# I need a proxy!

## curmudgeon

As more and more sites have started to use geographic information, while traveling, I frequently find myself increasingly unable to: a) use certain financial websites, b) view media restricted to certain countries.

I would like to install a proxy server on a home machine so that I can access it while on the road. I obviously want to restrict the proxy server to only accept connections from me (definitely using ssh and preferably with a certificate).

I don't know anything about setting up and using proxies at all, and I have several questions:

Does a general proxy exist that would work with both web pages and applications like mplayer (to forward connections to media servers)?

Does anyone have any recommendations?

Can someone point to a good (and preferably simple) configuration guide?

----------

## Jointy

http://gentoo-wiki.com/HOWTO_setup_a_home-server#Squid

or

www.squid.org

This does help...

j0inty.sL

----------

## Voltago

You already have one: openssh. You just need sshd running at home. When away, contact it with

```
ssh -NfD 1080 user@address.of.your.server
```

This opens a SOCKS proxy on localhost:1080 that relays all your traffic via ssh to your server.

----------

## curmudgeon

 *Voltago wrote:*   

> 
> 
> ```
> ssh -NfD 1080 user@address.of.your.server
> ```
> ...

 

Seems simple enough. :) So sshd will automatically forward my requests, or do I need to configure anything special?

How do I set up something like Konqueror? Enable Proxy? Enable SOCKS support? Both?

----------

## Beju

Of course enabling proxy is required  :Smile:  Hmm, I think SOCKS should be also enabled (I've never used the Konqueror  :Smile:  ), but on the other hand my 'version' of Internet Explorer doesn't work with that. You should set Your proxy to 127.0.0.1:1080 (if You used Voltago example), sometimes "http://127.0.0.1:1080" is required. For applications without proxy support env variables [http|https|ftp|etc...]_proxy env variables might come in handy.

----------

## Hu

One caveat applies to the solutions posted so far: all of them assume that the applications you want to use are aware of proxies and will fully obey them.  Depending on the applications involved, you may be better off using a full blown VPN.  ssh has support for that too, via the TUN/TAP options.  You could also use OpenVPN (SSL vpn; see also OpenVPN primer) or OpenSwan (IPsec vpn).

----------

## curmudgeon

I can't get it to work yet.

First of all, do applications have to have specific SOCKS support (instead of just proxy support)? It seems that KDE (meaning any KDE application) won't work with this setup. If I understood what I read, KDE needs a separate SOCKS client.

Likewise, Opera (notoriously) has no SOCKS support.

----------

## Voltago

 *curmudgeon wrote:*   

> First of all, do applications have to have specific SOCKS support (instead of just proxy support)?

 

Yes (if you want to use openssh).

 *curmudgeon wrote:*   

> It seems that KDE (meaning any KDE application) won't work with this setup. If I understood what I read, KDE needs a separate SOCKS client.

 

KDE supports SOCKS, there is a 'SOCKS' section in KControl->Network->Proxy.

For applications without explicit SOCKS support, have a look at net-proxy/dante.

----------

## xbmodder

I'd say use openvpn. When you add a tunnel setup a route for your house through your default GW, and for default through your home's GW.

----------

## Voltago

 *xbmodder wrote:*   

> I'd say use openvpn.

 

If it's only for web-browsing and mail, openvpn is overkill IMO.

----------

## MiXi-IL

Assuming you travel with a Linux laptop, you can install there a software called tsocks:

```

emerge tsocks

```

tsocks is used to tunnel all network traffic of a program invisibly through your socks server (which, as mentioned before can be opened using ssh)

Configuration isn't much of a burden:

You have an example file in /etc/socks, there you can see how to config it. Actually, because configuration is 3 lines I show it here:

In my gentoo box I open the following in a seperate console (and keep it alive). I randomly chose port 2021 to be the SOCKS port.

```

ssh -D2021 my.proxy.server -l myuser

```

The configuration file in /etc/socks/tsocks.conf matches that port number:

```

# local address -> this is for local access, bypass tunneling. Put your IP/subnet here.

local = 100.100.100.0/255.255.255.0

# Otherwise we use the server

server = 127.0.0.1

server_port = 2021

```

Usage is easy:

```

tsocks firefox

```

Have fun.

----------

## curmudgeon

 *Voltago wrote:*   

> KDE supports SOCKS, there is a 'SOCKS' section in KControl->Network->Proxy.

 

Yes, but it asks which socks implementation you have installed (NEC or Dante). That suggests to me (not that I know anything about this) that it won't work without one of those.

----------

## Voltago

 *curmudgeon wrote:*   

>  *Voltago wrote:*   KDE supports SOCKS, there is a 'SOCKS' section in KControl->Network->Proxy. 
> 
> Yes, but it asks which socks implementation you have installed (NEC or Dante). That suggests to me (not that I know anything about this) that it won't work without one of those.

 

NEC SOCKS is the standard SOCKS and implemented by ssh.

----------

## curmudgeon

It works great with Pidgin (which has built in SOCKS support).

But I still can't get it to work with anything KDE. In Konqueror, I went to the SOCKS tab, and clicked on "Enable SOCKS support," then selected "NEC SOCKS."

On the proxy tab, I selected "Manually specify the proxy settings," and entered localhost (port 1080) in the HTTP field.

But I keep getting:

```
An error occurred while loading http://any.site:

Connection to host any.site is broken.
```

Can somebody tell me how to get this to work with Konqueror? Thanks.

----------

## curmudgeon

Still need help with this. Thanks.

----------

## Basin

I've just being trying to do the same, firewalled access to my university network has been making my kde apps crash randomly when they try and use the network, because the connections never seem to timeout or close.

Anyway, the point is I've eventually sorted it out by installing privoxy, dante and ssh, using ssh to connect to a shell server on my university network, which has a real ip address of its own, then connecting both privoxy and dante through the ssh socks tunnel. Then I told konq to use privoxy as its http proxy and dante for socks, and everything's rosy again. I'm not sure why konq refuses to use socks for http connections.

btw to route privoxy through socks, go down to the forwarding section in /etc/privoxy/config and uncomment the line that says something like 'forward-socks4 .......' and change the ip address/port to the appropriate values.

If anyone is interested in an init script to automatically set up the tunnel, I have one.

----------

## enigma128

 *Voltago wrote:*   

> You already have one: openssh. You just need sshd running at home. When away, contact it with
> 
> ```
> ssh -NfD 1080 user@address.of.your.server
> ```
> ...

 

Thanks man, I just ran a search and this was exactly what I was looking for.

I used to do this via Bitvise Tunnelier on WinXP.

What command would I issue to close this connection properly if it was sent to the background (other than hard killing the process)?

----------

