345 email@example.com
-D 12345 tells SSH to run the SOCKS server on port 12345.
You can choose any port number greater than 1024. Lower numbers could be used but you will need to log in as root, and make sure the port is not in use by another service.
To establish a tunnel in Windows, you can use the free SSH client PuTTY. It can be downloaded from this link.
The last step is to configure your preferred browser to use the SOCKS server you just created. Here the example is for Firefox, but it is similar for all the major browsers.
Before making any changes, a good idea is to take note of the current IP address you are using to connect to the web. Use a website like WhatIsMyIp.com or ifconfig.me, and write down the IP that is shown.
To set up the browser:
Now you can check your IP again. If all is working correctly, you will see that the website will report a new IP address, the one of your Linode.
From this point you can browse the web using your tunnel. When you finish, turn off the tunnel by logging off from your remote server (the Linux or Mac OS X console or PuTTY session you opened before). Note that you will need to set Firefox back to the No proxy setting as well. There are several plugins that can perform this task quickly for you, including this one.
Keep these considerations in mind when you use SSH tunneling.
Although your web traffic will be encrypted and forwarded, your DNS requests will not. The DNS queries will be done on the public network, and then the web request will be forwarded to the secure tunnel. You can fix that in Firefox, and make it send the DNS traffic to your tunnel as well.
- Open Firefox. Type about:config in the Location Bar to display the browser's preferences.
- To be able to edit these settings, click the button I'll be careful, I promise.
- In the Search bar type network.proxy.socks_remote_dns and press Return.
- You will see that the default value for that preference is false.
- Double click network.proxy.socks_remote_dns to change its value to true. The whole line will change to bold text, and the status column to user select, indicating you modified its default value.
- Leave the about:config window by typing any URL in the location bar or closing Firefox.
If the access to SSH is blocked in the public network you are using, it will not be possible to establish the tunnel. A workaround for this is to run your SSH server on a different port, more likely to be open; for example port 80 (HTTP).
If you are already in a public network that blocks your access to SSH, to edit the server settings you can use the Linode Shell from the web (More info: https://library.linode.com/using-lish-the-linode-shell#sph_using-a-web-browser).
Sometimes, the traffic through the tunnel could be a bit slower than browsing the web without it; but remember, it's a small price to pay when your privacy is at risk.
This is a simple and quick way to establish a secure connection for web browsing, a kind of “poor man's VPN” solution.
If you often access the web using untrusted public networks or if you need to secure other applications and not just the browser, then this method will fall short and you will need to set up a VPN on your server. Take a look at one of the Linode Library's OpenVPN guides for instructions about that topic.
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This guide is licensed under a Creative Commons Attribution-NoDerivs 3.0 United States License.
Last edited by Sharon Campbell on Monday, February 17th, 2014 (r4260).