We can set up a socks proxy on top of a SSH tunnel. Besides the common proxy functions, such as web browsing, the proxy on top of SSH tunnel also ensures the security between the browser and the proxy server (the SSH server). In this post, we introduce and explain how to set up a proxy over SSH tunnel and the mechanism of it.

A simple example

Let’s start with a simple example. We can access a sshd server sshd_server and we want to use it as a socks5 proxy server. It is simple by using ssh:

$ ssh -D 8080 username@sshd_server

After that, set the browser such as firefox’s proxy option to use socks5 proxy That’s it!

Then, check whether your IP is from the proxy from the websites’ view: Who am I.


I actually wrote a blog post along these lines a few moments back about setting up a cache-only DNS server for a local network (to resolve DNS locally if possible, instead of query out to public DNS servers).

Fortunately, there’s not a huge difference between this and setting up a public DNS server (more on that below) except you’ll want to have the following instead of what’s listed in the blog post linked above:

options {
// to allow recursive lookup from root name servers if necessary
recursion yes;
// allow any hosts to query BIND; having ‚internal;‘ maps to the acl listed at the top, you can use similar to restrict to certain external IPs if you desire
allowquery {any;}