Skip to content

Instantly share code, notes, and snippets.

Created February 14, 2020 09:08
Show Gist options
  • Save rwb27/e71a197d60a1e71b76e760ab84115b6a to your computer and use it in GitHub Desktop.
Save rwb27/e71a197d60a1e71b76e760ab84115b6a to your computer and use it in GitHub Desktop.
Internet access for a Raspberry Pi on a hidden network

Setting up a SOCKS proxy on a Raspberry Pi

My problem: I have a bunch of Raspberry Pi computers, all connected via a network switch and USB ethernet port to a "gateway" Raspberry Pi. However, I don't particularly want them all to be internet-connected all of the time, because (1) it's possible there is a slight security risk and (2) my IT folk at work might not like it. OK, I should also mention (3) I tried and failed to get NAT and dnsmasq to work, and don't have time to finish debugging it.

My solution: I SSH in to my "gateway" Pi (is it ok to call it a gateway even though it's resolutely failing to route any traffic? Never mind...), and from there I can connect to my hidden Pi(s), let's say for arguments sake it's called hiddenpi.local.

ssh pi@hiddenpi.local

Now, I can SSH back again, setting up a SOCKS proxy:

ssh  -D 8123 -f -C -q -N myusername@gatewaypi.local

This will ask for a password and then look like it quits - it's still running in the background, though. You can check it's working with:

curl --socks5-hostname localhost:8123

You can then add the proxy to APT's settings to allow you to install stuff. Create a new config file with:

sudo bash -c "echo 'Acquire::http::Proxy "socks5h://localhost:8123/";' > /etc/apt/apt.conf.d/99socksproxy"

Or you can do it manually by first making a file:

sudo nano /etc/apt/apt.conf.d/99socksproxy

then entering the following line:

Acquire::http::Proxy "socks5h://localhost:8123/";

NB the socks5h matters - without the h it will fail on DNS resolution, unless you've done a better job than me of proxying that!

You can then install the tsocks utility, which allows you to forward anything you like through the socks proxy:

sudo apt-get update
sudo apt-get install tsocks

Edit /etc/tsocks.conf and make sure you specify at least the server type (5), server address (, and port (8123).

Copy link

eabase commented Nov 27, 2020

cool. thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment