[kwlug-disc] SSH SOCKS proxy without SSH

unsolicited unsolicited at swiz.ca
Thu Mar 29 01:40:15 EDT 2012

You are talking about http proxies here. For your message, as given, ssh 
is a red herring.

I assume you could find a name (not just ip) aware proxy server, and put 
it on your local ipcop / pfsense / openwrt boxes. Then point all local 
browsers to it.

This gets dodgy with roaming clients, but then they're probably running 
their own OpenVPN client, not passing through your OpenVPN network 
endpoints. So you'd need something 'net nanny' like to locally serve the 
purpose of the internal local net squid server.

Rather like local SUS (Microsoft update) or web caching servers. (Fetch 
your cbc.ca content from it, rather than directly, every time.)

On 03/28/2012 12:17 PM, Paul Nijjar wrote:
> I thought it would be a nice change if I actually asked a question that was
> related to Linux on this list.
> SSH is capable of some magic tunnelling that I don't understand, as
> documented here:
> http://paulstamatiou.com/how-to-surf-securely-with-ssh-tunnel
> The article uses the following magic command:
> ssh -D 8080 -f -C -q -N myuser at myserver.com
> Now localhost:8080 will tunnel all traffic through to myserver.com . I
> then set up the SOCKS proxy fields in my web browser to enforce the
> tunnelling.
> So, two questions:
> 0. What am I looking for if I want to do this without SSH? I am going
> to have clients OpenVPN into the network. I understand that I can
> force ALL traffic to go through the OpenVPN tunnel, but this is not
> actually what I want -- I just want certain traffic proxied.
> 1. Is there a way to have some websites go through the proxy and some
> not? For example, I might want *.cbc.ca to go through the proxy, but
> everything else to be local. Again, it would be preferable if this was
> not via SSH.
> - Paul

More information about the kwlug-disc mailing list