Totally Random Musings from the Edge

Surf the web via a secure tunnel

12 July 2007

This article will take 3 minutes to read

On occasion you may find yourself developing a site for a client who during the development phase will limit access to the site to a certain set of IP Addresses. This can be a real pain to deal with if your local IP is always changing.

To deal with this I always get the client to grant access to the damagestudios.net IP address (which is fixed and located in a cage in Santa Clara)

I then create a secure ssh tunnel and configure either Firefox or Camino to use the damagestudios.net site as a proxy.

Here’s what you need to accomplish this:

  • openSSH client (OS X has this built in)
  • access to an openSSH server
  • 10 minutes </ul> First you need to create the tunnel. We need to know the name or IP address of the server you will be tunneling to, as well as your login name and password on that server. For the example I'm using my information, you'll need to replace the username and servername with your information Now fire up terminal or iTerm and enter the following into your terminal window. ssh -D 8080 -f -C -q -N fusion94@damagestudios.net You will then be prompted for your password, which you should enter. Your ssh tunnel is now in place. Here's a quick overview of what those switches mean: -D 8080: This basically does a lot of dynamic stuff and makes it behave as a SOCKS server. Of course you could use any non privileged port here (above 1023). -f: This will fork the process into the background after you type your password. -C: Turns on compression. -q: Quiet mode. Since this is just a tunnel we can make it quiet. -N: Tells it no commands will be sent. (the -f will complain if we don’t specify this). So now that the tunnel is made we will need to configure Firefox or Camino to use this tunnel. To do this open Firefox or Camino and type the following into the address bar: about:config This will bring up quite a bit of options but you can use the Filter: bar to filter out some of the results. To do this type in proxy into the filter bar. There are 6 line items we need to deal with.
    • network.proxy.no_proxies_on : localhost,,, .damagestudios.net
    • network.proxy.socks :
    • network.proxy.socks_port : 8080
    • network.proxy.socks.remote_dns : true
    • network.proxy.socks_version : 5
    • network.proxy.type : 1 </ul> For the example I'm using my information, you'll need to replace the .damagestudios.net with your information Once you made these changes you are set. You can confirm that you are serving from the fixed IP address by going to What is my IP. If you ever need to verify that the tunnel is up all you need to do is enter this into the terminal. ps -aux | grep ssh You should see a line similar to this: fusion94 499 0.0 -0.1 29424 2576 ?? Ss 8:31AM 0:03.01 ssh -D 8080 -f -C -q -N damagestudios.net There’s a lot more that can be done from here such as configuring things on the server for keeping the connection alive. You could also setup your server to allow a key based login so you could have your tunnel open when you start up your computer. Regardless that's a blog posting for another day.