How to easily forward Firefox traffic through an SSH tunnel

Say you are travelling, or are at a neighbourhood coffee shop, using whatever unsecured WiFi network they make available. You could either:

  1. trust that no one is sniffing your web traffic, capturing passwords, e-mails, IMs, etc.
  2. trust that no one is using more sophisticated methods to trick you into thinking that you are secure (i.e. man in the middle attack)
  3. route your Internet traffic through a secure tunnel to your home PC before going out onto the web, protecting you from everyone at your current location

which would you choose?

VPNs and SSH tunnels are actually a relatively easy means for you to be more secure while browsing the Internet from potentially dangerous locations. There are many, many different ways for you to do this but I find using a Linux PC that is running on your home network to be the easiest.

  1. Configure your home Linux PC. Install ssh (and sshd if it is separate). If you are using Ubuntu this is as easy as running the following command: sudo apt-get install ssh
  2. Sign up for a free DNS service like DynDNS so that you know of a web address that always points to your home Internet connection. To do this follow the instructions at the service you choose.
  3. On your laptop (that you have taken with you to the hotel or coffee shop) connect to your home PC’s ssh server. If you are on Windows you will need to get a program like PuTTY. See their documentation on how to forward ports. On Linux you can simply use the ssh command. The goal is to forward a dynamic port to the remote ssh server. For instance if you are using a Linux laptop and ssh then the command would look something like: ssh -D [dynamic port] [user]@[home server] -p [external port number – if not 22]. An example of one would be ssh -D 4096 -p 4000
  4. In your browser open the networking options window. This will allow you to tell the browser to forward all of its traffic to a proxy, which in this case, will be our dynamic port that we set up in step 3. Here is an example of my configuration for the example above.
    If you don’t feel awesome enough doing the above graphically you can also browse to “about:config” (without quotes) and set the following values:

    • network.proxy.proxy_over_tls
      • true
    • network.proxy.socks
      • Change to “” with no quotes
    • network.proxy.socks_port
      • Change to the SSH Tunnel Local Port set above (4096)
    • network.proxy.socks_remote_dns
      • Change to true
      • Note: you cannot actually set this setting graphically but it is highly recommended to configure this as well!
    • network.proxy.socks_version
      • Change to 5
    • network.proxy.type
        Change to 1
  5. Browse normally.

You are now browsing the Internet by routing all of your traffic (in Firefox) securely through your home PC. Note that this doesn’t actually make web browsing any more secure beyond protecting you from people in your immediate vicinity (i.e. connected to the same insecure WiFi network).

One thought on “How to easily forward Firefox traffic through an SSH tunnel

  1. One setting you may want to tweak for privacy (and other, technical) purposes is the network.proxy.socks_remote_dns property in Firefox’s about:config page. This forces DNS requests to go out over the SOCKS proxy specified with these instructions, rather than using, say, your corporate or Windows default nameservers. I find this useful not for escaping corporate filters, but for specific upstream DNS resolution. For example, my home network might have a “home.local” zone defined; this way I can use “router.home.local” or “torrentbox.home.local” and get directed to the right IP address.

    Easiest way I’ve found to flip this setting is going to about:config in the Firefox address bar, agreeing that you won’t break anything or kill someone’s cat, then type “proxy” in the filter box. Double-click “network.proxy.socks_remote_dns” and it should become bold and indicate that it is now set to true.

Comments are closed.